CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

update all sessions when changing admin permissions instead of deleting

Browse Source
This commit is contained in:
bytedream
2023-08-28 18:05:14 +02:00
parent 1b6e3c522f
commit 90cb1fea87
2 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/routes/admin/admin/+server.ts
View File

@ -1,6 +1,12 @@
import type { RequestHandler } from '@sveltejs/kit';
import { Permissions } from '$lib/permissions';
import { addSession, deleteAllUserSessions, deleteSession, getSession } from '$lib/server/session';
import {
addSession,
deleteAllUserSessions,
deleteSession,
getSession,
updateAllUserSessions
} from '$lib/server/session';
import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public';
@ -62,13 +68,7 @@ export const PATCH = (async ({ request, cookies }) => {
}
user = await user.update(updatePayload);
deleteSession(cookies);
cookies.set('session', addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,
secure: true
});
updateAllUserSessions(user.id, { permissions: user.permissions });
return new Response();
}) satisfies RequestHandler;