Fix bug with invalid access token being assigned

This commit is contained in:
Aelita4 2024-11-04 11:06:21 +01:00
parent 8d34bfe64f
commit 2ad7e77273
Signed by: Aelita4
GPG Key ID: E44490C2025906C1
2 changed files with 24 additions and 26 deletions

View File

@ -60,18 +60,18 @@ export const POST: APIRoute = async({ request }) => {
const tokenString = `A.${timestamp}.${userEncoded}.${random}`;
// const user = locationManager.getUser(userFromDb._id);
// if(!user) return new Response(
// JSON.stringify({
// code: 404,
// message: "Not found",
// error: `User ${data.username} not found`
// }), { status: 404 }
// )
const user = locationManager.getUser(userFromDb._id);
if(!user) return new Response(
JSON.stringify({
code: 404,
message: "Not found",
error: `User ${data.username} not found`
}), { status: 404 }
)
const accessToken: AccessToken = {
type: "A",
user: userFromDb,
user,
entropy: randomHashed.toString(),
createdAt: now,
expiresAt: new Date(now.getTime() + expiresIn),

View File

@ -41,21 +41,6 @@ if(Astro.request.method === "POST") {
const sessionTime = config.SESSION_TIME_MINUTES * 60;
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
method: 'POST',
body: JSON.stringify({
username,
createdFrom: 'loginForm',
duration: sessionTime
}),
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
}
});
const token = (await res.json()).accessToken;
const galaxyIndex = Math.floor(Math.random() * 4);
const sectorIndex = Math.floor(Math.random() * 8);
@ -93,13 +78,26 @@ if(Astro.request.method === "POST") {
secure: true
}
Astro.cookies.set("sessionToken", token, cookieOptions);
Astro.cookies.set("username", username, cookieOptions);
Astro.cookies.set("userid", user._id.toString() as string, cookieOptions);
Astro.cookies.set("currentPlanet", planetData._id.toString(), cookieOptions);
Astro.cookies.set("currentSystem", systemData._id.toString(), cookieOptions);
await locationManager.init();
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
method: 'POST',
body: JSON.stringify({
username,
createdFrom: 'loginForm',
duration: sessionTime
}),
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
}
});
const token = (await res.json()).accessToken;
Astro.cookies.set("sessionToken", token, cookieOptions);
return Astro.redirect("/game");
}