Fix for logging in on site and with script

2025-04-01 20:24:18 +02:00 · 2020-04-09 12:33:29 +02:00 · 2020-04-09 12:33:29 +02:00 · fa4b29efe6
commit fa4b29efe6
parent a6d260f6af
6 changed files with 26 additions and 9 deletions
--- a/modules/api/api.js
+++ b/modules/api/api.js
@ -228,7 +228,8 @@ function GetApp () {

  app.post('/login', (req, res) => {
    logger.LogReq(req)
-    const pw = req.body.pw
+    const pw = req.body.pw || false
+    const isScript = req.body.script
    const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
    const user = dbtools.Select(userDB, 'users', {
      pw: pw
@ -239,14 +240,16 @@ function GetApp () {

      // FIXME: Users now can only log in in one session, this might be too strict.
      const existingSessions = dbtools.Select(userDB, 'sessions', {
-        userID: user.id
+        userID: user.id,
+        isScript: isScript ? 1 : 0
      })

      if (existingSessions.length > 0) {
        logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
        existingSessions.forEach((sess) => {
          dbtools.Delete(userDB, 'sessions', {
-            id: sess.id
+            id: sess.id,
+            isScript: isScript ? 1 : 0
          })
        })
      }
@ -263,14 +266,19 @@ function GetApp () {
        id: sessionID,
        ip: ip,
        userID: user.id,
+        isScript: isScript ? 1 : 0,
        createDate: utils.GetDateString()
      })

+      // https://www.npmjs.com/package/cookie
      // TODO: cookie age
      res.cookie('sessionID', sessionID, {
        domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net"
        sameSite: 'none'
      })
+      res.cookie('sessionID', sessionID, {
+        sameSite: 'none'
+      })

      res.json({
        result: 'success',