fix hook auth

.github/workflows/gcp-cloudrun-merge-develop.yml

@@ -2,7 +2,7 @@ on:
   push:
     branches:
       - develop
-      - feature/post-update-web
+      - fix-hook-auth
 
 name: Build and Deploy to Cloud Run on merge to branch 'develop'
 env:

src/handler/hook/hook_middleware.ts

@@ -4,15 +4,24 @@ import { loadConfig } from '../../config/config'
 
 export const hookMiddleware = (req: Request, res: Response, next: NextFunction) => {
   const conf = loadConfig()
-  const auth = req.headers['authorization'].split(' ')[1]
+  const auth = req.headers['authorization']
+  console.log(`auth: ${auth}`)
+
   if (auth == null) return res.sendStatus(401)
-  if (auth.split(' ')[0] === 'Bearer') res.sendStatus(403)
+
+  const parts = auth.split(' ')
+  if (parts.length !== 2 || parts[0] !== 'Bearer') {
+    console.error(`invalid auth header: ${parts}`)
+    res.sendStatus(403)
+  }
+  const token = parts[1]
+  console.log(`token: ${token}`)
 
   try {
-    const decoded = jwt.verify(auth, conf.accessToken)
+    const decoded = jwt.verify(token, conf.accessToken)
     next()
   } catch (err) {
-    console.log(err)
+    console.error(`jwt verify: ${err}`)
     return res.sendStatus(403)
   }
 }