From 90cb1fea872ee7b5c3212a3f9457e711c93c1b24 Mon Sep 17 00:00:00 2001
From: bytedream <bytedream@protonmail.com>
Date: Mon, 28 Aug 2023 18:05:14 +0200
Subject: [PATCH] update all sessions when changing admin permissions instead
 of deleting

---
 src/lib/server/session.ts         |  8 +++++++-
 src/routes/admin/admin/+server.ts | 16 ++++++++--------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/lib/server/session.ts b/src/lib/server/session.ts
index 872a97f..d54479a 100644
--- a/src/lib/server/session.ts
+++ b/src/lib/server/session.ts
@@ -46,6 +46,12 @@ export function getSession(
 	return session;
 }
 
+export function updateAllUserSessions(userId: number, options: { permissions: Permissions }) {
+	for (const session of sessions.filter((v) => v.userId == userId)) {
+		session.permissions = options.permissions;
+	}
+}
+
 export function deleteSession(sessionId: string | Cookies) {
 	const session = sessionFromId(sessionId);
 	if (session) {
@@ -54,5 +60,5 @@ export function deleteSession(sessionId: string | Cookies) {
 }
 
 export function deleteAllUserSessions(userId: number) {
-	sessions = sessions.filter((v) => v.userId == userId);
+	sessions = sessions.filter((v) => v.userId != userId);
 }
diff --git a/src/routes/admin/admin/+server.ts b/src/routes/admin/admin/+server.ts
index 35e02fd..b73caca 100644
--- a/src/routes/admin/admin/+server.ts
+++ b/src/routes/admin/admin/+server.ts
@@ -1,6 +1,12 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { Permissions } from '$lib/permissions';
-import { addSession, deleteAllUserSessions, deleteSession, getSession } from '$lib/server/session';
+import {
+	addSession,
+	deleteAllUserSessions,
+	deleteSession,
+	getSession,
+	updateAllUserSessions
+} from '$lib/server/session';
 import { Admin } from '$lib/server/database';
 import { env as publicEnv } from '$env/dynamic/public';
 
@@ -62,13 +68,7 @@ export const PATCH = (async ({ request, cookies }) => {
 	}
 	user = await user.update(updatePayload);
 
-	deleteSession(cookies);
-	cookies.set('session', addSession(user), {
-		path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
-		maxAge: 60 * 60 * 24 * 90,
-		httpOnly: true,
-		secure: true
-	});
+	updateAllUserSessions(user.id, { permissions: user.permissions });
 
 	return new Response();
 }) satisfies RequestHandler;