mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

correct session middleware, type safe session

pull/1250/head
Bernd Storath 9 months ago
parent
3040bd4c9b
commit
c962f67b98
6 changed files with 26 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      src/server/api/session.delete.ts
  2. 4
      src/server/api/session.get.ts
  3. 2
      src/server/api/session.post.ts
  4. 6
      src/server/middleware/session.ts
  5. 1
      src/server/utils/config.ts
  6. 9
      src/server/utils/session.ts

9
src/server/api/session.delete.ts
View File

@ -1,7 +1,14 @@
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
const session = await useSession(event, SESSION_CONFIG); const session = await useWGSession(event);
const sessionId = session.id; const sessionId = session.id;
if (sessionId === undefined) {
return createError({
status: 401,
message: 'Not logged in'
})
}
await session.clear(); await session.clear();
SERVER_DEBUG(`Deleted Session: ${sessionId}`); SERVER_DEBUG(`Deleted Session: ${sessionId}`);

4
src/server/api/session.get.ts
View File

@ -1,7 +1,7 @@
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
const session = await useSession(event, SESSION_CONFIG); const session = await useWGSession(event);
const authenticated = REQUIRES_PASSWORD const authenticated = REQUIRES_PASSWORD
? !!(session.data && session.data.authenticated) ? session.data.authenticated
: true; : true;
return { return {

2
src/server/api/session.post.ts
View File

@ -1,5 +1,5 @@
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
const session = await useSession(event, SESSION_CONFIG); const session = await useWGSession(event);
const { password } = await readBody(event); const { password } = await readBody(event);
if (!REQUIRES_PASSWORD) { if (!REQUIRES_PASSWORD) {

6
src/server/middleware/session.ts
View File

@ -8,7 +8,11 @@ export default defineEventHandler(async (event) => {
if ( if (
!REQUIRES_PASSWORD || !REQUIRES_PASSWORD ||
!event.node.req.url.startsWith('/api/') || !event.node.req.url.startsWith('/api/') ||
event.node.req.url === '/api/session' event.node.req.url === '/api/session' ||
event.node.req.url === '/api/lang' ||
event.node.req.url === '/api/release' ||
event.node.req.url === '/api/ui-chart-type' ||
event.node.req.url === '/api/ui-traffic-stats'
) { ) {
return; return;
} }

1
src/server/utils/config.ts
View File

@ -55,6 +55,7 @@ export const REQUIRES_PASSWORD = !!PASSWORD_HASH;
export const SESSION_CONFIG = { export const SESSION_CONFIG = {
password: getRandomHex(256), password: getRandomHex(256),
name: 'wg-easy'
} satisfies SessionConfig; } satisfies SessionConfig;
export const SERVER_DEBUG = debug('Server'); export const SERVER_DEBUG = debug('Server');

9
src/server/utils/session.ts
View File

@ -0,0 +1,9 @@
import type { H3Event } from 'h3';
export type WGSession = {
authenticated: boolean
}
export function useWGSession(event: H3Event) {
return useSession<Partial<WGSession>>(event, SESSION_CONFIG);
}
Write Preview
Loading…
Cancel
Save