fix(oauth): select ot.user_id instead of u.id in getUserByAccessToken
u.id was returned by SQLite as `id` but the code read `row.user_id`, which was undefined. This caused all MCP calls to resolve userId as undefined, making list_trips return empty and canAccessTrip deny all access when authenticated via OAuth 2.1.
This commit is contained in:
parent
5b44fe68b1
commit
41f1dd9ce5
@ -276,7 +276,7 @@ export function getUserByAccessToken(rawToken: string): OAuthTokenInfo | null {
|
||||
const hash = hashToken(rawToken);
|
||||
const row = db.prepare(`
|
||||
SELECT ot.scopes, ot.revoked_at, ot.access_token_expires_at,
|
||||
u.id, u.username, u.email, u.role
|
||||
ot.user_id, u.username, u.email, u.role
|
||||
FROM oauth_tokens ot
|
||||
JOIN users u ON ot.user_id = u.id
|
||||
WHERE ot.access_token_hash = ?
|
||||
|
||||
Loading…
Reference in New Issue
Block a user