From 47f0713687f43b7c4cb6295c1f37cb5cf0925f42 Mon Sep 17 00:00:00 2001
From: walamana <joniogerg@gmail.com>
Date: Fri, 8 Feb 2019 10:49:31 +0100
Subject: [PATCH] Fix: cookies can't be read when proxy is used

---
 app.js | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/app.js b/app.js
index 8d0f28e..553f11c 100644
--- a/app.js
+++ b/app.js
@@ -94,9 +94,9 @@ app.get('/login', (req, res) => {
     });
 });
 
-app.get("/logout", (req, res) => {
-    var token = req.cookies.loginToken;
-    var user = req.cookies.user;
+app.post("/logout", (req, res) => {
+    var token = req.body.credentials.token;
+    var user = req.body.credentials.username;
 
     tokenIsValid(user, token).then(valid => {
         if(valid){
@@ -112,9 +112,9 @@ app.get("/logout", (req, res) => {
 
 });
 
-app.get("/loggedIn", (req, res) => {
-    var token = req.cookies.loginToken;
-    var user = req.cookies.user;
+app.post("/loggedIn", (req, res) => {
+    var token = req.body.credentials.token;
+    var user = req.body.credentials.username;
 
     tokenIsValid(user, token).then(valid => {
         if(valid){
@@ -135,20 +135,21 @@ app.get("/loggedIn", (req, res) => {
  * 
  */
 
-app.get("/:user/update", (req, res) => {
-    var token = req.cookies.loginToken;
+app.post("/:user/update", (req, res) => {
+    var token = req.body.credentials.token;
+    var userI = req.body.credentials.username;
     var user = req.params.user;
     var changes = JSON.parse(req.query.changes);
 
 
-    tokenIsValid(req.cookies.user, token).then(valid => {
+    tokenIsValid(userI, token).then(valid => {
         if(valid){
-            if(req.cookies.user != "admin" && req.cookies.user != user){
+            if(userI != "admin" && userI != user){
                 res.send({success: false, error: "Unauthorized"});
                 return;
             }
             
-            console.log("Changing for " + user + " as " + req.cookies.user + " following states: ");
+            console.log("Changing for " + user + " as " + userI + " following states: ");
             console.log(changes);
             for(var i = 0; i < Object.keys(changes).length; i++){
                 var gdID = Object.keys(changes)[i];
@@ -225,8 +226,10 @@ app.get("/groups", (req, res) => {
     });
 });
 
-app.get("/ministranten", (req, res) =>{
-    tokenIsValid(req.cookies.user, req.cookies.loginToken).then(valid => {
+app.post("/ministranten", (req, res) =>{
+    var token = req.body.credentials.token;
+    var user = req.body.credentials.username;
+    tokenIsValid(user, token).then(valid => {
         con.query("SELECT * FROM `gruppe` ORDER BY `gruppe`.`START` DESC", (err, groupResults) => {
             var groupID = req.query.group;
             if(groupID == -1){