Fix bug with invalid access token being assigned

This commit is contained in:
Aelita4 2024-11-04 11:06:21 +01:00
parent 8d34bfe64f
commit 2ad7e77273
Signed by: Aelita4
GPG Key ID: E44490C2025906C1
2 changed files with 24 additions and 26 deletions

View File

@ -60,18 +60,18 @@ export const POST: APIRoute = async({ request }) => {
const tokenString = `A.${timestamp}.${userEncoded}.${random}`; const tokenString = `A.${timestamp}.${userEncoded}.${random}`;
// const user = locationManager.getUser(userFromDb._id); const user = locationManager.getUser(userFromDb._id);
// if(!user) return new Response( if(!user) return new Response(
// JSON.stringify({ JSON.stringify({
// code: 404, code: 404,
// message: "Not found", message: "Not found",
// error: `User ${data.username} not found` error: `User ${data.username} not found`
// }), { status: 404 } }), { status: 404 }
// ) )
const accessToken: AccessToken = { const accessToken: AccessToken = {
type: "A", type: "A",
user: userFromDb, user,
entropy: randomHashed.toString(), entropy: randomHashed.toString(),
createdAt: now, createdAt: now,
expiresAt: new Date(now.getTime() + expiresIn), expiresAt: new Date(now.getTime() + expiresIn),

View File

@ -41,21 +41,6 @@ if(Astro.request.method === "POST") {
const sessionTime = config.SESSION_TIME_MINUTES * 60; const sessionTime = config.SESSION_TIME_MINUTES * 60;
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
method: 'POST',
body: JSON.stringify({
username,
createdFrom: 'loginForm',
duration: sessionTime
}),
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
}
});
const token = (await res.json()).accessToken;
const galaxyIndex = Math.floor(Math.random() * 4); const galaxyIndex = Math.floor(Math.random() * 4);
const sectorIndex = Math.floor(Math.random() * 8); const sectorIndex = Math.floor(Math.random() * 8);
@ -93,13 +78,26 @@ if(Astro.request.method === "POST") {
secure: true secure: true
} }
Astro.cookies.set("sessionToken", token, cookieOptions);
Astro.cookies.set("username", username, cookieOptions); Astro.cookies.set("username", username, cookieOptions);
Astro.cookies.set("userid", user._id.toString() as string, cookieOptions); Astro.cookies.set("userid", user._id.toString() as string, cookieOptions);
Astro.cookies.set("currentPlanet", planetData._id.toString(), cookieOptions); Astro.cookies.set("currentPlanet", planetData._id.toString(), cookieOptions);
Astro.cookies.set("currentSystem", systemData._id.toString(), cookieOptions); Astro.cookies.set("currentSystem", systemData._id.toString(), cookieOptions);
await locationManager.init(); await locationManager.init();
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
method: 'POST',
body: JSON.stringify({
username,
createdFrom: 'loginForm',
duration: sessionTime
}),
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + config.MASTER_ACCESSTOKEN
}
});
const token = (await res.json()).accessToken;
Astro.cookies.set("sessionToken", token, cookieOptions);
return Astro.redirect("/game"); return Astro.redirect("/game");
} }