From 6f513265aa10ae49529191f79c541179428d8d40 Mon Sep 17 00:00:00 2001
From: Nguyen Thanh Quang <teddyowo@outlook.com>
Date: Tue, 5 Jul 2022 21:05:20 +0700
Subject: [PATCH] fix(api): allow uploading without private token

---
 src/pages/api/upload.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/pages/api/upload.ts b/src/pages/api/upload.ts
index 592be9a..2d6406b 100644
--- a/src/pages/api/upload.ts
+++ b/src/pages/api/upload.ts
@@ -13,9 +13,10 @@ const uploader = multer({
 });
 
 async function handler(req: NextApiReq, res: NextApiRes) {
+  const usr = await req.user();
   if (req.method !== 'POST') return res.forbid('Invalid method');
-  if (!req.headers.authorization) return res.forbid('Unauthorized');
-  const user = await prisma.user.findFirst({
+  if (!(req.headers.authorization || usr)) return res.forbid('Unauthorized');
+  const user = usr || await prisma.user.findFirst({
     where: {
       token: req.headers.authorization
     }