counterweight/secajs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chekc for auth and set cookie better

Browse source
This commit is contained in:
counterweight 2025-02-13 13:14:42 +01:00
parent 74019e97a6
commit 73a6565326
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
8 changed files with 62 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/middlewares/authMiddleware.js
View file

@ -1,10 +0,0 @@
const sessionService = require('../services/sessionService');
async function rejectIfNotAuthorizedMiddleware(req, res, next) {
if (!await sessionService.isSessionAuthorized(req.cookies.sessionUuid)) {
res.redirect('/');
}
next();
}
module.exports = rejectIfNotAuthorizedMiddleware;

10
src/middlewares/redirectIfNotAuthorizedMiddleware.js Normal file
View file

@ -0,0 +1,10 @@
const sessionService = require('../services/sessionService');
async function redirectIfNotAuthorizedMiddleware(req, res, next) {
if (!(await sessionService.isSessionAuthorized(req.cookies.sessionUuid))) {
res.redirect('/');
}
next();
}
module.exports = redirectIfNotAuthorizedMiddleware;

9
src/middlewares/sessionMiddleware.js
View file

@ -6,7 +6,7 @@ const constants = require('../constants');
async function setAndPersistNewSession(res) {
const sessionUuid = uuid.v7();
res.cookie('sessionUuid', sessionUuid, { httpOnly: true, maxAge: constants.DEFAULT_SESSION_DURATION_SECONDS * 1000 });
await sessionService.createSession(sessionUuid);
return await sessionService.createSession(sessionUuid);
}
async function createSessionMiddleware(req, res, next) {
@ -17,14 +17,17 @@ async function createSessionMiddleware(req, res, next) {
if (!sessionUuid) {
console.log("Found no cookie")
await setAndPersistNewSession(res);
const newSession = await setAndPersistNewSession(res);
req.cookies.sessionUuid = newSession.uuid;
}
if (sessionUuid) {
console.log(`Found a cookie ${sessionUuid}`)
if (!(await sessionService.isSessionValid(sessionUuid))) {
console.log("But it's not valid")
await setAndPersistNewSession(res);
const newSession = await setAndPersistNewSession(res);
req.cookies.sessionUuid = newSession.uuid;
}
}