Implement static token support for users

api/src/middleware/authenticate.ts

@@ -38,9 +38,16 @@ const authenticate: RequestHandler = asyncHandler(async (req, res, next) => {
 			.select('role', 'directus_roles.admin')
 			.from('directus_users')
 			.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
-			.where({ 'directus_users.id': payload.id })
+			.where({
+				'directus_users.id': payload.id,
+				status: 'active',
+			})
 			.first();
 
+		if (!user) {
+			throw new InvalidCredentialsException();
+		}
+
 		/** @TODO verify user status */
 
 		req.accountability.user = payload.id;
@@ -48,6 +55,25 @@ const authenticate: RequestHandler = asyncHandler(async (req, res, next) => {
 		req.accountability.admin = user.admin === true || user.admin == 1;
 
 		return next();
+	} else {
+		// Try finding the user with the provided token
+		const user = await database
+			.select('directus_users.id', 'directus_users.role', 'directus_roles.admin')
+			.from('directus_users')
+			.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
+			.where({
+				'directus_users.token': req.token,
+				status: 'active',
+			})
+			.first();
+
+		if (!user) {
+			throw new InvalidCredentialsException();
+		}
+
+		req.accountability.user = user.id;
+		req.accountability.role = user.role;
+		req.accountability.admin = user.admin === true || user.admin == 1;
 	}
 
 	/**