Merge pull request #2988 from bcgov/auth-crash-fix

Auth crash fix
bcgov · Nov 27, 2023 · ce9f8eb · ce9f8eb
2 parents 87253c6 + e83ad5c
commit ce9f8eb
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/api/src/utils/auth-utils.ts b/api/src/utils/auth-utils.ts
@@ -81,7 +81,19 @@ export const authenticate = async (req: InvasivesRequest) => {
 
   MDC.additionalContext.isPublicURL = isPublicURL;
 
-  const token = authHeader.split(/\s/)[1];
+  let token: string;
+
+  try {
+    token = authHeader.split(/\s/)[1];
+  } catch (error) {
+    defaultLog.info({ label: 'authenticate', message: 'malformed auth token received' });
+
+    throw {
+      code: 400,
+      message: 'Authorization header parse failure',
+      namespace: 'auth-utils'
+    };
+  }
 
   if (isPublicURL && (req.method === 'GET' || req.method === 'POST') && !token) {
     return new Promise<void>((resolve: any) => {