From 16ed12bfd7cf5ca88baba28de00b47b78754df42 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Thu, 29 Apr 2021 16:44:27 +0200
Subject: [PATCH] MediaController: Double-check that req.user is defined

TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
---
 src/api/public/media/media.controller.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/api/public/media/media.controller.ts b/src/api/public/media/media.controller.ts
index 1472088b0..3436a1dcc 100644
--- a/src/api/public/media/media.controller.ts
+++ b/src/api/public/media/media.controller.ts
@@ -94,6 +94,10 @@ export class MediaController {
     @UploadedFile() file: MulterFile,
     @Headers('HedgeDoc-Note') noteId: string,
   ): Promise<MediaUploadUrlDto> {
+    if (!req.user) {
+      // We should never reach this, as the TokenAuthGuard handles missing user info
+      throw new InternalServerErrorException('Request did not specify user');
+    }
     const username = req.user.userName;
     this.logger.debug(
       `Recieved filename '${file.originalname}' for note '${noteId}' from user '${username}'`,
@@ -130,6 +134,10 @@ export class MediaController {
     @Req() req: Request,
     @Param('filename') filename: string,
   ): Promise<void> {
+    if (!req.user) {
+      // We should never reach this, as the TokenAuthGuard handles missing user info
+      throw new InternalServerErrorException('Request did not specify user');
+    }
     const username = req.user.userName;
     try {
       this.logger.debug(