✨ Store auth sessions in database

2022-06-02 23:18:53 +02:00
parent 72c8b3adc1
commit 45f682a718
2 changed files with 50 additions and 7 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@ -1,18 +1,26 @@
+import Prisma from "@prisma/client";
+const prisma = new Prisma.PrismaClient();
+
+import { log } from "../logs.js";
+
 export class Auth {
-  activeSessions = [];
  constructor() {}
-  login = (req, res) => {
+  login = async (req, res) => {
    if (!req.body.password) {
      res.redirect("/login");
      return;
    } else {
      if (req.body.password == process.env.AUTH_PASSWORD) {
-        const sessionId = Math.random().toString(36).slice(-8);
-        this.activeSessions.push(sessionId);
-        res.cookie("session", sessionId, {
+        const session = await prisma.session.create({
+          data: {
+            validUntil: new Date(Date.now() + 1000 * 60 * 60 * 24 * 14), // Expires after 14 days
+          },
+        });
+        res.cookie("session", session.token, {
          httpOnly: true,
          expires: new Date(253402300000000),
        });
+        log("API / Auth", `New session: ${session.token}`);
        res.redirect("/");
      } else {
        res.redirect("/login");
@ -20,7 +28,7 @@ export class Auth {
      }
    }
  };
-  checkLogin = (req, res, next) => {
+  checkLogin = async (req, res, next) => {
    if (!process.env.AUTH_PASSWORD) {
      next();
      return;
@ -29,11 +37,40 @@ export class Auth {
      res.sendStatus(401);
      return;
    } else {
-      if (!this.activeSessions.includes(req.cookies.session)) {
+      const session = await prisma.session.findUnique({
+        where: {
+          token: req.cookies.session,
+        },
+      });
+      if (!session) {
        res.sendStatus(401);
        return;
      }
+      // Renew session expiration date
+      await prisma.session.update({
+        where: {
+          token: session.token,
+        },
+        data: {
+          validUntil: new Date(Date.now() + 1000 * 60 * 60 * 24 * 14),
+        },
+      });
    }
    next();
  };
 }
+
+// Check for expired sessions every hour
+setInterval(async () => {
+  const sessions = await prisma.session.findMany();
+  for (const session of sessions) {
+    if (session.validUntil < new Date()) {
+      log("API / Auth", `Removed expired session: ${session.token}`);
+      await prisma.session.delete({
+        where: {
+          token: session.token,
+        },
+      });
+    }
+  }
+}, 1000 * 60 * 60);
--- a/server/prisma/schema.prisma
+++ b/server/prisma/schema.prisma
@ -62,3 +62,9 @@ model Class {
  name  String @id @unique
  regex String
 }
+
+model Session {
+  token      String   @id @unique @default(uuid())
+  createdAt  DateTime @default(now())
+  validUntil DateTime
+}