counterweight/secajs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chekc for auth and set cookie better

Browse source
This commit is contained in:
counterweight 2025-02-13 13:14:42 +01:00
parent 74019e97a6
commit 73a6565326
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
8 changed files with 62 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/middlewares/authMiddleware.js
View file

@ -1,10 +0,0 @@
const sessionService = require('../services/sessionService');
async function rejectIfNotAuthorizedMiddleware(req, res, next) {
if (!await sessionService.isSessionAuthorized(req.cookies.sessionUuid)) {
res.redirect('/');
}
next();
}
module.exports = rejectIfNotAuthorizedMiddleware;

10
src/middlewares/redirectIfNotAuthorizedMiddleware.js Normal file
View file

@ -0,0 +1,10 @@
const sessionService = require('../services/sessionService');
async function redirectIfNotAuthorizedMiddleware(req, res, next) {
if (!(await sessionService.isSessionAuthorized(req.cookies.sessionUuid))) {
res.redirect('/');
}
next();
}
module.exports = redirectIfNotAuthorizedMiddleware;

9
src/middlewares/sessionMiddleware.js
View file

@ -6,7 +6,7 @@ const constants = require('../constants');
async function setAndPersistNewSession(res) { async function setAndPersistNewSession(res) {
const sessionUuid = uuid.v7(); const sessionUuid = uuid.v7();
res.cookie('sessionUuid', sessionUuid, { httpOnly: true, maxAge: constants.DEFAULT_SESSION_DURATION_SECONDS * 1000 }); res.cookie('sessionUuid', sessionUuid, { httpOnly: true, maxAge: constants.DEFAULT_SESSION_DURATION_SECONDS * 1000 });
await sessionService.createSession(sessionUuid); return await sessionService.createSession(sessionUuid);
} }
async function createSessionMiddleware(req, res, next) { async function createSessionMiddleware(req, res, next) {
@ -17,14 +17,17 @@ async function createSessionMiddleware(req, res, next) {
if (!sessionUuid) { if (!sessionUuid) {
console.log("Found no cookie") console.log("Found no cookie")
await setAndPersistNewSession(res); const newSession = await setAndPersistNewSession(res);
req.cookies.sessionUuid = newSession.uuid;
} }
if (sessionUuid) { if (sessionUuid) {
console.log(`Found a cookie ${sessionUuid}`) console.log(`Found a cookie ${sessionUuid}`)
if (!(await sessionService.isSessionValid(sessionUuid))) { if (!(await sessionService.isSessionValid(sessionUuid))) {
console.log("But it's not valid") console.log("But it's not valid")
await setAndPersistNewSession(res); const newSession = await setAndPersistNewSession(res);
req.cookies.sessionUuid = newSession.uuid;
} }
} }

0
src/public/javascript/createProfile.js Normal file
View file

3
src/public/javascript/invite.js
View file

@ -62,5 +62,8 @@ async function acceptInvite() {
if (verifyResponse.ok) { if (verifyResponse.ok) {
document.querySelector('#sign-up-success').style.display = 'block'; document.querySelector('#sign-up-success').style.display = 'block';
setTimeout(() => {
window.location.href = "/createProfile";
}, 1000);
} }
} }

8
src/routes/webRoutes.js
View file

@ -1,7 +1,7 @@
const express = require('express'); const express = require('express');
const router = express.Router(); const router = express.Router();
const authMiddleware = require('../middlewares/authMiddleware'); const redirectIfNotAuthorizedMiddleware = require('../middlewares/redirectIfNotAuthorizedMiddleware');
const invitesService = require('../services/invitesService') const invitesService = require('../services/invitesService')
router.get('/', (req, res) => { router.get('/', (req, res) => {
@ -56,7 +56,11 @@ router.get('/invite/:inviteUuid', async (req, res) => {
return res.render('invite', { invite }); return res.render('invite', { invite });
}); });
router.get('/private', authMiddleware, (req, res) => { router.get('/createProfile', redirectIfNotAuthorizedMiddleware, async (req, res) => {
return res.status(200).render('createProfile');
})
router.get('/private', redirectIfNotAuthorizedMiddleware, (req, res) => {
res.render('private', {}); res.render('private', {});
}); });

21
src/services/sessionService.js
View file

@ -12,7 +12,7 @@ async function createSession(sessionUuid) {
const expiryTimestamp = new Date(currentTimestamp.getTime()); const expiryTimestamp = new Date(currentTimestamp.getTime());
expiryTimestamp.setSeconds(expiryTimestamp.getSeconds() + constants.DEFAULT_SESSION_DURATION_SECONDS); expiryTimestamp.setSeconds(expiryTimestamp.getSeconds() + constants.DEFAULT_SESSION_DURATION_SECONDS);
await SessionCreated.create({ return await SessionCreated.create({
uuid: sessionUuid, uuid: sessionUuid,
created_at: currentTimestamp.toISOString(), created_at: currentTimestamp.toISOString(),
expires_at: expiryTimestamp.toISOString() expires_at: expiryTimestamp.toISOString()
@ -55,8 +55,25 @@ async function relateSessionToPublicKey(sessionUuid, publicKey) {
}); });
} }
async function isSessionAuthorized(sessionUuid) {
const isSessionRelatedToPublicKey = await SessionRelatedToPublickey.findOne(
{
where: {
session_uuid: sessionUuid
}
}
);
if (isSessionRelatedToPublicKey) {
return true;
}
return false;
}
module.exports = { module.exports = {
createSession, createSession,
isSessionValid, isSessionValid,
relateSessionToPublicKey relateSessionToPublicKey,
isSessionAuthorized
} }

18
src/views/createProfile.ejs Normal file
View file

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>Crear perfil</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="/javascript/createProfile.js"></script>
</head>
<body>
<h1>Crea tu perfil</h1>
<p>Tu clave de Nostr ya es parte de la seca.</p>
<p>Añade detalles a tu perfil para poder empezar a comerciar.</p>
</p>
</body>
</html>