CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

make session cookie name a variable
All checks were successful
delpoy / build-and-deploy (push) Successful in 27s
Details

Browse Source
This commit is contained in:
bytedream 2023-08-29 14:52:27 +02:00
parent dd2c10a365
commit ccc022f5f0
4 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/hooks.server.ts
View File

@ -1,7 +1,7 @@
import { sequelize } from '$lib/server/database';
import type { Handle } from '@sveltejs/kit';
import { env } from '$env/dynamic/public';
import { getSession } from '$lib/server/session';
import { getSession, sessionCookieName } from '$lib/server/session';
// make sure that the database and tables exist
await sequelize.sync();
@ -11,7 +11,7 @@ export const handle: Handle = async ({ event, resolve }) => {
event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) &&
event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login`
) {
if (getSession(event.cookies.get('session') || '') == null) {
if (getSession(event.cookies.get(sessionCookieName) || '') == null) {
return new Response(null, {
status: 302,
headers: {

4
src/lib/server/session.ts
View File

@ -3,6 +3,8 @@ import type { Cookies } from '@sveltejs/kit';
import * as crypto from 'crypto';
import type { Admin } from '$lib/server/database';
export const sessionCookieName = 'craftattack_sess';
export interface Session {
sessionId: string;
userId: number;
@ -17,7 +19,7 @@ function sessionFromId(sessionId: string | Cookies): Session | null {
}
function sessionIdFromStringOrCookies(input: string | Cookies): string | null {
return typeof input == 'string' ? input : input.get('session') || null;
return typeof input == 'string' ? input : input.get(sessionCookieName) || null;
}
export function addSession(user: { id: number; permissions: Permissions } | Admin): string {

6
src/routes/admin/login/+server.ts
View File

@ -2,7 +2,7 @@ import type { RequestHandler } from '@sveltejs/kit';
import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public';
import { env } from '$env/dynamic/private';
import { addSession } from '$lib/server/session';
import { addSession, sessionCookieName } from '$lib/server/session';
import { Permissions } from '$lib/permissions';
export const POST = (async ({ request, cookies }) => {
@ -23,7 +23,7 @@ export const POST = (async ({ request, cookies }) => {
password == env.ADMIN_PASSWORD
) {
cookies.set(
'session',
sessionCookieName,
addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
{
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
@ -37,7 +37,7 @@ export const POST = (async ({ request, cookies }) => {
const user = await Admin.findOne({ where: { username: username } });
if (user && user.validatePassword(password)) {
cookies.set('session', addSession(user), {
cookies.set(sessionCookieName, addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,

4
src/routes/admin/logout/+server.ts
View File

@ -1,5 +1,5 @@
import type { RequestHandler } from '@sveltejs/kit';
import { deleteSession, getSession } from '$lib/server/session';
import { deleteSession, getSession, sessionCookieName } from '$lib/server/session';
export const POST = (async ({ cookies }) => {
if (getSession(cookies) == null) {
@ -9,7 +9,7 @@ export const POST = (async ({ cookies }) => {
}
deleteSession(cookies);
cookies.delete('session');
cookies.delete(sessionCookieName);
return new Response();
}) satisfies RequestHandler;