From ca9d0b445e7c3fc65c7d540041c19a816c022b36 Mon Sep 17 00:00:00 2001
From: David Oduneye <44040421+DOOduneye@users.noreply.github.com>
Date: Sat, 17 Feb 2024 15:30:15 -0500
Subject: [PATCH] unauthorized when you have no cookies (#221)

---
 backend/src/middleware/auth.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/src/middleware/auth.go b/backend/src/middleware/auth.go
index 952efa2fc..521c3569e 100644
--- a/backend/src/middleware/auth.go
+++ b/backend/src/middleware/auth.go
@@ -67,6 +67,10 @@ func (m *MiddlewareService) Authorize(requiredPermissions ...auth.Permission) fu
 			return c.Next()
 		}
 
+		if c.Cookies("access_token") == "" || c.Cookies("refresh_token") == "" {
+			return errors.Unauthorized.FiberError(c)
+		}
+
 		role, err := auth.GetRoleFromToken(c.Cookies("access_token"), m.AuthSettings.AccessKey)
 		if err != nil {
 			return errors.FailedToParseAccessToken.FiberError(c)