CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

delete sessions when admin is deleted

Browse Source
This commit is contained in:
bytedream 2023-08-28 16:41:41 +02:00
parent 0958ff21b6
commit 5a1fa2cc95
3 changed files with 54 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/lib/server/session.ts
View File

@ -1,21 +1,23 @@
import type { Permissions } from '$lib/permissions'; import type { Permissions } from '$lib/permissions';
import type { Cookies } from '@sveltejs/kit'; import type { Cookies } from '@sveltejs/kit';
import * as crypto from 'crypto';
import type { Admin } from '$lib/server/database';
const sessions: Map<string, Permissions> = new Map(); const sessions: Map<string, { userId: number; permissions: Permissions }> = new Map();
export function addSession(permissions: Permissions): string { export function addSession(user: { id: number; permissions: Permissions } | Admin): string {
const session = 'AAA'; const session = crypto.randomBytes(16).toString('hex');
sessions.set(session, permissions); sessions.set(session, { userId: user.id, permissions: user.permissions });
return session; return session;
} }
export function getSession(session: string | Cookies, permissions?: number[]): Permissions | null { export function getSession(session: string | Cookies, permissions?: number[]): Permissions | null {
let sess: Permissions | null; let sess: Permissions | null;
if (typeof session == 'string') { if (typeof session == 'string') {
sess = sessions.get(session) || null; sess = sessions.get(session)?.permissions || null;
} else { } else {
const sessionId = session.get('session'); const sessionId = session.get('session');
sess = sessionId ? sessions.get(sessionId) || null : null; sess = sessionId ? sessions.get(sessionId)?.permissions || null : null;
} }
if (!sess) { if (!sess) {
@ -28,3 +30,19 @@ export function getSession(session: string | Cookies, permissions?: number[]): P
} }
return sess; return sess;
} }
export function deleteSession(session: string | Cookies) {
if (typeof session == 'string') {
sessions.delete(session);
} else {
sessions.delete(session.get('session') || '');
}
}
export function deleteAllUserSessions(userId: number) {
for (const [id, details] of sessions.entries()) {
if (details.userId == userId) {
sessions.delete(id);
}
}
}

22
src/routes/admin/admin/+server.ts
View File

@ -1,7 +1,8 @@
import type { RequestHandler } from '@sveltejs/kit'; import type { RequestHandler } from '@sveltejs/kit';
import { Permissions } from '$lib/permissions'; import { Permissions } from '$lib/permissions';
import { getSession } from '$lib/server/session'; import { addSession, deleteAllUserSessions, deleteSession, getSession } from '$lib/server/session';
import { Admin } from '$lib/server/database'; import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public';
export const POST = (async ({ request, cookies }) => { export const POST = (async ({ request, cookies }) => {
if (getSession(cookies, [Permissions.AdminWrite]) == null) { if (getSession(cookies, [Permissions.AdminWrite]) == null) {
@ -53,7 +54,21 @@ export const PATCH = (async ({ request, cookies }) => {
if (data['password']) updatePayload.password = data['password']; if (data['password']) updatePayload.password = data['password'];
if (data['permissions']) updatePayload.permissions = data['permissions']; if (data['permissions']) updatePayload.permissions = data['permissions'];
await Admin.update(updatePayload, { where: { id: id } }); let user = await Admin.findOne({ where: { id: id } });
if (!user) {
return new Response(null, {
status: 400
});
}
user = await user.update(updatePayload);
deleteSession(cookies);
cookies.set('session', addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,
secure: true
});
return new Response(); return new Response();
}) satisfies RequestHandler; }) satisfies RequestHandler;
@ -66,7 +81,7 @@ export const DELETE = (async ({ request, cookies }) => {
} }
const data = await request.json(); const data = await request.json();
const id = data['id'] as string | null; const id = data['id'] as number | null;
if (id == null) { if (id == null) {
return new Response(null, { return new Response(null, {
@ -75,6 +90,7 @@ export const DELETE = (async ({ request, cookies }) => {
} }
await Admin.destroy({ where: { id: id } }); await Admin.destroy({ where: { id: id } });
deleteAllUserSessions(id);
return new Response(); return new Response();
}) satisfies RequestHandler; }) satisfies RequestHandler;

18
src/routes/admin/login/+server.ts
View File

@ -22,18 +22,22 @@ export const POST = (async ({ request, cookies }) => {
username == env.ADMIN_USER && username == env.ADMIN_USER &&
password == env.ADMIN_PASSWORD password == env.ADMIN_PASSWORD
) { ) {
cookies.set('session', addSession(new Permissions(Permissions.allPermissions())), { cookies.set(
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, 'session',
maxAge: 60 * 60 * 24 * 90, addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
httpOnly: true, {
secure: true path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
}); maxAge: 60 * 60 * 24 * 90,
httpOnly: true,
secure: true
}
);
return new Response(); return new Response();
} }
const user = await Admin.findOne({ where: { username: username } }); const user = await Admin.findOne({ where: { username: username } });
if (user && user.validatePassword(password)) { if (user && user.validatePassword(password)) {
cookies.set('session', addSession(user.permissions), { cookies.set('session', addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90, maxAge: 60 * 60 * 24 * 90,
httpOnly: true, httpOnly: true,