delete sessions when admin is deleted
This commit is contained in:
parent
0958ff21b6
commit
5a1fa2cc95
src
@ -1,21 +1,23 @@
|
||||
import type { Permissions } from '$lib/permissions';
|
||||
import type { Cookies } from '@sveltejs/kit';
|
||||
import * as crypto from 'crypto';
|
||||
import type { Admin } from '$lib/server/database';
|
||||
|
||||
const sessions: Map<string, Permissions> = new Map();
|
||||
const sessions: Map<string, { userId: number; permissions: Permissions }> = new Map();
|
||||
|
||||
export function addSession(permissions: Permissions): string {
|
||||
const session = 'AAA';
|
||||
sessions.set(session, permissions);
|
||||
export function addSession(user: { id: number; permissions: Permissions } | Admin): string {
|
||||
const session = crypto.randomBytes(16).toString('hex');
|
||||
sessions.set(session, { userId: user.id, permissions: user.permissions });
|
||||
return session;
|
||||
}
|
||||
|
||||
export function getSession(session: string | Cookies, permissions?: number[]): Permissions | null {
|
||||
let sess: Permissions | null;
|
||||
if (typeof session == 'string') {
|
||||
sess = sessions.get(session) || null;
|
||||
sess = sessions.get(session)?.permissions || null;
|
||||
} else {
|
||||
const sessionId = session.get('session');
|
||||
sess = sessionId ? sessions.get(sessionId) || null : null;
|
||||
sess = sessionId ? sessions.get(sessionId)?.permissions || null : null;
|
||||
}
|
||||
|
||||
if (!sess) {
|
||||
@ -28,3 +30,19 @@ export function getSession(session: string | Cookies, permissions?: number[]): P
|
||||
}
|
||||
return sess;
|
||||
}
|
||||
|
||||
export function deleteSession(session: string | Cookies) {
|
||||
if (typeof session == 'string') {
|
||||
sessions.delete(session);
|
||||
} else {
|
||||
sessions.delete(session.get('session') || '');
|
||||
}
|
||||
}
|
||||
|
||||
export function deleteAllUserSessions(userId: number) {
|
||||
for (const [id, details] of sessions.entries()) {
|
||||
if (details.userId == userId) {
|
||||
sessions.delete(id);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Permissions } from '$lib/permissions';
|
||||
import { getSession } from '$lib/server/session';
|
||||
import { addSession, deleteAllUserSessions, deleteSession, getSession } from '$lib/server/session';
|
||||
import { Admin } from '$lib/server/database';
|
||||
import { env as publicEnv } from '$env/dynamic/public';
|
||||
|
||||
export const POST = (async ({ request, cookies }) => {
|
||||
if (getSession(cookies, [Permissions.AdminWrite]) == null) {
|
||||
@ -53,7 +54,21 @@ export const PATCH = (async ({ request, cookies }) => {
|
||||
if (data['password']) updatePayload.password = data['password'];
|
||||
if (data['permissions']) updatePayload.permissions = data['permissions'];
|
||||
|
||||
await Admin.update(updatePayload, { where: { id: id } });
|
||||
let user = await Admin.findOne({ where: { id: id } });
|
||||
if (!user) {
|
||||
return new Response(null, {
|
||||
status: 400
|
||||
});
|
||||
}
|
||||
user = await user.update(updatePayload);
|
||||
|
||||
deleteSession(cookies);
|
||||
cookies.set('session', addSession(user), {
|
||||
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
|
||||
maxAge: 60 * 60 * 24 * 90,
|
||||
httpOnly: true,
|
||||
secure: true
|
||||
});
|
||||
|
||||
return new Response();
|
||||
}) satisfies RequestHandler;
|
||||
@ -66,7 +81,7 @@ export const DELETE = (async ({ request, cookies }) => {
|
||||
}
|
||||
|
||||
const data = await request.json();
|
||||
const id = data['id'] as string | null;
|
||||
const id = data['id'] as number | null;
|
||||
|
||||
if (id == null) {
|
||||
return new Response(null, {
|
||||
@ -75,6 +90,7 @@ export const DELETE = (async ({ request, cookies }) => {
|
||||
}
|
||||
|
||||
await Admin.destroy({ where: { id: id } });
|
||||
deleteAllUserSessions(id);
|
||||
|
||||
return new Response();
|
||||
}) satisfies RequestHandler;
|
||||
|
||||
@ -22,18 +22,22 @@ export const POST = (async ({ request, cookies }) => {
|
||||
username == env.ADMIN_USER &&
|
||||
password == env.ADMIN_PASSWORD
|
||||
) {
|
||||
cookies.set('session', addSession(new Permissions(Permissions.allPermissions())), {
|
||||
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
|
||||
maxAge: 60 * 60 * 24 * 90,
|
||||
httpOnly: true,
|
||||
secure: true
|
||||
});
|
||||
cookies.set(
|
||||
'session',
|
||||
addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
|
||||
{
|
||||
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
|
||||
maxAge: 60 * 60 * 24 * 90,
|
||||
httpOnly: true,
|
||||
secure: true
|
||||
}
|
||||
);
|
||||
return new Response();
|
||||
}
|
||||
|
||||
const user = await Admin.findOne({ where: { username: username } });
|
||||
if (user && user.validatePassword(password)) {
|
||||
cookies.set('session', addSession(user.permissions), {
|
||||
cookies.set('session', addSession(user), {
|
||||
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
|
||||
maxAge: 60 * 60 * 24 * 90,
|
||||
httpOnly: true,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user