fix logout
remove DID_I_FINALLY_ADD_HTTPS
This commit is contained in:
Mystikfluu
parent
82976f4830
commit
ea24ea70ed
@ -141,7 +141,7 @@ export const setup = function (router, con, server) {
|
|||||||
let ip = getIP(req);
|
let ip = getIP(req);
|
||||||
let setTo = `${res.locals.username} ${SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE)}`
|
let setTo = `${res.locals.username} ${SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE)}`
|
||||||
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
||||||
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true });
|
||||||
res.json({ "success": "successfully changed password" });
|
res.json({ "success": "successfully changed password" });
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -197,7 +197,7 @@ export const setup = function (router, con, server) {
|
|||||||
let ip = getIP(req);
|
let ip = getIP(req);
|
||||||
let setTo = `${req.body.newUsername} ${SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE)}`
|
let setTo = `${req.body.newUsername} ${SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE)}`
|
||||||
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
||||||
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true });
|
||||||
//updated username in the users table, but not yet on posts
|
//updated username in the users table, but not yet on posts
|
||||||
//TODO: update username on dms
|
//TODO: update username on dms
|
||||||
let sql = `update ipost.posts set post_user_name=? where post_user_name=?;`; //change username of every past post sent
|
let sql = `update ipost.posts set post_user_name=? where post_user_name=?;`; //change username of every past post sent
|
||||||
|
|||||||
10
routes/logout.js
Normal file
10
routes/logout.js
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
export const setup = function (router, con, server) {
|
||||||
|
|
||||||
|
const increaseUSERCall = server.increaseUSERCall
|
||||||
|
|
||||||
|
router.get("/logout", function (req, res) {
|
||||||
|
if (!increaseUSERCall(req, res))return;
|
||||||
|
res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: true });
|
||||||
|
res.redirect("/");
|
||||||
|
});
|
||||||
|
}
|
||||||
@ -12,6 +12,8 @@ import { setup as servefilessetup} from "./serve_static_files.js"
|
|||||||
import { setup as userfilessetup} from "./userfiles.js"
|
import { setup as userfilessetup} from "./userfiles.js"
|
||||||
import { setup as userauthsetup} from "./user_auth.js"
|
import { setup as userauthsetup} from "./user_auth.js"
|
||||||
import { setup as applicationsetup} from "./authorize.js"
|
import { setup as applicationsetup} from "./authorize.js"
|
||||||
|
import { setup as logoutsetup} from "./logout.js"
|
||||||
|
|
||||||
|
|
||||||
export const setup = function (router, con, server) {
|
export const setup = function (router, con, server) {
|
||||||
const setuproute = handler => handler(router,con,server)
|
const setuproute = handler => handler(router,con,server)
|
||||||
@ -27,6 +29,7 @@ export const setup = function (router, con, server) {
|
|||||||
setuproute(getpostssetup)
|
setuproute(getpostssetup)
|
||||||
setuproute(userroutessetup)
|
setuproute(userroutessetup)
|
||||||
setuproute(servefilessetup)
|
setuproute(servefilessetup)
|
||||||
|
setuproute(logoutsetup)
|
||||||
let global_page_variables = {
|
let global_page_variables = {
|
||||||
getPID: get_pid,
|
getPID: get_pid,
|
||||||
getDMPID: get_dmpid,
|
getDMPID: get_dmpid,
|
||||||
|
|||||||
33
server.js
33
server.js
@ -70,7 +70,6 @@ const WebSocket = ws.WebSocketServer;
|
|||||||
|
|
||||||
const router = Router();
|
const router = Router();
|
||||||
const app = express();
|
const app = express();
|
||||||
const DID_I_FINALLY_ADD_HTTPS = true;
|
|
||||||
const con = mysql.createPool({
|
const con = mysql.createPool({
|
||||||
connectionLimit: config.mysql.connections,
|
connectionLimit: config.mysql.connections,
|
||||||
host: config.mysql.host,
|
host: config.mysql.host,
|
||||||
@ -222,7 +221,7 @@ function increaseAPICall(req, res, next) {
|
|||||||
SESSIONS[session] = undefined;
|
SESSIONS[session] = undefined;
|
||||||
REVERSE_SESSIONS[ip] = undefined;
|
REVERSE_SESSIONS[ip] = undefined;
|
||||||
}, 50000);
|
}, 50000);
|
||||||
res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: true });
|
||||||
console.log(3, "sending session to " + ip);
|
console.log(3, "sending session to " + ip);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -291,9 +290,9 @@ app.use(function (_req, res, next) {
|
|||||||
res.set("X-XSS-Protection", "1; mode=block");
|
res.set("X-XSS-Protection", "1; mode=block");
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
if (DID_I_FINALLY_ADD_HTTPS) {
|
|
||||||
//auto redirect to https
|
//auto redirect to https
|
||||||
app.use((req, res, next) => {
|
app.use((req, res, next) => {
|
||||||
if (req.secure) {
|
if (req.secure) {
|
||||||
//already secure
|
//already secure
|
||||||
next();
|
next();
|
||||||
@ -302,8 +301,8 @@ if (DID_I_FINALLY_ADD_HTTPS) {
|
|||||||
//redirect to https
|
//redirect to https
|
||||||
res.redirect('https://' + req.headers.host + req.url);
|
res.redirect('https://' + req.headers.host + req.url);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
|
||||||
app.use("/*", function (req, res, next) {
|
app.use("/*", function (req, res, next) {
|
||||||
res.set("x-powered-by", "ipost");
|
res.set("x-powered-by", "ipost");
|
||||||
for (let i = 0; i < blocked_headers.length; i++) {
|
for (let i = 0; i < blocked_headers.length; i++) {
|
||||||
@ -342,7 +341,6 @@ var commonfunctions = {
|
|||||||
ensureExists,
|
ensureExists,
|
||||||
"dirname": __dirname,
|
"dirname": __dirname,
|
||||||
config,
|
config,
|
||||||
DID_I_FINALLY_ADD_HTTPS,
|
|
||||||
hcaptcha: {
|
hcaptcha: {
|
||||||
"verify":verifyHCaptcha,
|
"verify":verifyHCaptcha,
|
||||||
"sitekey":config.hcaptcha_sitekey
|
"sitekey":config.hcaptcha_sitekey
|
||||||
@ -367,11 +365,6 @@ END /API/*
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
router.get("/logout", function (_req, res) {
|
|
||||||
res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
|
||||||
res.redirect("/");
|
|
||||||
});
|
|
||||||
|
|
||||||
console.log(5, "finished loading routes");
|
console.log(5, "finished loading routes");
|
||||||
app.use(router);
|
app.use(router);
|
||||||
const httpServer = http.createServer(app);
|
const httpServer = http.createServer(app);
|
||||||
@ -385,16 +378,12 @@ var httpsServer;
|
|||||||
|
|
||||||
import spdy from "spdy"
|
import spdy from "spdy"
|
||||||
|
|
||||||
if (DID_I_FINALLY_ADD_HTTPS) {
|
httpsServer = spdy.createServer(credentials,app)
|
||||||
httpsServer = spdy.createServer(credentials,app)
|
//httpsServer = https.createServer(credentials, app);
|
||||||
//httpsServer = https.createServer(credentials, app);
|
httpsServer.listen(config["ports"]["https"], function () {
|
||||||
httpsServer.listen(config["ports"]["https"], function () {
|
|
||||||
console.log(5, "HTTPS Server is listening");
|
console.log(5, "HTTPS Server is listening");
|
||||||
});
|
});
|
||||||
}
|
|
||||||
else {
|
|
||||||
httpsServer = httpServer;
|
|
||||||
}
|
|
||||||
wss = new WebSocket({
|
wss = new WebSocket({
|
||||||
server: httpsServer,
|
server: httpsServer,
|
||||||
perMessageDeflate: {
|
perMessageDeflate: {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user