fix: fix authHeader without cookie-parser middleware (#1003)

[express-openapi-validator v5.8.3][1] and 00d070b (fix: add cookie support for HTTP bearer authentication (#949), 2024-10-27) breaks HTTP bearer authentication when the `cookie-parser` middleware is not present (and therefore `req.cookies` is not present). [1]: https://github.com/cdimascio/express-openapi-validator/releases/tag/v5.3.8 Fixes: 00d070b
cdimascio · Oct 30, 2024 · 17e91d5 · 17e91d5
1 parent f2aba32
commit 17e91d5
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/middlewares/openapi.security.ts b/src/middlewares/openapi.security.ts
@@ -232,8 +232,9 @@ class AuthValidator {
       const authHeader =
         req.headers['authorization'] &&
         req.headers['authorization'].toLowerCase();
+      // req.cookies will be `undefined` without `cookie-parser` middleware
       const authCookie =
-        req.cookies[scheme.name] || req.signedCookies?.[scheme.name];
+        req.cookies?.[scheme.name] || req.signedCookies?.[scheme.name];
 
       const type = scheme.scheme && scheme.scheme.toLowerCase();
       if (type === 'bearer') {
@@ -289,4 +290,4 @@ class Util {
       o.constructor === Object
     );
   }
-}
+}