From 4aa2da522fe7d087f972e4e45c0c7a3ca18a9d2f Mon Sep 17 00:00:00 2001 From: MrFry Date: Sun, 10 May 2020 21:28:10 +0200 Subject: [PATCH 1/4] Added "test" user checking, unathorized http return code --- modules.json | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/modules.json b/modules.json index b268626..c866152 100644 --- a/modules.json +++ b/modules.json @@ -30,8 +30,7 @@ ], "name": "api", "urls": [ - "api.frylabs.net", - "localhost" + "api.frylabs.net" ] }, "main": { @@ -64,5 +63,28 @@ "urls": [ "stuff.frylabs.net" ] + }, + "timetable": { + "path": "./modules/gaming-timetable/timetable.js", + "publicdirs": [ + "timetablePublic/" + ], + "nextdir": "modules/gaming-timetable/public/", + "name": "timetable", + "urls": [ + "timetable.frylabs.net", + "localhost" + ], + "isNextJs": true + }, + "timetableapi": { + "path": "./modules/timetableapi/timetableapi.js", + "publicdirs": [ + "timetablePublic/" + ], + "name": "timetableapi", + "urls": [ + "timetableapi.frylabs.net" + ] } } From d060c8fa1205d1b384f619c9e0a9d33b510155ac Mon Sep 17 00:00:00 2001 From: mrfry Date: Mon, 24 Aug 2020 07:57:26 +0200 Subject: [PATCH 2/4] Added expire to cookie --- modules/api/api.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/api/api.js b/modules/api/api.js index 7381bce..5c9d42b 100644 --- a/modules/api/api.js +++ b/modules/api/api.js @@ -391,9 +391,11 @@ function GetApp () { // TODO: cookie age res.cookie('sessionID', sessionID, { domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net" + expires: new Date(new Date().getTime() + (10 * 365 * 24 * 60 * 60 * 1000)), sameSite: 'none' }) res.cookie('sessionID', sessionID, { + expires: new Date(new Date().getTime() + (10 * 365 * 24 * 60 * 60 * 1000)), sameSite: 'none' }) @@ -586,16 +588,16 @@ function GetApp () { // automatically saves to dataFile every n write // FIXME: req.body.datatoadd is for backwards compatibility, remove this sometime in the future - let result = actions.ProcessIncomingRequest( + actions.ProcessIncomingRequest( req.body.datatoadd || req.body, data, { motd, version }, dryRun - ) - - res.json({ - success: result !== -1, - newQuestions: result + ).then((res) => { + res.json({ + success: res !== -1, + newQuestions: res + }) }) }) From 765ca2556e7b70921442d8afc51f2e8f307f7190 Mon Sep 17 00:00:00 2001 From: mrfry Date: Sun, 30 Aug 2020 09:53:26 +0200 Subject: [PATCH 3/4] Removed timetable module --- modules.json | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/modules.json b/modules.json index c866152..f376873 100644 --- a/modules.json +++ b/modules.json @@ -63,28 +63,5 @@ "urls": [ "stuff.frylabs.net" ] - }, - "timetable": { - "path": "./modules/gaming-timetable/timetable.js", - "publicdirs": [ - "timetablePublic/" - ], - "nextdir": "modules/gaming-timetable/public/", - "name": "timetable", - "urls": [ - "timetable.frylabs.net", - "localhost" - ], - "isNextJs": true - }, - "timetableapi": { - "path": "./modules/timetableapi/timetableapi.js", - "publicdirs": [ - "timetablePublic/" - ], - "name": "timetableapi", - "urls": [ - "timetableapi.frylabs.net" - ] } } From 9ff253bb1a8bad7d8fa8419b107c696b888e394c Mon Sep 17 00:00:00 2001 From: mrfry Date: Sun, 30 Aug 2020 09:54:00 +0200 Subject: [PATCH 4/4] Added exemple debug user on NS_NOUSER env variable --- middlewares/auth.middleware.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/middlewares/auth.middleware.js b/middlewares/auth.middleware.js index bcb7a23..b67992c 100644 --- a/middlewares/auth.middleware.js +++ b/middlewares/auth.middleware.js @@ -26,6 +26,18 @@ module.exports = function (options) { return req.url.split('?')[0] === exc }) + if (process.env.NS_NOUSER) { + req.session = { + user: { + id: 21323 + }, + sessionID: sessionID || 111111111111111111, + isException: false + } + next() + return + } + // FIXME Allowing all urls with _next in it, but not in params if (req.url.split('?')[0].includes('_next')) { req.session = { isException: true }