@intranefr/superbackend 1.6.4 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/middleware/auth.js +31 -3
  3. package/src/routes/experiments.routes.js +2 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@intranefr/superbackend",
3
- "version": "1.6.4",
3
+ "version": "1.6.5",
4
4
  "description": "Node.js middleware that gives your project backend superpowers",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/src/middleware/auth.js CHANGED
@@ -131,9 +131,37 @@ const adminSessionAuth = (req, res, next) => {
131
131
 
132
132
  // Admin authentication middleware that supports both session and basic auth
133
133
  const adminAuth = (req, res, next) => {
134
- // First try session authentication
135
- if (req.session && req.session.authenticated) {
136
- return adminSessionAuth(req, res, next);
134
+ // First try session authentication (only if session exists AND is authenticated)
135
+ if (req.session && req.session.authenticated === true) {
136
+ // Verify session is still valid (check login time)
137
+ const loginTime = new Date(req.session.loginTime);
138
+ const now = new Date();
139
+ const sessionAge = (now - loginTime) / (1000 * 60 * 60); // hours
140
+
141
+ // Session expires after 24 hours
142
+ if (sessionAge > 24) {
143
+ req.session.destroy((err) => {
144
+ if (err) console.error('Error destroying expired session:', err);
145
+ });
146
+
147
+ if (req.xhr || req.headers.accept?.includes('application/json')) {
148
+ return res.status(401).json({
149
+ error: "Session expired",
150
+ redirectTo: `${req.adminPath || '/admin'}/login`
151
+ });
152
+ }
153
+
154
+ return res.redirect(`${req.adminPath || '/admin'}/login?error=Session expired`);
155
+ }
156
+
157
+ // Attach user info to request for consistency with other auth middleware
158
+ req.user = {
159
+ authenticated: true,
160
+ authType: req.session.authType,
161
+ role: req.session.role
162
+ };
163
+
164
+ return next();
137
165
  }
138
166
 
139
167
  // Fallback to basic auth for backward compatibility
package/src/routes/experiments.routes.js CHANGED
@@ -1,13 +1,13 @@
1
1
  const express = require('express');
2
2
  const router = express.Router();
3
3
 
4
- const { adminSessionAuth } = require('../middleware/auth');
4
+ const { adminAuth } = require('../middleware/auth');
5
5
  const rateLimiter = require('../services/rateLimiter.service');
6
6
 
7
7
  const controller = require('../controllers/experiments.controller');
8
8
 
9
9
  router.use(express.json({ limit: '1mb' }));
10
- router.use(adminSessionAuth);
10
+ router.use(adminAuth);
11
11
 
12
12
  router.get(
13
13
  '/:code/assignment',