mbkauthe 1.0.18 → 1.0.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +2 -1
- package/lib/main.js +7 -7
- package/lib/validateSessionAndRole.js +1 -0
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -21,7 +21,8 @@ if (mbkautheVar.RECAPTCHA_Enabled === "true") {
|
|
|
21
21
|
if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
|
|
22
22
|
throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
|
|
23
23
|
}
|
|
24
|
-
}
|
|
24
|
+
} console.log(mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined);
|
|
25
|
+
|
|
25
26
|
if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
|
|
26
27
|
const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
|
|
27
28
|
if (isNaN(expireTime) || expireTime <= 0) {
|
package/lib/main.js
CHANGED
|
@@ -102,7 +102,7 @@ const getCookieOptions = () => ({
|
|
|
102
102
|
router.use(async (req, res, next) => {
|
|
103
103
|
if (req.session && req.session.user) {
|
|
104
104
|
const cookieOptions = getCookieOptions();
|
|
105
|
-
res.cookie("username", req.session.user.username, cookieOptions);
|
|
105
|
+
res.cookie("username", req.session.user.username, { ...cookieOptions, httpOnly: false });
|
|
106
106
|
res.cookie("sessionId", req.session.user.sessionId, cookieOptions);
|
|
107
107
|
}
|
|
108
108
|
next();
|
|
@@ -118,13 +118,13 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
|
|
|
118
118
|
console.log("Error destroying session:", err);
|
|
119
119
|
return res.status(500).json({ success: false, message: "Failed to terminate sessions" });
|
|
120
120
|
}
|
|
121
|
-
|
|
121
|
+
|
|
122
122
|
// Clear all cookies with proper domain
|
|
123
123
|
const cookieOptions = getCookieOptions();
|
|
124
124
|
res.clearCookie("mbkauthe.sid", cookieOptions);
|
|
125
125
|
res.clearCookie("sessionId", cookieOptions);
|
|
126
126
|
res.clearCookie("username", cookieOptions);
|
|
127
|
-
|
|
127
|
+
|
|
128
128
|
console.log("All sessions terminated successfully");
|
|
129
129
|
res.status(200).json({
|
|
130
130
|
success: true,
|
|
@@ -269,10 +269,10 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
|
|
|
269
269
|
if (req.session.user) {
|
|
270
270
|
try {
|
|
271
271
|
const { id, username } = req.session.user;
|
|
272
|
-
|
|
272
|
+
|
|
273
273
|
// Clear the SessionId in the database first
|
|
274
274
|
await dblogin.query(`UPDATE "Users" SET "SessionId" = NULL WHERE "id" = $1`, [id]);
|
|
275
|
-
|
|
275
|
+
|
|
276
276
|
// Remove the session from the session table
|
|
277
277
|
if (req.sessionID) {
|
|
278
278
|
await dblogin.query('DELETE FROM "session" WHERE sid = $1', [req.sessionID]);
|
|
@@ -283,13 +283,13 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
|
|
|
283
283
|
console.log("Error destroying session:", err);
|
|
284
284
|
return res.status(500).json({ success: false, message: "Logout failed" });
|
|
285
285
|
}
|
|
286
|
-
|
|
286
|
+
|
|
287
287
|
// Clear all cookies with proper domain
|
|
288
288
|
const cookieOptions = getCookieOptions();
|
|
289
289
|
res.clearCookie("mbkauthe.sid", cookieOptions);
|
|
290
290
|
res.clearCookie("sessionId", cookieOptions);
|
|
291
291
|
res.clearCookie("username", cookieOptions);
|
|
292
|
-
|
|
292
|
+
|
|
293
293
|
console.log(`User "${username}" logged out successfully`);
|
|
294
294
|
res.status(200).json({ success: true, message: "Logout successful" });
|
|
295
295
|
});
|
|
@@ -3,6 +3,7 @@ const mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
|
3
3
|
|
|
4
4
|
// Get consistent cookie options
|
|
5
5
|
const getCookieOptions = () => ({
|
|
6
|
+
maxAge: COOKIE_EXPIRE_TIME,
|
|
6
7
|
domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
|
|
7
8
|
secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
|
|
8
9
|
sameSite: 'lax',
|