diff --git a/common/zod/schemas.ts b/common/zod/schemas.ts index 7a25805c..0ac20696 100644 --- a/common/zod/schemas.ts +++ b/common/zod/schemas.ts @@ -78,7 +78,7 @@ export const DaySchema = z.enum([ "other", ]); -export const PeriodSchema = z.number().min(0).max(6); +export const PeriodSchema = z.coerce.number().min(0).max(6); export const SlotSchema = z.object({ day: DaySchema, diff --git a/server/src/firebase/auth/lib.ts b/server/src/firebase/auth/lib.ts index dd973edd..fdf4b12b 100644 --- a/server/src/firebase/auth/lib.ts +++ b/server/src/firebase/auth/lib.ts @@ -10,7 +10,7 @@ type DecodedIdToken = admin.DecodedIdToken; // REQUIRE: cookieParser middleware before this // THROWS: if idToken is not present in request cookie, or when the token is not valid. export async function getGUID(c: Context): Promise { - const idToken = c.req.query("token"); + const idToken = c.req.header("Authorization"); if (typeof idToken !== "string") error("token not found in query", 401); return await getGUIDFromToken(idToken); } diff --git a/test/server.spec.ts b/test/server.spec.ts index 6c4b842b..ded40ce1 100644 --- a/test/server.spec.ts +++ b/test/server.spec.ts @@ -29,7 +29,11 @@ test("/users/exists", async () => { test("basic auth", async () => { let res = await GET("/users/me"); expect(res.status).toBe(401); - res = await GET(`/users/me?token=${MOCK_TOKEN}`); + res = await GET("/users/me", { + headers: { + Authorization: MOCK_TOKEN, + }, + }); expect(res.status).toBe(200); const json = await res.json(); expect(json.name).toBe("田中太郎"); @@ -42,15 +46,27 @@ test("send request", async () => { res = await PUT("/requests/send/102"); expect(res.status).toBe(401); - res = await GET(`/users/pending/from-me?token=${MOCK_TOKEN}`); + res = await GET("/users/pending/from-me", { + headers: { + Authorization: MOCK_TOKEN, + }, + }); expect(res.status).toBe(200); expect(await res.json()).toSatisfy((s) => s.length === 0); // starting actual request - res = await PUT(`/requests/send/102?token=${MOCK_TOKEN}`); + res = await PUT("/requests/send/102", { + headers: { + Authorization: MOCK_TOKEN, + }, + }); expect(res.status).toBe(201); - res = await GET(`/users/pending/from-me?token=${MOCK_TOKEN}`); + res = await GET("/users/pending/from-me", { + headers: { + Authorization: MOCK_TOKEN, + }, + }); expect(await res.json()).toSatisfy( (s) => s.length === 1 && s[0].name === "山田花子", ); diff --git a/web/api/internal/fetch-func.ts b/web/api/internal/fetch-func.ts index 99daf7e0..69663bd5 100644 --- a/web/api/internal/fetch-func.ts +++ b/web/api/internal/fetch-func.ts @@ -8,10 +8,11 @@ export async function uploadImage(path: string, file: File): Promise { if (file.size >= MAX_IMAGE_SIZE) { throw new Error("画像のアップロードに失敗しました: 画像が大きすぎます"); } - const res = await fetch(`${path}?token=${await getIdToken()}`, { + const res = await fetch(path, { method: "POST", headers: { "Content-Type": "image/png", + Authorization: await getIdToken(), }, body: file, }); diff --git a/web/firebase/auth/lib.ts b/web/firebase/auth/lib.ts index 1cae6c90..78b12cc7 100644 --- a/web/firebase/auth/lib.ts +++ b/web/firebase/auth/lib.ts @@ -34,20 +34,18 @@ export async function credFetch( path: string, body?: unknown, ): Promise { - let idToken = await getIdToken(); + const idToken = await getIdToken(); const init: RequestInit = { method }; if (body) { init.body = JSON.stringify(body); init.headers = { "Content-Type": "application/json", + Authorization: idToken, + }; + } else { + init.headers = { + Authorization: idToken, }; } - let res = await fetch(`${path}?token=${idToken}`, init); - - if (res.status === 401) { - idToken = await getIdToken(); - res = await fetch(`${path}?token=${idToken}`, init); - } - - return res; + return await fetch(path, init); }