fix logout

remove DID_I_FINALLY_ADD_HTTPS
2023-03-03 20:54:39 +01:00 · 2023-03-03 20:54:39 +01:00 · ea24ea70ed
commit ea24ea70ed
parent 82976f4830
4 changed files with 35 additions and 33 deletions
--- a/routes/api/userRoutes.js
+++ b/routes/api/userRoutes.js
@ -141,7 +141,7 @@ export const setup = function (router, con, server) {
                    let ip = getIP(req);
                    let setTo = `${res.locals.username} ${SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE)}`
                    let cookiesigned = signature.sign(setTo, cookiesecret + ip);
-                    res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
+                    res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true });
                    res.json({ "success": "successfully changed password" });
                });
            }
@ -197,7 +197,7 @@ export const setup = function (router, con, server) {
                        let ip = getIP(req);
                        let setTo = `${req.body.newUsername} ${SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE)}`
                        let cookiesigned = signature.sign(setTo, cookiesecret + ip);
-                        res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
+                        res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true });
                        //updated username in the users table, but not yet on posts
                        //TODO: update username on dms
                        let sql = `update ipost.posts set post_user_name=? where post_user_name=?;`; //change username of every past post sent
--- a/routes/logout.js
+++ b/routes/logout.js
@ -0,0 +1,10 @@
+export const setup = function (router, con, server) {
+
+    const increaseUSERCall = server.increaseUSERCall
+
+    router.get("/logout",  function (req, res) {
+        if (!increaseUSERCall(req, res))return;
+        res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: true });
+        res.redirect("/");
+    });
+}
--- a/routes/setup_all_routes.js
+++ b/routes/setup_all_routes.js
@ -12,6 +12,8 @@ import { setup as servefilessetup} from "./serve_static_files.js"
 import { setup as userfilessetup} from "./userfiles.js"
 import { setup as userauthsetup} from "./user_auth.js"
 import { setup as applicationsetup} from "./authorize.js"
+import { setup as logoutsetup} from "./logout.js"
+

 export const setup = function (router, con, server) {
    const setuproute = handler => handler(router,con,server)
@ -27,6 +29,7 @@ export const setup = function (router, con, server) {
    setuproute(getpostssetup)
    setuproute(userroutessetup)
    setuproute(servefilessetup)
+    setuproute(logoutsetup)
    let global_page_variables = {
        getPID: get_pid,
        getDMPID: get_dmpid,
--- a/server.js
+++ b/server.js
@ -70,7 +70,6 @@ const WebSocket = ws.WebSocketServer;

 const router = Router();
 const app = express();
-const DID_I_FINALLY_ADD_HTTPS = true;
 const con = mysql.createPool({
    connectionLimit: config.mysql.connections,
    host: config.mysql.host,
@ -222,7 +221,7 @@ function increaseAPICall(req, res, next) {
                SESSIONS[session] = undefined;
                REVERSE_SESSIONS[ip] = undefined;
            }, 50000);
-            res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
+            res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: true });
            console.log(3, "sending session to " + ip);
        }
    }
@ -291,19 +290,19 @@ app.use(function (_req, res, next) {
    res.set("X-XSS-Protection", "1; mode=block");
    next();
 });
-if (DID_I_FINALLY_ADD_HTTPS) {
-    //auto redirect to https
-    app.use((req, res, next) => {
-        if (req.secure) {
-            //already secure
-            next();
-        }
-        else {
-            //redirect to https
-            res.redirect('https://' + req.headers.host + req.url);
-        }
-    });
-}
+
+//auto redirect to https
+app.use((req, res, next) => {
+    if (req.secure) {
+        //already secure
+        next();
+    }
+    else {
+        //redirect to https
+        res.redirect('https://' + req.headers.host + req.url);
+    }
+});
+
 app.use("/*", function (req, res, next) {
    res.set("x-powered-by", "ipost");
    for (let i = 0; i < blocked_headers.length; i++) {
@ -342,7 +341,6 @@ var commonfunctions = {
    ensureExists,
    "dirname": __dirname,
    config,
-    DID_I_FINALLY_ADD_HTTPS,
    hcaptcha: {
        "verify":verifyHCaptcha,
        "sitekey":config.hcaptcha_sitekey
@ -367,11 +365,6 @@ END /API/*

 */

-router.get("/logout",  function (_req, res) {
-    res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
-    res.redirect("/");
-});
-
 console.log(5, "finished loading routes");
 app.use(router);
 const httpServer = http.createServer(app);
@ -385,16 +378,12 @@ var httpsServer;

 import spdy from "spdy"

-if (DID_I_FINALLY_ADD_HTTPS) {
-    httpsServer = spdy.createServer(credentials,app)
-    //httpsServer = https.createServer(credentials, app);
-    httpsServer.listen(config["ports"]["https"], function () {
-        console.log(5, "HTTPS Server is listening");
-    });
-}
-else {
-    httpsServer = httpServer;
-}
+httpsServer = spdy.createServer(credentials,app)
+//httpsServer = https.createServer(credentials, app);
+httpsServer.listen(config["ports"]["https"], function () {
+    console.log(5, "HTTPS Server is listening");
+});
+
 wss = new WebSocket({
    server: httpsServer,
    perMessageDeflate: {