From 57aea151f45fce4bec9e2ee134f08749e2a54093 Mon Sep 17 00:00:00 2001 From: mrfry Date: Sun, 2 Apr 2023 10:30:20 +0200 Subject: [PATCH] cookies and login fix --- src/middlewares/auth.middleware.ts | 13 +++++-------- src/modules/api/api.ts | 11 +++++------ src/modules/api/submodules/userManagement.ts | 4 +--- src/modules/dataEditor/dataEditor.ts | 1 - src/modules/qmining/qmining.ts | 6 +++++- src/server.ts | 2 +- src/sharedViews/login.ejs | 3 ++- 7 files changed, 19 insertions(+), 21 deletions(-) diff --git a/src/middlewares/auth.middleware.ts b/src/middlewares/auth.middleware.ts index 86e4f4e..c7ff824 100644 --- a/src/middlewares/auth.middleware.ts +++ b/src/middlewares/auth.middleware.ts @@ -27,7 +27,6 @@ import dbtools from '../utils/dbtools' interface Options { userDB: Database - jsonResponse: boolean exceptions: Array } @@ -43,9 +42,9 @@ export const testUser: User = { createdBy: 1, } -function renderLogin(_req: Request, res: Response, jsonResponse: boolean) { +function renderLogin(req: Request, res: Response) { res.status(401) // Unauthorized - if (jsonResponse) { + if (req.is('application/json')) { res.json({ result: 'nouser', msg: 'You are not logged in', @@ -60,18 +59,16 @@ function renderLogin(_req: Request, res: Response, jsonResponse: boolean) { export default function (options: Options): RequestHandler { const { userDB, - jsonResponse, exceptions, }: { userDB: Database - jsonResponse: boolean exceptions: string[] } = options return function (req: Request, res: Response, next: NextFunction) { const sessionID = req.cookies.sessionID const isException = exceptions.some((exc) => { - return req.url.split('?')[0] === exc + return req.originalUrl.split('?')[0] === exc }) if (process.env.NS_NOUSER) { @@ -102,7 +99,7 @@ export default function (options: Options): RequestHandler { return } logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1) - renderLogin(req, res, jsonResponse) + renderLogin(req, res) return } @@ -116,7 +113,7 @@ export default function (options: Options): RequestHandler { return } logger.DebugLog(`No user:${req.url}`, 'auth', 1) - renderLogin(req, res, jsonResponse) + renderLogin(req, res) return } diff --git a/src/modules/api/api.ts b/src/modules/api/api.ts index 38d9970..522f2aa 100644 --- a/src/modules/api/api.ts +++ b/src/modules/api/api.ts @@ -83,14 +83,13 @@ function GetApp(): ModuleType { app.use( auth({ userDB: userDB, - jsonResponse: true, exceptions: [ - '/register', '/favicon.ico', - '/login', - '/postfeedback', - '/fosuploader', - '/badtestsender', + '/api/register', + '/api/login', + '/api/postfeedback', + '/api/fosuploader', + '/api/badtestsender', ], }) ) diff --git a/src/modules/api/submodules/userManagement.ts b/src/modules/api/submodules/userManagement.ts index 19f3cc5..f01a2a2 100644 --- a/src/modules/api/submodules/userManagement.ts +++ b/src/modules/api/submodules/userManagement.ts @@ -91,9 +91,7 @@ const validationTokenName = 'qmining' // readValidationTokenName() function setup(data: SubmoduleData): Submodule { const { app, userDB, url /* publicdirs, moduleSpecificData */ } = data - let domain: any = url.split('.') // [ "https://api", "frylabs", "net" ] - domain.shift() // [ "frylabs", "net" ] - domain = domain.join('.') // "frylabs.net" + const domain: any = url logger.DebugLog(`Cookie domain: ${domain}`, 'cookie', 1) const userCount = dbtools diff --git a/src/modules/dataEditor/dataEditor.ts b/src/modules/dataEditor/dataEditor.ts index 1c4b26a..94691b8 100644 --- a/src/modules/dataEditor/dataEditor.ts +++ b/src/modules/dataEditor/dataEditor.ts @@ -52,7 +52,6 @@ function GetApp(): ModuleType { app.use( auth({ userDB: userDB, - jsonResponse: false, exceptions: ['/favicon.ico'], }) ) diff --git a/src/modules/qmining/qmining.ts b/src/modules/qmining/qmining.ts index d4e54eb..02ef56f 100644 --- a/src/modules/qmining/qmining.ts +++ b/src/modules/qmining/qmining.ts @@ -53,10 +53,14 @@ function GetApp(): ModuleType { app.use( auth({ userDB: userDB, - jsonResponse: false, exceptions: [ '/favicon.ico', '/img/frylabs-logo_large_transparent.png', + '/api/register', + '/api/login', + '/api/postfeedback', + '/api/fosuploader', + '/api/badtestsender', ], }) ) diff --git a/src/server.ts b/src/server.ts index 483e206..2505566 100755 --- a/src/server.ts +++ b/src/server.ts @@ -226,7 +226,7 @@ app.use( }) ) -const domain = utils.ReadFile(paths.domainFile) +const domain = utils.ReadFile(paths.domainFile).trim() Object.keys(modules).forEach(function (key) { const module = modules[key] diff --git a/src/sharedViews/login.ejs b/src/sharedViews/login.ejs index 093646d..f15576c 100644 --- a/src/sharedViews/login.ejs +++ b/src/sharedViews/login.ejs @@ -122,7 +122,8 @@ button.innerText = '...' button.classList.add('disabledButton') button.disabled = true - const rawResponse = await fetch('<%= devel ? 'http' : 'https' %>://frylabs.net/api/login', { + // TODO: get url from controller + const rawResponse = await fetch('<%= devel ? 'http://localhost:8080/api/login' : 'https://frylabs.net/api/login' %>', { method: 'POST', credentials: 'include', headers: {