Timetable-V2/server/api/auth.js

export class Auth {
  activeSessions = [];
  constructor() {}
  login = (req, res) => {
    if (!req.body.password) {
      res.status(401).sendFile("login.html", { root: "../" });
      return;
    } else {
      if (req.body.password == process.env.AUTH_PASSWORD) {
        const sessionId = Math.random().toString(36).slice(-8);
        this.activeSessions.push(sessionId);
        res.cookie("session", sessionId, {
          httpOnly: true,
          expires: new Date(253402300000000),
        });
        res.redirect("/");
      } else {
        res.status(401).sendFile("login.html", { root: "../" });
        return;
      }
    }
  };
  checkLogin = (req, res, next) => {
    if (!req.cookies.session) {
      res.status(401).sendFile("login.html", { root: "../" });
      return;
    } else {
      if (!this.activeSessions.includes(req.cookies.session)) {
        res.status(401).sendFile("login.html", { root: "../" });
        return;
      }
    }
    next();
  };
}