From eac3785b29087b7af0b2764049cfe542aa2d886c Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Thu, 25 Apr 2013 11:04:08 -0400 Subject: [PATCH] fixing issue with auth (removed session saving stuff by mistake) --- src/topics.js | 2 +- src/user.js | 8 +++++++- src/webserver.js | 33 +++++++++++++++++++-------------- 3 files changed, 27 insertions(+), 16 deletions(-) diff --git a/src/topics.js b/src/topics.js index 8c28cd13e1..446d11d91a 100644 --- a/src/topics.js +++ b/src/topics.js @@ -26,7 +26,7 @@ var RDB = require('./redis.js'), Topics.get(function(data) { - console.log({'topics': data}); + // console.log({'topics': data}); forum_body = forum_body.parse({'topics': data}); callback(forum_body); }, start, end); diff --git a/src/user.js b/src/user.js index 2fb6437a70..95ee11cf59 100644 --- a/src/user.js +++ b/src/user.js @@ -21,7 +21,13 @@ var config = require('../config.js'), return global.socket.emit('user.login', {'status': 0, 'message': 'Incorrect username / password combination.'}); } else { // Start, replace, or extend a session - global.uid = uid; + RDB.get('session:' + user.sessionID, function(session) { + if (session !== user.sessionID) { + RDB.set('session:' + user.sessionID, uid, 60*60*24*14); // Login valid for two weeks + } else { + RDB.expire('session:' + user.sessionID, 60*60*24*14); // Defer expiration to two weeks from now + } + }); return global.socket.emit('user.login', {'status': 1, 'message': 'Logged in!'}); } diff --git a/src/webserver.js b/src/webserver.js index 5aa5b2cbee..b0192f87b4 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -17,17 +17,28 @@ var express = require('express'), function hasAuth(req, res, next) { // Include this middleware if the endpoint is publically accessible, but has elements that logged in users can see + global.modules.user.get_uid_by_session(req.sessionID, function(uid) { + if (uid) { + global.uid = uid; + console.log('info: [Auth] User is logged in as uid: ' + uid); + } else { + console.log('info: [Auth] User is not logged in'); + } + next(); + }); } function requireAuth(req, res, next) { // Include this middleware if the endpoint requires a logged in user to view - console.log('REQUIRE: ', global.uid, req.sessionID); - if (!global.uid) { - res.redirect('/403'); - } else { - next(); - } + hasAuth(req, res, function() { + if (!global.uid) { + res.redirect('/403'); + } else { + console.log('info: [Auth] User is logged in as uid: ' + uid); + next(); + } + }); } // Middlewares @@ -35,18 +46,12 @@ var express = require('express'), app.use(express.bodyParser()); // Puts POST vars in request.body app.use(express.cookieParser()); // If you want to parse cookies (res.cookies) app.use(express.session({secret: 'nodebb', key: 'express.sid'})); - app.use(function(req, res, next) { - global.modules.user.get_uid_by_session(req.sessionID, function(uid) { - if (uid) global.uid = uid; - next(); - }); - }); // Dunno wtf this does // app.use(express.logger({ format: '\x1b[1m:method\x1b[0m \x1b[33m:url\x1b[0m :response-time ms' })); // Useful if you want to use app.put and app.delete (instead of app.post all the time) // app.use(express.methodOverride()); - app.get('/', function(req, res) { + app.get('/', hasAuth, function(req, res) { global.modules.topics.generate_forum_body(function(forum_body) { res.send(templates['header'] + forum_body + templates['footer']); }) @@ -54,7 +59,7 @@ var express = require('express'), //res.send(templates['header'] + templates['home'] + templates['footer']); }); - app.get('/login', function(req, res) { + app.get('/login', hasAuth, function(req, res) { res.send(templates['header'] + templates['login'] + templates['footer']); });