notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[frontend] Set sessions cookie to string of tokens

Browse source
This commit is contained in:
Lilian 2024-07-16 20:33:47 +02:00 committed by Laura Hausmann
parent a4177a2697
commit 1ace285d35
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Iceshrimp.Frontend/Core/Services/SessionService.cs
View file

@ -63,24 +63,25 @@ internal class SessionService
Current = null; Current = null;
LocalStorage.RemoveItem("last_user"); LocalStorage.RemoveItem("last_user");
((IJSInProcessRuntime)Js).InvokeVoid("eval", ((IJSInProcessRuntime)Js).InvokeVoid("eval",
"document.cookie = \"admin_session=; path=/ ; Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\""); "document.cookie = \"admin_session=; path=/ ; Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
} }
public void SetSession(string id) public void SetSession(string id)
{ {
((IJSInProcessRuntime)Js).InvokeVoid("eval", ((IJSInProcessRuntime)Js).InvokeVoid("eval",
"document.cookie = \"admin_session=; path=/; expires=Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\""); "document.cookie = \"admin_session=; path=/; expires=Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
var user = GetUserById(id); var user = GetUserById(id);
if (user == null) throw new Exception("Did not find User in Local Storage"); if (user == null) throw new Exception("Did not find User in Local Storage");
ApiService.SetBearerToken(user.Token); ApiService.SetBearerToken(user.Token);
Current = user; Current = user;
LocalStorage.SetItem("last_user", user.Id); LocalStorage.SetItem("last_user", user.Id);
var sessionsString = Users.Aggregate("", (current, el) => current + $"{el.Value.Token},").TrimEnd(',');
((IJSInProcessRuntime)Js).InvokeVoid("eval", ((IJSInProcessRuntime)Js).InvokeVoid("eval",
$"document.cookie = \"session={user.Id}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\""); $"document.cookie = \"sessions={sessionsString}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
if (user.IsAdmin) if (user.IsAdmin)
{ {
((IJSInProcessRuntime)Js).InvokeVoid("eval", ((IJSInProcessRuntime)Js).InvokeVoid("eval",
$"document.cookie = \"admin_session={user.Token}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\""); $"document.cookie = \"admin_session={user.Token}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
} }
// Security implications of this need a second pass? user.Id should never be user controllable, but still. // Security implications of this need a second pass? user.Id should never be user controllable, but still.
} }