walamana/minis-data-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: cookies can't be read when proxy is used

Browse Source
This commit is contained in:
walamana 2019-02-08 10:49:31 +01:00
parent 8009c157c2
commit 47f0713687
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app.js
View File

@ -94,9 +94,9 @@ app.get('/login', (req, res) => {
}); });
}); });
app.get("/logout", (req, res) => { app.post("/logout", (req, res) => {
var token = req.cookies.loginToken; var token = req.body.credentials.token;
var user = req.cookies.user; var user = req.body.credentials.username;
tokenIsValid(user, token).then(valid => { tokenIsValid(user, token).then(valid => {
if(valid){ if(valid){
@ -112,9 +112,9 @@ app.get("/logout", (req, res) => {
}); });
app.get("/loggedIn", (req, res) => { app.post("/loggedIn", (req, res) => {
var token = req.cookies.loginToken; var token = req.body.credentials.token;
var user = req.cookies.user; var user = req.body.credentials.username;
tokenIsValid(user, token).then(valid => { tokenIsValid(user, token).then(valid => {
if(valid){ if(valid){
@ -135,20 +135,21 @@ app.get("/loggedIn", (req, res) => {
* *
*/ */
app.get("/:user/update", (req, res) => { app.post("/:user/update", (req, res) => {
var token = req.cookies.loginToken; var token = req.body.credentials.token;
var userI = req.body.credentials.username;
var user = req.params.user; var user = req.params.user;
var changes = JSON.parse(req.query.changes); var changes = JSON.parse(req.query.changes);
tokenIsValid(req.cookies.user, token).then(valid => { tokenIsValid(userI, token).then(valid => {
if(valid){ if(valid){
if(req.cookies.user != "admin" && req.cookies.user != user){ if(userI != "admin" && userI != user){
res.send({success: false, error: "Unauthorized"}); res.send({success: false, error: "Unauthorized"});
return; return;
} }
console.log("Changing for " + user + " as " + req.cookies.user + " following states: "); console.log("Changing for " + user + " as " + userI + " following states: ");
console.log(changes); console.log(changes);
for(var i = 0; i < Object.keys(changes).length; i++){ for(var i = 0; i < Object.keys(changes).length; i++){
var gdID = Object.keys(changes)[i]; var gdID = Object.keys(changes)[i];
@ -225,8 +226,10 @@ app.get("/groups", (req, res) => {
}); });
}); });
app.get("/ministranten", (req, res) =>{ app.post("/ministranten", (req, res) =>{
tokenIsValid(req.cookies.user, req.cookies.loginToken).then(valid => { var token = req.body.credentials.token;
var user = req.body.credentials.username;
tokenIsValid(user, token).then(valid => {
con.query("SELECT * FROM `gruppe` ORDER BY `gruppe`.`START` DESC", (err, groupResults) => { con.query("SELECT * FROM `gruppe` ORDER BY `gruppe`.`START` DESC", (err, groupResults) => {
var groupID = req.query.group; var groupID = req.query.group;
if(groupID == -1){ if(groupID == -1){