From 2ad7e772731a402d6f2a33ed9c30f0eda3f8338d Mon Sep 17 00:00:00 2001
From: Aelita4 <kontakt@mikorosa.pl>
Date: Mon, 4 Nov 2024 11:06:21 +0100
Subject: [PATCH] Fix bug with invalid access token being assigned

---
 src/pages/api/auth/generateAccessToken.ts | 18 ++++++-------
 src/pages/register.astro                  | 32 +++++++++++------------
 2 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/src/pages/api/auth/generateAccessToken.ts b/src/pages/api/auth/generateAccessToken.ts
index 9dc30d8..123fb2e 100644
--- a/src/pages/api/auth/generateAccessToken.ts
+++ b/src/pages/api/auth/generateAccessToken.ts
@@ -60,18 +60,18 @@ export const POST: APIRoute = async({ request }) => {
 
         const tokenString = `A.${timestamp}.${userEncoded}.${random}`;
 
-        // const user = locationManager.getUser(userFromDb._id);
-        // if(!user) return new Response(
-        //     JSON.stringify({
-        //         code: 404,
-        //         message: "Not found",
-        //         error: `User ${data.username} not found`
-        //     }), { status: 404 }
-        // )
+        const user = locationManager.getUser(userFromDb._id);
+        if(!user) return new Response(
+            JSON.stringify({
+                code: 404,
+                message: "Not found",
+                error: `User ${data.username} not found`
+            }), { status: 404 }
+        )
 
         const accessToken: AccessToken = {
             type: "A",
-            user: userFromDb,
+            user,
             entropy: randomHashed.toString(),
             createdAt: now,
             expiresAt: new Date(now.getTime() + expiresIn),
diff --git a/src/pages/register.astro b/src/pages/register.astro
index 93802ba..891aad6 100644
--- a/src/pages/register.astro
+++ b/src/pages/register.astro
@@ -41,21 +41,6 @@ if(Astro.request.method === "POST") {
 
         const sessionTime = config.SESSION_TIME_MINUTES * 60;
 
-        const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
-            method: 'POST',
-            body: JSON.stringify({
-                username,
-                createdFrom: 'loginForm',
-                duration: sessionTime
-            }),
-            headers: {
-                'Content-Type': 'application/json',
-                'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
-            }
-        });
-        
-        const token = (await res.json()).accessToken;
-
         const galaxyIndex = Math.floor(Math.random() * 4);
         const sectorIndex = Math.floor(Math.random() * 8);
 
@@ -93,13 +78,26 @@ if(Astro.request.method === "POST") {
             secure: true
         }
 
-        Astro.cookies.set("sessionToken", token, cookieOptions);
         Astro.cookies.set("username", username, cookieOptions);
         Astro.cookies.set("userid", user._id.toString() as string, cookieOptions);
         Astro.cookies.set("currentPlanet", planetData._id.toString(), cookieOptions);
         Astro.cookies.set("currentSystem", systemData._id.toString(), cookieOptions);
-
+        
         await locationManager.init();
+        const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
+            method: 'POST',
+            body: JSON.stringify({
+                username,
+                createdFrom: 'loginForm',
+                duration: sessionTime
+            }),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
+            }
+        });
+        const token = (await res.json()).accessToken;
+        Astro.cookies.set("sessionToken", token, cookieOptions);
 
         return Astro.redirect("/game");
     }