backend: reorder authentication validators for consistency in recording and room routes

meet-ce/backend/src/middlewares/recording.middleware.ts

@@ -88,8 +88,8 @@ export const setupRecordingAuthentication = async (req: Request, res: Response,
 	// This will allow API key, registered user and room member token access.
 	const authValidators = [
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	];
 	return withAuth(...authValidators)(req, res, next);
 };

meet-ce/backend/src/routes/recording.routes.ts

@@ -33,8 +33,8 @@ recordingRouter.get(
 	'/',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	validateGetRecordingsReq,
 	authorizeRecordingAccess('canRetrieveRecordings'),
@@ -44,8 +44,8 @@ recordingRouter.delete(
 	'/',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	validateBulkDeleteRecordingsReq,
 	authorizeRecordingAccess('canDeleteRecordings'),
@@ -55,8 +55,8 @@ recordingRouter.get(
 	'/download',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	validateBulkDeleteRecordingsReq,
 	authorizeRecordingAccess('canRetrieveRecordings'),
@@ -73,8 +73,8 @@ recordingRouter.delete(
 	'/:recordingId',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	withValidRecordingId,
 	authorizeRecordingAccess('canDeleteRecordings'),
@@ -91,8 +91,8 @@ recordingRouter.get(
 	'/:recordingId/url',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	validateGetRecordingUrlReq,
 	authorizeRecordingAccess('canRetrieveRecordings'),

meet-ce/backend/src/routes/room.routes.ts

@@ -62,8 +62,8 @@ roomRouter.get(
 	'/:roomId',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	withValidRoomId,
 	authorizeRoomAccess,
@@ -81,8 +81,8 @@ roomRouter.get(
 	'/:roomId/config',
 	withAuth(
 		apiKeyValidator,
-		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER),
-		roomMemberTokenValidator
+		roomMemberTokenValidator,
+		tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)
 	),
 	withValidRoomId,
 	authorizeRoomAccess,
@@ -150,7 +150,7 @@ roomRouter.delete(
 
 roomRouter.get(
 	'/:roomId/members/:memberId',
-	withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER), roomMemberTokenValidator),
+	withAuth(apiKeyValidator, roomMemberTokenValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)),
 	withValidRoomId,
 	authorizeRoomMemberAccess,
 	roomMemberCtrl.getRoomMember