fix: fix authHeader without cookie-parser middleware

aloisklink · web-flow · commit 9e1b504328d0 · 2024-10-28T18:47:41.000+09:00
[express-openapi-validator v5.8.3][1] and 00d070b (fix: add cookie support for HTTP bearer authentication (cdimascio#949), 2024-10-27) breaks HTTP bearer authentication when the `cookie-parser` middleware is not present (and therefore `req.cookies` is not present). [1]: https://github.com/cdimascio/express-openapi-validator/releases/tag/v5.3.8 Fixes: 00d070b
diff --git a/src/middlewares/openapi.security.ts b/src/middlewares/openapi.security.ts
@@ -232,8 +232,9 @@ class AuthValidator {
       const authHeader =
         req.headers['authorization'] &&
         req.headers['authorization'].toLowerCase();
+      // req.cookies will be `undefined` without `cookie-parser` middleware
       const authCookie =
-        req.cookies[scheme.name] || req.signedCookies?.[scheme.name];
+        req.cookies?.[scheme.name] || req.signedCookies?.[scheme.name];
   
       const type = scheme.scheme && scheme.scheme.toLowerCase();
       if (type === 'bearer') {
@@ -289,4 +290,4 @@ class Util {
       o.constructor === Object
     );
   }
-}
+}
