From c962f67b9817325e5e0659c79a2bdb6dbef15833 Mon Sep 17 00:00:00 2001 From: Bernd Storath <999999bst@gmail.com> Date: Wed, 7 Aug 2024 09:47:41 +0200 Subject: [PATCH] correct session middleware, type safe session --- src/server/api/session.delete.ts | 9 ++++++++- src/server/api/session.get.ts | 4 ++-- src/server/api/session.post.ts | 2 +- src/server/middleware/session.ts | 6 +++++- src/server/utils/config.ts | 1 + src/server/utils/session.ts | 9 +++++++++ 6 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 src/server/utils/session.ts diff --git a/src/server/api/session.delete.ts b/src/server/api/session.delete.ts index 82f9864a..9cac95e5 100644 --- a/src/server/api/session.delete.ts +++ b/src/server/api/session.delete.ts @@ -1,7 +1,14 @@ export default defineEventHandler(async (event) => { - const session = await useSession(event, SESSION_CONFIG); + const session = await useWGSession(event); const sessionId = session.id; + if (sessionId === undefined) { + return createError({ + status: 401, + message: 'Not logged in' + }) + } + await session.clear(); SERVER_DEBUG(`Deleted Session: ${sessionId}`); diff --git a/src/server/api/session.get.ts b/src/server/api/session.get.ts index 56a95152..7a2ed29b 100644 --- a/src/server/api/session.get.ts +++ b/src/server/api/session.get.ts @@ -1,7 +1,7 @@ export default defineEventHandler(async (event) => { - const session = await useSession(event, SESSION_CONFIG); + const session = await useWGSession(event); const authenticated = REQUIRES_PASSWORD - ? !!(session.data && session.data.authenticated) + ? session.data.authenticated : true; return { diff --git a/src/server/api/session.post.ts b/src/server/api/session.post.ts index 09886294..6835b473 100644 --- a/src/server/api/session.post.ts +++ b/src/server/api/session.post.ts @@ -1,5 +1,5 @@ export default defineEventHandler(async (event) => { - const session = await useSession(event, SESSION_CONFIG); + const session = await useWGSession(event); const { password } = await readBody(event); if (!REQUIRES_PASSWORD) { diff --git a/src/server/middleware/session.ts b/src/server/middleware/session.ts index 2b592a25..67728fce 100644 --- a/src/server/middleware/session.ts +++ b/src/server/middleware/session.ts @@ -8,7 +8,11 @@ export default defineEventHandler(async (event) => { if ( !REQUIRES_PASSWORD || !event.node.req.url.startsWith('/api/') || - event.node.req.url === '/api/session' + event.node.req.url === '/api/session' || + event.node.req.url === '/api/lang' || + event.node.req.url === '/api/release' || + event.node.req.url === '/api/ui-chart-type' || + event.node.req.url === '/api/ui-traffic-stats' ) { return; } diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts index dccbec98..104365c1 100644 --- a/src/server/utils/config.ts +++ b/src/server/utils/config.ts @@ -55,6 +55,7 @@ export const REQUIRES_PASSWORD = !!PASSWORD_HASH; export const SESSION_CONFIG = { password: getRandomHex(256), + name: 'wg-easy' } satisfies SessionConfig; export const SERVER_DEBUG = debug('Server'); diff --git a/src/server/utils/session.ts b/src/server/utils/session.ts new file mode 100644 index 00000000..7a293bc7 --- /dev/null +++ b/src/server/utils/session.ts @@ -0,0 +1,9 @@ +import type { H3Event } from 'h3'; + +export type WGSession = { + authenticated: boolean +} + +export function useWGSession(event: H3Event) { + return useSession>(event, SESSION_CONFIG); +} \ No newline at end of file