From 9e1b504328d06b419ba6f7a8af717258e1e4ab6b Mon Sep 17 00:00:00 2001
From: Alois Klink <alois@aloisklink.com>
Date: Mon, 28 Oct 2024 18:47:41 +0900
Subject: [PATCH] fix: fix authHeader without `cookie-parser` middleware

[express-openapi-validator v5.8.3][1] and
00d070b (fix: add cookie support for HTTP bearer authentication (#949), 2024-10-27)
breaks HTTP bearer authentication when the `cookie-parser` middleware
is not present (and therefore `req.cookies` is not present).

[1]: https://github.com/cdimascio/express-openapi-validator/releases/tag/v5.3.8
Fixes: 00d070b0f24396de0f32057f58e1c04b5f023199
---
 src/middlewares/openapi.security.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/middlewares/openapi.security.ts b/src/middlewares/openapi.security.ts
index 9abb5412..d9fc4f83 100644
--- a/src/middlewares/openapi.security.ts
+++ b/src/middlewares/openapi.security.ts
@@ -232,8 +232,9 @@ class AuthValidator {
       const authHeader =
         req.headers['authorization'] &&
         req.headers['authorization'].toLowerCase();
+      // req.cookies will be `undefined` without `cookie-parser` middleware
       const authCookie =
-        req.cookies[scheme.name] || req.signedCookies?.[scheme.name];
+        req.cookies?.[scheme.name] || req.signedCookies?.[scheme.name];
   
       const type = scheme.scheme && scheme.scheme.toLowerCase();
       if (type === 'bearer') {
@@ -289,4 +290,4 @@ class Util {
       o.constructor === Object
     );
   }
-}
\ No newline at end of file
+}