Skip to content

Commit

Permalink
#294 Fix session and use postgres as session store
Browse files Browse the repository at this point in the history
  • Loading branch information
@tariqksoliman
tariqksoliman committed Dec 13, 2022
1 parent 8dae1f5 commit 9f28aca
Show file tree
Hide file tree
Showing 6 changed files with 237 additions and 143 deletions.
78 changes: 44 additions & 34 deletions API/Backend/Users/routes/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,42 +178,48 @@ router.post("/login", function (req, res) {
} else {
function pass(err, result, again) {
if (result) {
// Save the user's info in the session
req.session.user = user.username;
req.session.uid = user.id;
req.session.token = crypto.randomBytes(128).toString("hex");
req.session.permission = user.permission;
req.session.regenerate((err) => {
// Save the user's info in the session
req.session.user = user.username;
req.session.uid = user.id;
req.session.token = crypto.randomBytes(128).toString("hex");
req.session.permission = user.permission;

User.update(
{
token: req.session.token,
},
{
where: {
id: user.id,
username: user.username,
},
}
)
.then(() => {
res.send({
status: "success",
username: user.username,
User.update(
{
token: req.session.token,
groups: getUserGroups(user.username, req.leadGroupName),
additional:
process.env.THIRD_PARTY_COOKIES === "true"
? `; SameSite=None;${
process.env.NODE_ENV === "production" ? " Secure" : ""
}`
: "",
},
{
where: {
id: user.id,
username: user.username,
},
}
)
.then(() => {
req.session.save(() => {
res.send({
status: "success",
username: user.username,
token: req.session.token,
groups: getUserGroups(user.username, req.leadGroupName),
additional:
process.env.THIRD_PARTY_COOKIES === "true"
? `; SameSite=None;${
process.env.NODE_ENV === "production"
? " Secure"
: ""
}`
: "",
});
});
return null;
})
.catch((err) => {
res.send({ status: "failure", message: "Login failed." });
return null;
});
return null;
})
.catch((err) => {
res.send({ status: "failure", message: "Login failed." });
return null;
});
});
return null;
} else {
res.send({
Expand Down Expand Up @@ -285,7 +291,11 @@ router.post("/logout", function (req, res) {
}
)
.then(() => {
res.send({ status: "success" });
req.session.save(() => {
req.session.regenerate((err) => {
res.send({ status: "success" });
});
});
return null;
})
.catch((err) => {
Expand Down
4 changes: 4 additions & 0 deletions docs/pages/Setup/ENVs/ENVs.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ Sets the `Content-Security-Policy: frame-ancestors` header to allow the embeddin

Sets the `Content-Security-Policy: frame-src` header to allow the embedding iframes from external origins into MMGIS | string[] | default `null` | ex. FRAME_SRC='["http://localhost:8888"]'

#### `THIRD_PARTY_COOKIES=`

Sets "SameSite=None; Secure" on the login cookie. Useful when using AUTH=local as an iframe within a cross-origin page. | boolean | default `false`

#### `PUBLIC_URL=`

Set MMGIS to be deployed under a subpath. Use full and absolute paths only to the project's build directory. For example if serving at the subpath 'mmgis/' is desired, set PUBLIC_URL to 'https://{domain}/mmgis/build'. Changing PUBLIC_URL required a rebuild. | string | default `null` (domain root build '/build')
Expand Down
Loading

0 comments on commit 9f28aca

Please sign in to comment.