CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

delete sessions when admin is deleted

Browse Source
This commit is contained in:
bytedream
2023-08-28 16:41:41 +02:00
parent 0958ff21b6
commit 5a1fa2cc95
3 changed files with 54 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/routes/admin/admin/+server.ts
View File

@ -1,7 +1,8 @@
import type { RequestHandler } from '@sveltejs/kit';
import { Permissions } from '$lib/permissions';
import { getSession } from '$lib/server/session';
import { addSession, deleteAllUserSessions, deleteSession, getSession } from '$lib/server/session';
import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public';
export const POST = (async ({ request, cookies }) => {
if (getSession(cookies, [Permissions.AdminWrite]) == null) {
@ -53,7 +54,21 @@ export const PATCH = (async ({ request, cookies }) => {
if (data['password']) updatePayload.password = data['password'];
if (data['permissions']) updatePayload.permissions = data['permissions'];
await Admin.update(updatePayload, { where: { id: id } });
let user = await Admin.findOne({ where: { id: id } });
if (!user) {
return new Response(null, {
status: 400
});
}
user = await user.update(updatePayload);
deleteSession(cookies);
cookies.set('session', addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,
secure: true
});
return new Response();
}) satisfies RequestHandler;
@ -66,7 +81,7 @@ export const DELETE = (async ({ request, cookies }) => {
}
const data = await request.json();
const id = data['id'] as string | null;
const id = data['id'] as number | null;
if (id == null) {
return new Response(null, {
@ -75,6 +90,7 @@ export const DELETE = (async ({ request, cookies }) => {
}
await Admin.destroy({ where: { id: id } });
deleteAllUserSessions(id);
return new Response();
}) satisfies RequestHandler;

18
src/routes/admin/login/+server.ts
View File

@ -22,18 +22,22 @@ export const POST = (async ({ request, cookies }) => {
username == env.ADMIN_USER &&
password == env.ADMIN_PASSWORD
) {
cookies.set('session', addSession(new Permissions(Permissions.allPermissions())), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,
secure: true
});
cookies.set(
'session',
addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
{
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,
secure: true
}
);
return new Response();
}
const user = await Admin.findOne({ where: { username: username } });
if (user && user.validatePassword(password)) {
cookies.set('session', addSession(user.permissions), {
cookies.set('session', addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,