update: admin decode token flow

[nevil-mathew]

Summary by CodeRabbit

• Bug Fixes
  • Improved authentication middleware logic for admin authorization flow and token handling to ensure consistent credential assignment and proper middleware chain execution.

[coderabbitai]

Walkthrough

The authenticator middleware was modified to add an explicit early return in the admin path and introduce a redundant assignment of req.decodedToken, with the variable assignment moved outside an else block while duplicated inside.

Changes

Cohort / File(s)	Summary
Authenticator middleware modifications src/middlewares/authenticator.js	Added explicit return next() in admin branch for early middleware continuation; moved req.decodedToken assignment outside else block with duplicate assignment remaining inside

Sequence Diagram

sequenceDiagram
    participant Request
    participant Authenticator
    participant NextMiddleware

    Note over Authenticator: Old Flow
    Request->>Authenticator: incoming request
    Authenticator->>Authenticator: decode token
    alt isAdmin
        Authenticator->>Authenticator: apply header overrides
        Authenticator->>Authenticator: check permissions
        Authenticator->>NextMiddleware: next()
    else not admin
        Authenticator->>Authenticator: set req.decodedToken
        Authenticator->>NextMiddleware: next()
    end

    Note over Authenticator: New Flow
    Request->>Authenticator: incoming request
    Authenticator->>Authenticator: decode token
    Authenticator->>Authenticator: set req.decodedToken (moved)
    alt isAdmin
        Authenticator->>Authenticator: apply header overrides
        Authenticator->>NextMiddleware: return next() (early exit)
    else not admin
        Authenticator->>Authenticator: set req.decodedToken (duplicate)
        Authenticator->>NextMiddleware: next()
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

The change is contained to a single file with straightforward logic modifications, but requires attention to verify the early return doesn't unintentionally skip necessary permission checks and to assess whether the redundant assignment is intentional or an oversight.

Poem

🐰 Hops through the middleware with glee,
Early returns set admins free,
Though tokens assigned twice—quite the quirk,
The flow's now faster, if it still works!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly describes the main change to the admin token decode flow within the authentication middleware and directly reflects the modifications in the pull request. It is concise, clear, and specific enough for a reviewer to understand the primary update at a glance.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch auth-fix

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c424b1d and e27a9de.

📒 Files selected for processing (1)

• src/middlewares/authenticator.js (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

src/middlewares/**

⚙️ CodeRabbit configuration file

This is security-sensitive middleware. Scrutinize for potential vulnerabilities.

Files:

• src/middlewares/authenticator.js

🧬 Code graph analysis (1)

src/middlewares/authenticator.js (2)

src/services/account.js (1)

• decodedToken (888-888)

src/services/user-sessions.js (1)

• decodedToken (264-264)

🔇 Additional comments (1)

src/middlewares/authenticator.js (1)

260-260: Assignment required for admin early return.

This assignment is necessary because admin users now return early at line 266 and would never reach the assignment at line 300. The placement ensures req.decodedToken is properly set before continuing to the next middleware.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}