notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't create a new session for every request that uses AuthController.Login

Browse source
This commit is contained in:
Laura Hausmann 2024-01-28 01:22:18 +01:00
parent 6a23b915bd
commit c7c8dc501d
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
Iceshrimp.Backend/Controllers/AuthController.cs
View file

@ -46,7 +46,7 @@ public class AuthController(DatabaseContext db, UserService userSvc) : Controlle
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(AuthResponse))] [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(AuthResponse))]
[ProducesResponseType(StatusCodes.Status400BadRequest, Type = typeof(ErrorResponse))] [ProducesResponseType(StatusCodes.Status400BadRequest, Type = typeof(ErrorResponse))]
[ProducesResponseType(StatusCodes.Status403Forbidden, Type = typeof(ErrorResponse))] [ProducesResponseType(StatusCodes.Status403Forbidden, Type = typeof(ErrorResponse))]
public async Task<IActionResult> Login([FromBody] AuthRequest request) { public async Task<IActionResult> Login([FromBody] AuthRequest request, Session? session = null) {
var user = await db.Users.FirstOrDefaultAsync(p => p.Host == null && var user = await db.Users.FirstOrDefaultAsync(p => p.Host == null &&
p.UsernameLower == request.Username.ToLowerInvariant()); p.UsernameLower == request.Username.ToLowerInvariant());
if (user == null) if (user == null)
@ -57,17 +57,17 @@ public class AuthController(DatabaseContext db, UserService userSvc) : Controlle
if (!AuthHelpers.ComparePassword(request.Password, profile.Password)) if (!AuthHelpers.ComparePassword(request.Password, profile.Password))
return StatusCode(StatusCodes.Status403Forbidden); return StatusCode(StatusCodes.Status403Forbidden);
var res = await db.AddAsync(new Session { if (session == null) {
Id = IdHelpers.GenerateSlowflakeId(), session = new Session {
UserId = user.Id, Id = IdHelpers.GenerateSlowflakeId(),
Active = !profile.TwoFactorEnabled, UserId = user.Id,
CreatedAt = new DateTime(), Active = !profile.TwoFactorEnabled,
Token = CryptographyHelpers.GenerateRandomString(32) CreatedAt = new DateTime(),
}); Token = CryptographyHelpers.GenerateRandomString(32)
};
var session = res.Entity; await db.AddAsync(session);
await db.AddAsync(session); await db.SaveChangesAsync();
await db.SaveChangesAsync(); }
return Ok(new AuthResponse { return Ok(new AuthResponse {
Status = session.Active ? AuthStatusEnum.Authenticated : AuthStatusEnum.TwoFactor, Status = session.Active ? AuthStatusEnum.Authenticated : AuthStatusEnum.TwoFactor,