Fix bug with invalid access token being assigned

2024-11-04 11:06:21 +01:00 · 2024-11-04 11:06:21 +01:00 · 2ad7e77273
parent 8d34bfe64f
commit 2ad7e77273
2 changed files with 24 additions and 26 deletions
--- a/src/pages/api/auth/generateAccessToken.ts
+++ b/src/pages/api/auth/generateAccessToken.ts
@ -60,18 +60,18 @@ export const POST: APIRoute = async({ request }) => {

        const tokenString = `A.${timestamp}.${userEncoded}.${random}`;

-        // const user = locationManager.getUser(userFromDb._id);
-        // if(!user) return new Response(
-        //     JSON.stringify({
-        //         code: 404,
-        //         message: "Not found",
-        //         error: `User ${data.username} not found`
-        //     }), { status: 404 }
-        // )
+        const user = locationManager.getUser(userFromDb._id);
+        if(!user) return new Response(
+            JSON.stringify({
+                code: 404,
+                message: "Not found",
+                error: `User ${data.username} not found`
+            }), { status: 404 }
+        )

        const accessToken: AccessToken = {
            type: "A",
-            user: userFromDb,
+            user,
            entropy: randomHashed.toString(),
            createdAt: now,
            expiresAt: new Date(now.getTime() + expiresIn),
--- a/src/pages/register.astro
+++ b/src/pages/register.astro
@ -41,21 +41,6 @@ if(Astro.request.method === "POST") {

        const sessionTime = config.SESSION_TIME_MINUTES * 60;

-        const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
-            method: 'POST',
-            body: JSON.stringify({
-                username,
-                createdFrom: 'loginForm',
-                duration: sessionTime
-            }),
-            headers: {
-                'Content-Type': 'application/json',
-                'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
-            }
-        });
-        
-        const token = (await res.json()).accessToken;
-
        const galaxyIndex = Math.floor(Math.random() * 4);
        const sectorIndex = Math.floor(Math.random() * 8);

@ -93,13 +78,26 @@ if(Astro.request.method === "POST") {
            secure: true
        }

-        Astro.cookies.set("sessionToken", token, cookieOptions);
        Astro.cookies.set("username", username, cookieOptions);
        Astro.cookies.set("userid", user._id.toString() as string, cookieOptions);
        Astro.cookies.set("currentPlanet", planetData._id.toString(), cookieOptions);
        Astro.cookies.set("currentSystem", systemData._id.toString(), cookieOptions);
-
+        
        await locationManager.init();
+        const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
+            method: 'POST',
+            body: JSON.stringify({
+                username,
+                createdFrom: 'loginForm',
+                duration: sessionTime
+            }),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
+            }
+        });
+        const token = (await res.json()).accessToken;
+        Astro.cookies.set("sessionToken", token, cookieOptions);

        return Astro.redirect("/game");
    }