diff --git a/modules/api/api.js b/modules/api/api.js index 3d80e7f..5339925 100644 --- a/modules/api/api.js +++ b/modules/api/api.js @@ -228,7 +228,8 @@ function GetApp () { app.post('/login', (req, res) => { logger.LogReq(req) - const pw = req.body.pw + const pw = req.body.pw || false + const isScript = req.body.script const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress const user = dbtools.Select(userDB, 'users', { pw: pw @@ -239,14 +240,16 @@ function GetApp () { // FIXME: Users now can only log in in one session, this might be too strict. const existingSessions = dbtools.Select(userDB, 'sessions', { - userID: user.id + userID: user.id, + isScript: isScript ? 1 : 0 }) if (existingSessions.length > 0) { logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan')) existingSessions.forEach((sess) => { dbtools.Delete(userDB, 'sessions', { - id: sess.id + id: sess.id, + isScript: isScript ? 1 : 0 }) }) } @@ -263,14 +266,19 @@ function GetApp () { id: sessionID, ip: ip, userID: user.id, + isScript: isScript ? 1 : 0, createDate: utils.GetDateString() }) + // https://www.npmjs.com/package/cookie // TODO: cookie age res.cookie('sessionID', sessionID, { domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net" sameSite: 'none' }) + res.cookie('sessionID', sessionID, { + sameSite: 'none' + }) res.json({ result: 'success', diff --git a/modules/api/apiDBStruct.json b/modules/api/apiDBStruct.json index 1a10e8a..381dfd7 100644 --- a/modules/api/apiDBStruct.json +++ b/modules/api/apiDBStruct.json @@ -81,6 +81,10 @@ }, "lastAccess": { "type": "text" + }, + "isScript": { + "type": "number", + "notNull": true } } }, diff --git a/modules/qmining/qmining.js b/modules/qmining/qmining.js index 3cd8de1..db5f638 100644 --- a/modules/qmining/qmining.js +++ b/modules/qmining/qmining.js @@ -178,7 +178,7 @@ function GetApp () { app.get('/getVeteranPw', function (req, res) { res.render('veteranPw', { - cid: req.query.cid + cid: req.query.cid || '' }) logger.LogReq(req) }) diff --git a/modules/qmining/views/veteranPw.ejs b/modules/qmining/views/veteranPw.ejs index eabb2cd..ee9c3c8 100644 --- a/modules/qmining/views/veteranPw.ejs +++ b/modules/qmining/views/veteranPw.ejs @@ -70,12 +70,12 @@ Frylabs
- Másold be ide régi kliens ID-d, és az alapján jelszót ad. Ezt csak egyszer teheted meg, a + Másold be ide régi kliens ID-d, és az alapján jelszót kapsz. Ezt csak egyszer teheted meg, a kapott jelszót tuti helyre írd le!
- + autocomplete="off"/>
diff --git a/server.js b/server.js index a991ae1..ee62646 100755 --- a/server.js +++ b/server.js @@ -20,7 +20,8 @@ console.clear() const startHTTPS = true -const port = 80 +const isRoot = process.getuid && process.getuid() === 0 +const port = isRoot ? 80 : 8080 const httpsport = 5001 const express = require('express') @@ -91,6 +92,7 @@ function exit (reason) { } const app = express() +// https://github.com/expressjs/cors#configuration-options app.use(cors({ credentials: true, origin: true @@ -198,6 +200,9 @@ function LogTimerAction () { logger.Log('Node version: ' + process.version) logger.Log('Current working directory: ' + process.cwd()) logger.Log('Listening on port: ' + port) +if (isRoot) { + logger.Log('Running as root', logger.GetColor('red')) +} const httpServer = http.createServer(app) httpServer.listen(port) diff --git a/utils/dbSetup.js b/utils/dbSetup.js index c229118..a00b4c7 100644 --- a/utils/dbSetup.js +++ b/utils/dbSetup.js @@ -24,8 +24,8 @@ function CreateDB () { }) try { - if (utils.FileExists('../dbUsers/keys')) { - const uids = utils.ReadFile('../dbUsers/keys').split('\n') + if (utils.FileExists('./ids')) { + const uids = utils.ReadFile('./ids').split('\n') uids.forEach((cid, i) => { if (!cid) { return }