diff --git a/src/server/api/session.delete.ts b/src/server/api/session.delete.ts index 82f9864a..9cac95e5 100644 --- a/src/server/api/session.delete.ts +++ b/src/server/api/session.delete.ts @@ -1,7 +1,14 @@ export default defineEventHandler(async (event) => { - const session = await useSession(event, SESSION_CONFIG); + const session = await useWGSession(event); const sessionId = session.id; + if (sessionId === undefined) { + return createError({ + status: 401, + message: 'Not logged in' + }) + } + await session.clear(); SERVER_DEBUG(`Deleted Session: ${sessionId}`); diff --git a/src/server/api/session.get.ts b/src/server/api/session.get.ts index 56a95152..7a2ed29b 100644 --- a/src/server/api/session.get.ts +++ b/src/server/api/session.get.ts @@ -1,7 +1,7 @@ export default defineEventHandler(async (event) => { - const session = await useSession(event, SESSION_CONFIG); + const session = await useWGSession(event); const authenticated = REQUIRES_PASSWORD - ? !!(session.data && session.data.authenticated) + ? session.data.authenticated : true; return { diff --git a/src/server/api/session.post.ts b/src/server/api/session.post.ts index 09886294..6835b473 100644 --- a/src/server/api/session.post.ts +++ b/src/server/api/session.post.ts @@ -1,5 +1,5 @@ export default defineEventHandler(async (event) => { - const session = await useSession(event, SESSION_CONFIG); + const session = await useWGSession(event); const { password } = await readBody(event); if (!REQUIRES_PASSWORD) { diff --git a/src/server/middleware/session.ts b/src/server/middleware/session.ts index 2b592a25..67728fce 100644 --- a/src/server/middleware/session.ts +++ b/src/server/middleware/session.ts @@ -8,7 +8,11 @@ export default defineEventHandler(async (event) => { if ( !REQUIRES_PASSWORD || !event.node.req.url.startsWith('/api/') || - event.node.req.url === '/api/session' + event.node.req.url === '/api/session' || + event.node.req.url === '/api/lang' || + event.node.req.url === '/api/release' || + event.node.req.url === '/api/ui-chart-type' || + event.node.req.url === '/api/ui-traffic-stats' ) { return; } diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts index dccbec98..104365c1 100644 --- a/src/server/utils/config.ts +++ b/src/server/utils/config.ts @@ -55,6 +55,7 @@ export const REQUIRES_PASSWORD = !!PASSWORD_HASH; export const SESSION_CONFIG = { password: getRandomHex(256), + name: 'wg-easy' } satisfies SessionConfig; export const SERVER_DEBUG = debug('Server'); diff --git a/src/server/utils/session.ts b/src/server/utils/session.ts new file mode 100644 index 00000000..7a293bc7 --- /dev/null +++ b/src/server/utils/session.ts @@ -0,0 +1,9 @@ +import type { H3Event } from 'h3'; + +export type WGSession = { + authenticated: boolean +} + +export function useWGSession(event: H3Event) { + return useSession>(event, SESSION_CONFIG); +} \ No newline at end of file