Fix for logging in on site and with script

2025-04-01 20:24:18 +02:00 · 2020-04-09 12:33:29 +02:00 · 2020-04-09 12:33:29 +02:00 · fa4b29efe6
commit fa4b29efe6
parent a6d260f6af
6 changed files with 26 additions and 9 deletions
--- a/modules/api/api.js
+++ b/modules/api/api.js
@ -228,7 +228,8 @@ function GetApp () {

  app.post('/login', (req, res) => {
    logger.LogReq(req)
-    const pw = req.body.pw
+    const pw = req.body.pw || false
+    const isScript = req.body.script
    const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
    const user = dbtools.Select(userDB, 'users', {
      pw: pw
@ -239,14 +240,16 @@ function GetApp () {

      // FIXME: Users now can only log in in one session, this might be too strict.
      const existingSessions = dbtools.Select(userDB, 'sessions', {
-        userID: user.id
+        userID: user.id,
+        isScript: isScript ? 1 : 0
      })

      if (existingSessions.length > 0) {
        logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
        existingSessions.forEach((sess) => {
          dbtools.Delete(userDB, 'sessions', {
-            id: sess.id
+            id: sess.id,
+            isScript: isScript ? 1 : 0
          })
        })
      }
@ -263,14 +266,19 @@ function GetApp () {
        id: sessionID,
        ip: ip,
        userID: user.id,
+        isScript: isScript ? 1 : 0,
        createDate: utils.GetDateString()
      })

+      // https://www.npmjs.com/package/cookie
      // TODO: cookie age
      res.cookie('sessionID', sessionID, {
        domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net"
        sameSite: 'none'
      })
+      res.cookie('sessionID', sessionID, {
+        sameSite: 'none'
+      })

      res.json({
        result: 'success',
--- a/modules/api/apiDBStruct.json
+++ b/modules/api/apiDBStruct.json
@ -81,6 +81,10 @@
      },
      "lastAccess": {
        "type": "text"
+      },
+      "isScript": {
+        "type": "number",
+        "notNull": true
      }
    }
  },
--- a/modules/qmining/qmining.js
+++ b/modules/qmining/qmining.js
@ -178,7 +178,7 @@ function GetApp () {

  app.get('/getVeteranPw', function (req, res) {
    res.render('veteranPw', {
-      cid: req.query.cid
+      cid: req.query.cid || ''
    })
    logger.LogReq(req)
  })
--- a/modules/qmining/views/veteranPw.ejs
+++ b/modules/qmining/views/veteranPw.ejs
@ -70,12 +70,12 @@
        Frylabs
      </div>
      <div id='text' class='text'>
-        Másold be ide régi kliens ID-d, és az alapján jelszót ad. Ezt csak egyszer teheted meg, a
+        Másold be ide régi kliens ID-d, és az alapján jelszót kapsz. Ezt csak egyszer teheted meg, a
        kapott jelszót tuti helyre írd le!
      </div>
      <div id='form'>
        <div class='inputContainer'>
-          <input type='text' id='cid' name='pw' autocomplete="off"/>
+          <input type='text' id='cid' name='pw' value=<%= cid %> autocomplete="off"/>
        </div>
        <input type='hidden' name='redirect' value='asd' autocomplete="off"/>
        <button id='sendButton' onclick="GetVeteranPW(this)">Submit</button>