Fix bug where v0.6.0 migration would break data when cloning an outdated repo

Author: MaddyGuthridge

src/lib/server/auth/tokens.ts

@@ -88,6 +88,12 @@ export async function validateToken(token: string): Promise<Infer<typeof JwtPayl
     // Token data format is incorrect
     throw Error('Token data is in incorrect format');
   }
+  // Ensure the user ID exists
+  if (!(data.uid in config.auth)) {
+    // console.log(config.auth);
+    // console.log(data);
+    throw Error('This session does not map to a valid user');
+  }
   // Ensure that the session isn't in our revoked list
   if (data.sessionId in config.auth[data.uid].sessions.revokedSessions) {
     throw Error('This session has been revoked');
@@ -137,6 +143,7 @@ export async function validateTokenFromRequest(req: { request: Request, cookies:
     error(401, 'A token is required to access this endpoint');
   }
   const data = await validateToken(token).catch(e => {
+    console.log(e);
     // Remove token from cookies, as it is invalid
     req.cookies.delete('token', { path: '/' });
     error(401, `${e}`);

src/lib/server/data/migrations/v0.5.0.ts

@@ -12,6 +12,7 @@ import { moveLocalConfig, updateConfigVersions } from './shared';
 import { unsafeLoadLocalConfig } from './unsafeLoad';
 import { setLocalConfig } from '../localConfig';
 import { authIsSetUp } from '../dataDir';
+import semver from 'semver';
 
 export default async function migrate(dataDir: string, privateDataDir: string) {
   await moveLocalConfig(dataDir, privateDataDir);
@@ -25,6 +26,11 @@ async function updateLocalConfig(privateDataDir: string) {
   // Too lazy to make this type-safe
   const config = await unsafeLoadLocalConfig(privateDataDir) as any;
 
+  // If local config version is already v0.6.0 or greater, do nothing
+  if (semver.gte(config.version, 'v0.6.0')) {
+    return;
+  }
+
   config.keyPath = null;
 
   const userInfo = config.auth;