Auth middleware polish

2025-04-01 20:24:18 +02:00 · 2020-04-06 22:28:14 +02:00 · 2020-04-06 22:28:14 +02:00 · 5f0b17a0db
commit 5f0b17a0db
parent 81db237b48
5 changed files with 68 additions and 29 deletions
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@ -7,9 +7,21 @@ const exceptions = [
 ]

 module.exports = function (options) {
-  const { authDB } = options
+  const { authDB, jsonResponse } = options
+
+  const renderLogin = (res) => {
+    if (jsonResponse) {
+      res.json({
+        result: 'nouser',
+        msg: 'You are not logged in'
+      })
+    } else {
+      res.render('login')
+    }
+  }

  return function (req, res, next) {
+    const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
    const sessionID = req.cookies.sessionID
    const isException = exceptions.some((exc) => {
      return req.url === exc
@ -21,40 +33,41 @@ module.exports = function (options) {
      return
    }

+    if (!sessionID) {
+      logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
+      renderLogin(res)
+      return
+    }
+
    const user = GetUserBySessionID(authDB, sessionID, req)

-    // update 'sessiosn' table 'lastAccess' stuff
-    if (sessionID) {
-      dbtools.Update(authDB, 'sessions', {
-        lastAccess: new Date().toString()
-      }, {
-        id: sessionID
-      })
-    }
-
-    console.log(dbtools.SelectAll(authDB, 'sessions'))
-
-    // FIXME: invalidate when new ip or something
-
-    if (user) {
-      logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
-      next()
-    } else {
+    if (!user) {
      logger.DebugLog(`No user:${req.url}`, 'auth', 1)
-      // res.render('login')
-      res.json({
-        result: 'nouser',
-        msg: 'You are not logged in'
-      })
+      renderLogin(res)
+      return
    }
+
+    logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
+
+    dbtools.Update(authDB, 'sessions', {
+      lastAccess: new Date().toString()
+    }, {
+      id: sessionID
+    })
+
+    dbtools.Update(authDB, 'users', {
+      lastIP: ip,
+      lastAccess: new Date().toString()
+    }, {
+      id: user.id
+    })
+
+    next()
  }
 }

 function GetUserBySessionID (db, sessionID, req) {
  logger.DebugLog(`Getting user from db`, 'auth', 2)
-  if (sessionID === undefined) {
-    return
-  }

  const session = dbtools.Select(db, 'sessions', {
    id: sessionID