CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

Compare commits

base: CraftAttack:38743398e069a566ec00c1809973ac80d944b4cf
Branches Tags
CraftAttack:main
..
compare: CraftAttack:b6fad90dafd4e4dd359c104a5b75e51678692d21
Branches Tags
CraftAttack:main

No commits in common. "38743398e069a566ec00c1809973ac80d944b4cf" and "b6fad90dafd4e4dd359c104a5b75e51678692d21" have entirely different histories.
38743398e0 ... b6fad90daf

5 changed files with 8 additions and 14 deletions
Show Stats Expand all files Collapse all files

4
src/hooks.server.ts
View File

@ -1,7 +1,7 @@
import { sequelize } from '$lib/server/database'; import { sequelize } from '$lib/server/database';
import type { Handle } from '@sveltejs/kit'; import type { Handle } from '@sveltejs/kit';
import { env } from '$env/dynamic/public'; import { env } from '$env/dynamic/public';
import { getSession, sessionCookieName } from '$lib/server/session'; import { getSession } from '$lib/server/session';
// make sure that the database and tables exist // make sure that the database and tables exist
await sequelize.sync(); await sequelize.sync();
@ -11,7 +11,7 @@ export const handle: Handle = async ({ event, resolve }) => {
event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) && event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) &&
event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login` event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login`
) { ) {
if (getSession(event.cookies.get(sessionCookieName) || '') == null) { if (getSession(event.cookies.get('session') || '') == null) {
return new Response(null, { return new Response(null, {
status: 302, status: 302,
headers: { headers: {

4
src/lib/server/session.ts
View File

@ -3,8 +3,6 @@ import type { Cookies } from '@sveltejs/kit';
import * as crypto from 'crypto'; import * as crypto from 'crypto';
import type { Admin } from '$lib/server/database'; import type { Admin } from '$lib/server/database';
export const sessionCookieName = 'craftattack_sess';
export interface Session { export interface Session {
sessionId: string; sessionId: string;
userId: number; userId: number;
@ -19,7 +17,7 @@ function sessionFromId(sessionId: string | Cookies): Session | null {
} }
function sessionIdFromStringOrCookies(input: string | Cookies): string | null { function sessionIdFromStringOrCookies(input: string | Cookies): string | null {
return typeof input == 'string' ? input : input.get(sessionCookieName) || null; return typeof input == 'string' ? input : input.get('session') || null;
} }
export function addSession(user: { id: number; permissions: Permissions } | Admin): string { export function addSession(user: { id: number; permissions: Permissions } | Admin): string {

4
src/routes/admin/+layout.server.ts
View File

@ -1,14 +1,10 @@
import type { LayoutServerLoad } from './$types'; import type { LayoutServerLoad } from './$types';
import { Admin, User } from '$lib/server/database'; import { Admin, User } from '$lib/server/database';
import { getSession } from '$lib/server/session'; import { getSession } from '$lib/server/session';
import { redirect } from '@sveltejs/kit';
import { env } from '$env/dynamic/public';
export const load: LayoutServerLoad = async ({ cookies }) => { export const load: LayoutServerLoad = async ({ cookies }) => {
const session = getSession(cookies); const session = getSession(cookies);
if (session == null) throw redirect(302, `${env.PUBLIC_BASE_PATH}/admin/login`);
return { return {
userCount: session?.permissions.userRead() ? await User.count() : null, userCount: session?.permissions.userRead() ? await User.count() : null,
adminCount: session?.permissions.adminRead() ? await Admin.count() : null adminCount: session?.permissions.adminRead() ? await Admin.count() : null

6
src/routes/admin/login/+server.ts
View File

@ -2,7 +2,7 @@ import type { RequestHandler } from '@sveltejs/kit';
import { Admin } from '$lib/server/database'; import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public'; import { env as publicEnv } from '$env/dynamic/public';
import { env } from '$env/dynamic/private'; import { env } from '$env/dynamic/private';
import { addSession, sessionCookieName } from '$lib/server/session'; import { addSession } from '$lib/server/session';
import { Permissions } from '$lib/permissions'; import { Permissions } from '$lib/permissions';
export const POST = (async ({ request, cookies }) => { export const POST = (async ({ request, cookies }) => {
@ -23,7 +23,7 @@ export const POST = (async ({ request, cookies }) => {
password == env.ADMIN_PASSWORD password == env.ADMIN_PASSWORD
) { ) {
cookies.set( cookies.set(
sessionCookieName, 'session',
addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }), addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
{ {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
@ -37,7 +37,7 @@ export const POST = (async ({ request, cookies }) => {
const user = await Admin.findOne({ where: { username: username } }); const user = await Admin.findOne({ where: { username: username } });
if (user && user.validatePassword(password)) { if (user && user.validatePassword(password)) {
cookies.set(sessionCookieName, addSession(user), { cookies.set('session', addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`, path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90, maxAge: 60 * 60 * 24 * 90,
httpOnly: true, httpOnly: true,

4
src/routes/admin/logout/+server.ts
View File

@ -1,5 +1,5 @@
import type { RequestHandler } from '@sveltejs/kit'; import type { RequestHandler } from '@sveltejs/kit';
import { deleteSession, getSession, sessionCookieName } from '$lib/server/session'; import { deleteSession, getSession } from '$lib/server/session';
export const POST = (async ({ cookies }) => { export const POST = (async ({ cookies }) => {
if (getSession(cookies) == null) { if (getSession(cookies) == null) {
@ -9,7 +9,7 @@ export const POST = (async ({ cookies }) => {
} }
deleteSession(cookies); deleteSession(cookies);
cookies.delete(sessionCookieName); cookies.delete('session');
return new Response(); return new Response();
}) satisfies RequestHandler; }) satisfies RequestHandler;