From ccc022f5f067b7f0c26a3b5e3f65285295d432fc Mon Sep 17 00:00:00 2001 From: bytedream Date: Tue, 29 Aug 2023 14:52:27 +0200 Subject: [PATCH] make session cookie name a variable --- src/hooks.server.ts | 4 ++-- src/lib/server/session.ts | 4 +++- src/routes/admin/login/+server.ts | 6 +++--- src/routes/admin/logout/+server.ts | 4 ++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/hooks.server.ts b/src/hooks.server.ts index d8db728..fb069d4 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -1,7 +1,7 @@ import { sequelize } from '$lib/server/database'; import type { Handle } from '@sveltejs/kit'; import { env } from '$env/dynamic/public'; -import { getSession } from '$lib/server/session'; +import { getSession, sessionCookieName } from '$lib/server/session'; // make sure that the database and tables exist await sequelize.sync(); @@ -11,7 +11,7 @@ export const handle: Handle = async ({ event, resolve }) => { event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) && event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login` ) { - if (getSession(event.cookies.get('session') || '') == null) { + if (getSession(event.cookies.get(sessionCookieName) || '') == null) { return new Response(null, { status: 302, headers: { diff --git a/src/lib/server/session.ts b/src/lib/server/session.ts index d54479a..59d0e27 100644 --- a/src/lib/server/session.ts +++ b/src/lib/server/session.ts @@ -3,6 +3,8 @@ import type { Cookies } from '@sveltejs/kit'; import * as crypto from 'crypto'; import type { Admin } from '$lib/server/database'; +export const sessionCookieName = 'craftattack_sess'; + export interface Session { sessionId: string; userId: number; @@ -17,7 +19,7 @@ function sessionFromId(sessionId: string | Cookies): Session | null { } function sessionIdFromStringOrCookies(input: string | Cookies): string | null { - return typeof input == 'string' ? input : input.get('session') || null; + return typeof input == 'string' ? input : input.get(sessionCookieName) || null; } export function addSession(user: { id: number; permissions: Permissions } | Admin): string { diff --git a/src/routes/admin/login/+server.ts b/src/routes/admin/login/+server.ts index a0f88e6..a3f9e9a 100644 --- a/src/routes/admin/login/+server.ts +++ b/src/routes/admin/login/+server.ts @@ -2,7 +2,7 @@ import type { RequestHandler } from '@sveltejs/kit'; import { Admin } from '$lib/server/database'; import { env as publicEnv } from '$env/dynamic/public'; import { env } from '$env/dynamic/private'; -import { addSession } from '$lib/server/session'; +import { addSession, sessionCookieName } from '$lib/server/session'; import { Permissions } from '$lib/permissions'; export const POST = (async ({ request, cookies }) => { @@ -23,7 +23,7 @@ export const POST = (async ({ request, cookies }) => { password == env.ADMIN_PASSWORD ) { cookies.set( - 'session', + sessionCookieName, addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }), { path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, @@ -37,7 +37,7 @@ export const POST = (async ({ request, cookies }) => { const user = await Admin.findOne({ where: { username: username } }); if (user && user.validatePassword(password)) { - cookies.set('session', addSession(user), { + cookies.set(sessionCookieName, addSession(user), { path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, maxAge: 60 * 60 * 24 * 90, httpOnly: true, diff --git a/src/routes/admin/logout/+server.ts b/src/routes/admin/logout/+server.ts index 2d23f00..4787fbb 100644 --- a/src/routes/admin/logout/+server.ts +++ b/src/routes/admin/logout/+server.ts @@ -1,5 +1,5 @@ import type { RequestHandler } from '@sveltejs/kit'; -import { deleteSession, getSession } from '$lib/server/session'; +import { deleteSession, getSession, sessionCookieName } from '$lib/server/session'; export const POST = (async ({ cookies }) => { if (getSession(cookies) == null) { @@ -9,7 +9,7 @@ export const POST = (async ({ cookies }) => { } deleteSession(cookies); - cookies.delete('session'); + cookies.delete(sessionCookieName); return new Response(); }) satisfies RequestHandler;