CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

make session cookie name a variable
All checks were successful
delpoy / build-and-deploy (push) Successful in 27s
Details

Browse Source
This commit is contained in:
bytedream 2023-08-29 14:52:27 +02:00
parent dd2c10a365
commit ccc022f5f0
4 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/hooks.server.ts
View File

@ -1,7 +1,7 @@
import { sequelize } from '$lib/server/database'; import { sequelize } from '$lib/server/database';
import type { Handle } from '@sveltejs/kit'; import type { Handle } from '@sveltejs/kit';
import { env } from '$env/dynamic/public'; import { env } from '$env/dynamic/public';
import { getSession } from '$lib/server/session'; import { getSession, sessionCookieName } from '$lib/server/session';
// make sure that the database and tables exist // make sure that the database and tables exist
await sequelize.sync(); await sequelize.sync();
@ -11,7 +11,7 @@ export const handle: Handle = async ({ event, resolve }) => {
event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) && event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) &&
event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login` event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login`
) { ) {
if (getSession(event.cookies.get('session') || '') == null) { if (getSession(event.cookies.get(sessionCookieName) || '') == null) {
return new Response(null, { return new Response(null, {
status: 302, status: 302,
headers: { headers: {

4
src/lib/server/session.ts
View File

@ -3,6 +3,8 @@ import type { Cookies } from '@sveltejs/kit';
import * as crypto from 'crypto'; import * as crypto from 'crypto';
import type { Admin } from '$lib/server/database'; import type { Admin } from '$lib/server/database';
export const sessionCookieName = 'craftattack_sess';
export interface Session { export interface Session {
sessionId: string; sessionId: string;
userId: number; userId: number;
@ -17,7 +19,7 @@ function sessionFromId(sessionId: string | Cookies): Session | null {
} }
function sessionIdFromStringOrCookies(input: string | Cookies): string | null { function sessionIdFromStringOrCookies(input: string | Cookies): string | null {
return typeof input == 'string' ? input : input.get('session') || null; return typeof input == 'string' ? input : input.get(sessionCookieName) || null;
} }
export function addSession(user: { id: number; permissions: Permissions } | Admin): string { export function addSession(user: { id: number; permissions: Permissions } | Admin): string {

6
src/routes/admin/login/+server.ts
View File

@ -2,7 +2,7 @@ import type { RequestHandler } from '@sveltejs/kit';
import { Admin } from '$lib/server/database'; import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public'; import { env as publicEnv } from '$env/dynamic/public';
import { env } from '$env/dynamic/private'; import { env } from '$env/dynamic/private';
import { addSession } from '$lib/server/session'; import { addSession, sessionCookieName } from '$lib/server/session';
import { Permissions } from '$lib/permissions'; import { Permissions } from '$lib/permissions';
export const POST = (async ({ request, cookies }) => { export const POST = (async ({ request, cookies }) => {
@ -23,7 +23,7 @@ export const POST = (async ({ request, cookies }) => {
password == env.ADMIN_PASSWORD password == env.ADMIN_PASSWORD
) { ) {
cookies.set( cookies.set(
'session', sessionCookieName,
addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }), addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
{ {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
@ -37,7 +37,7 @@ export const POST = (async ({ request, cookies }) => {
const user = await Admin.findOne({ where: { username: username } }); const user = await Admin.findOne({ where: { username: username } });
if (user && user.validatePassword(password)) { if (user && user.validatePassword(password)) {
cookies.set('session', addSession(user), { cookies.set(sessionCookieName, addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90, maxAge: 60 * 60 * 24 * 90,
httpOnly: true, httpOnly: true,

4
src/routes/admin/logout/+server.ts
View File

@ -1,5 +1,5 @@
import type { RequestHandler } from '@sveltejs/kit'; import type { RequestHandler } from '@sveltejs/kit';
import { deleteSession, getSession } from '$lib/server/session'; import { deleteSession, getSession, sessionCookieName } from '$lib/server/session';
export const POST = (async ({ cookies }) => { export const POST = (async ({ cookies }) => {
if (getSession(cookies) == null) { if (getSession(cookies) == null) {
@ -9,7 +9,7 @@ export const POST = (async ({ cookies }) => {
} }
deleteSession(cookies); deleteSession(cookies);
cookies.delete('session'); cookies.delete(sessionCookieName);
return new Response(); return new Response();
}) satisfies RequestHandler; }) satisfies RequestHandler;