update session structure
This commit is contained in:
parent
a88ae62edf
commit
1b6e3c522f
@ -3,46 +3,56 @@ import type { Cookies } from '@sveltejs/kit';
|
||||
import * as crypto from 'crypto';
|
||||
import type { Admin } from '$lib/server/database';
|
||||
|
||||
const sessions: Map<string, { userId: number; permissions: Permissions }> = new Map();
|
||||
export interface Session {
|
||||
sessionId: string;
|
||||
userId: number;
|
||||
permissions: Permissions;
|
||||
}
|
||||
|
||||
let sessions: Session[] = [];
|
||||
|
||||
function sessionFromId(sessionId: string | Cookies): Session | null {
|
||||
const sessId = sessionIdFromStringOrCookies(sessionId);
|
||||
return sessions.find((v) => v.sessionId == sessId) || null;
|
||||
}
|
||||
|
||||
function sessionIdFromStringOrCookies(input: string | Cookies): string | null {
|
||||
return typeof input == 'string' ? input : input.get('session') || null;
|
||||
}
|
||||
|
||||
export function addSession(user: { id: number; permissions: Permissions } | Admin): string {
|
||||
const session = crypto.randomBytes(16).toString('hex');
|
||||
sessions.set(session, { userId: user.id, permissions: user.permissions });
|
||||
sessions.push({
|
||||
sessionId: session,
|
||||
userId: user.id,
|
||||
permissions: user.permissions
|
||||
});
|
||||
return session;
|
||||
}
|
||||
|
||||
export function getSession(session: string | Cookies, permissions?: number[]): Permissions | null {
|
||||
let sess: Permissions | null;
|
||||
if (typeof session == 'string') {
|
||||
sess = sessions.get(session)?.permissions || null;
|
||||
} else {
|
||||
const sessionId = session.get('session');
|
||||
sess = sessionId ? sessions.get(sessionId)?.permissions || null : null;
|
||||
}
|
||||
|
||||
if (!sess) {
|
||||
export function getSession(
|
||||
sessionId: string | Cookies,
|
||||
options?: { permissions?: number[] }
|
||||
): Session | null {
|
||||
const session = sessionFromId(sessionId);
|
||||
if (!session) {
|
||||
return null;
|
||||
}
|
||||
for (const perm of permissions || []) {
|
||||
if ((sess.value & perm) == 0) {
|
||||
for (const perm of options?.permissions || []) {
|
||||
if ((session.permissions.value & perm) == 0) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
return sess;
|
||||
return session;
|
||||
}
|
||||
|
||||
export function deleteSession(session: string | Cookies) {
|
||||
if (typeof session == 'string') {
|
||||
sessions.delete(session);
|
||||
} else {
|
||||
sessions.delete(session.get('session') || '');
|
||||
export function deleteSession(sessionId: string | Cookies) {
|
||||
const session = sessionFromId(sessionId);
|
||||
if (session) {
|
||||
sessions.splice(sessions.indexOf(session), 1);
|
||||
}
|
||||
}
|
||||
|
||||
export function deleteAllUserSessions(userId: number) {
|
||||
for (const [id, details] of sessions.entries()) {
|
||||
if (details.userId == userId) {
|
||||
sessions.delete(id);
|
||||
}
|
||||
}
|
||||
sessions = sessions.filter((v) => v.userId == userId);
|
||||
}
|
||||
|
||||
@ -1,11 +1,16 @@
|
||||
import type { PageServerLoad } from './$types';
|
||||
import { Admin } from '$lib/server/database';
|
||||
import { getSession } from '$lib/server/session';
|
||||
import { Permissions } from '$lib/permissions';
|
||||
|
||||
export const load: PageServerLoad = async ({ cookies }) => {
|
||||
const admins = await Admin.findAll({ attributes: { exclude: ['password'] } });
|
||||
let admins: Admin[] = [];
|
||||
if (getSession(cookies, { permissions: [Permissions.AdminRead] }) != null) {
|
||||
admins = await Admin.findAll({ attributes: { exclude: ['password'] } });
|
||||
}
|
||||
|
||||
return {
|
||||
admins: JSON.parse(JSON.stringify(admins)),
|
||||
permissions: getSession(cookies.get('session') || '')!.value
|
||||
permissions: getSession(cookies.get('session') || '')!.permissions.value
|
||||
};
|
||||
};
|
||||
|
||||
@ -5,7 +5,7 @@ import { Admin } from '$lib/server/database';
|
||||
import { env as publicEnv } from '$env/dynamic/public';
|
||||
|
||||
export const POST = (async ({ request, cookies }) => {
|
||||
if (getSession(cookies, [Permissions.AdminWrite]) == null) {
|
||||
if (getSession(cookies, { permissions: [Permissions.AdminWrite] }) == null) {
|
||||
return new Response(null, {
|
||||
status: 401
|
||||
});
|
||||
@ -34,7 +34,7 @@ export const POST = (async ({ request, cookies }) => {
|
||||
}) satisfies RequestHandler;
|
||||
|
||||
export const PATCH = (async ({ request, cookies }) => {
|
||||
if (getSession(cookies, [Permissions.AdminWrite]) == null) {
|
||||
if (getSession(cookies, { permissions: [Permissions.AdminWrite] }) == null) {
|
||||
return new Response(null, {
|
||||
status: 401
|
||||
});
|
||||
@ -52,7 +52,7 @@ export const PATCH = (async ({ request, cookies }) => {
|
||||
const updatePayload: { [key: string]: any } = {};
|
||||
if (data['username']) updatePayload.username = data['username'];
|
||||
if (data['password']) updatePayload.password = data['password'];
|
||||
if (data['permissions']) updatePayload.permissions = data['permissions'];
|
||||
if (data['permissions']) updatePayload.permissions = new Permissions(data['permissions']);
|
||||
|
||||
let user = await Admin.findOne({ where: { id: id } });
|
||||
if (!user) {
|
||||
@ -74,7 +74,7 @@ export const PATCH = (async ({ request, cookies }) => {
|
||||
}) satisfies RequestHandler;
|
||||
|
||||
export const DELETE = (async ({ request, cookies }) => {
|
||||
if (getSession(cookies, [Permissions.AdminWrite]) == null) {
|
||||
if (getSession(cookies, { permissions: [Permissions.AdminWrite] }) == null) {
|
||||
return new Response(null, {
|
||||
status: 401
|
||||
});
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user