CraftAttack/website
4
0
Fork 0
Code Issues 3 Pull Requests Actions Wiki Activity

Compare commits

base: CraftAttack:b6fad90dafd4e4dd359c104a5b75e51678692d21
Branches Tags
CraftAttack:main
..
compare: CraftAttack:38743398e069a566ec00c1809973ac80d944b4cf
Branches Tags
CraftAttack:main

2 Commits
b6fad90daf ... 38743398e0

Author SHA1 Message Date
bytedream
38743398e0 make session cookie name a variable
All checks were successful
delpoy / build-and-deploy (push) Successful in 34s
Details
2023-08-29 14:48:42 +02:00
bytedream
f2c620e37b redirect to admin login when trying to access any admin page without valid cookies 2023-08-29 14:44:20 +02:00
5 changed files with 14 additions and 8 deletions
Show Stats Expand all files Collapse all files

4
src/hooks.server.ts
View File

@ -1,7 +1,7 @@
import { sequelize } from '$lib/server/database';
import type { Handle } from '@sveltejs/kit';
import { env } from '$env/dynamic/public';
import { getSession } from '$lib/server/session';
import { getSession, sessionCookieName } from '$lib/server/session';
// make sure that the database and tables exist
await sequelize.sync();
@ -11,7 +11,7 @@ export const handle: Handle = async ({ event, resolve }) => {
event.url.pathname.startsWith(`${env.PUBLIC_BASE_PATH}/admin`) &&
event.url.pathname != `${env.PUBLIC_BASE_PATH}/admin/login`
) {
if (getSession(event.cookies.get('session') || '') == null) {
if (getSession(event.cookies.get(sessionCookieName) || '') == null) {
return new Response(null, {
status: 302,
headers: {

4
src/lib/server/session.ts
View File

@ -3,6 +3,8 @@ import type { Cookies } from '@sveltejs/kit';
import * as crypto from 'crypto';
import type { Admin } from '$lib/server/database';
export const sessionCookieName = 'craftattack_sess';
export interface Session {
sessionId: string;
userId: number;
@ -17,7 +19,7 @@ function sessionFromId(sessionId: string | Cookies): Session | null {
}
function sessionIdFromStringOrCookies(input: string | Cookies): string | null {
return typeof input == 'string' ? input : input.get('session') || null;
return typeof input == 'string' ? input : input.get(sessionCookieName) || null;
}
export function addSession(user: { id: number; permissions: Permissions } | Admin): string {

4
src/routes/admin/+layout.server.ts
View File

@ -1,10 +1,14 @@
import type { LayoutServerLoad } from './$types';
import { Admin, User } from '$lib/server/database';
import { getSession } from '$lib/server/session';
import { redirect } from '@sveltejs/kit';
import { env } from '$env/dynamic/public';
export const load: LayoutServerLoad = async ({ cookies }) => {
const session = getSession(cookies);
if (session == null) throw redirect(302, `${env.PUBLIC_BASE_PATH}/admin/login`);
return {
userCount: session?.permissions.userRead() ? await User.count() : null,
adminCount: session?.permissions.adminRead() ? await Admin.count() : null

6
src/routes/admin/login/+server.ts
View File

@ -2,7 +2,7 @@ import type { RequestHandler } from '@sveltejs/kit';
import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public';
import { env } from '$env/dynamic/private';
import { addSession } from '$lib/server/session';
import { addSession, sessionCookieName } from '$lib/server/session';
import { Permissions } from '$lib/permissions';
export const POST = (async ({ request, cookies }) => {
@ -23,7 +23,7 @@ export const POST = (async ({ request, cookies }) => {
password == env.ADMIN_PASSWORD
) {
cookies.set(
'session',
sessionCookieName,
addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
{
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
@ -37,7 +37,7 @@ export const POST = (async ({ request, cookies }) => {
const user = await Admin.findOne({ where: { username: username } });
if (user && user.validatePassword(password)) {
cookies.set('session', addSession(user), {
cookies.set(sessionCookieName, addSession(user), {
path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
maxAge: 60 * 60 * 24 * 90,
httpOnly: true,

4
src/routes/admin/logout/+server.ts
View File

@ -1,5 +1,5 @@
import type { RequestHandler } from '@sveltejs/kit';
import { deleteSession, getSession } from '$lib/server/session';
import { deleteSession, getSession, sessionCookieName } from '$lib/server/session';
export const POST = (async ({ cookies }) => {
if (getSession(cookies) == null) {
@ -9,7 +9,7 @@ export const POST = (async ({ cookies }) => {
}
deleteSession(cookies);
cookies.delete('session');
cookies.delete(sessionCookieName);
return new Response();
}) satisfies RequestHandler;