mirror of
https://github.com/HeyPuter/puter
synced 2024-11-15 06:15:47 +00:00
fix(security): Fix session revocation
This commit is contained in:
parent
51a6d1ea1d
commit
eb166a67a9
@ -89,6 +89,8 @@ class SessionService extends BaseService {
|
||||
}
|
||||
|
||||
remove_internal_values_ (session) {
|
||||
if ( session === undefined ) return;
|
||||
|
||||
const copy = {
|
||||
...session,
|
||||
};
|
||||
@ -128,12 +130,18 @@ class SessionService extends BaseService {
|
||||
if ( now - session.last_store > 5 * MINUTE ) {
|
||||
this.log.debug('storing session meta: ' + session.uuid);
|
||||
const unix_ts = Math.floor(now / 1000);
|
||||
await this.db.write(
|
||||
const { anyRowsAffected } = await this.db.write(
|
||||
'UPDATE `sessions` ' +
|
||||
'SET `meta` = ?, `last_activity` = ? ' +
|
||||
'WHERE `uuid` = ?',
|
||||
[JSON.stringify(session.meta), unix_ts, session.uuid],
|
||||
);
|
||||
|
||||
if ( ! anyRowsAffected ) {
|
||||
delete this.sessions[key];
|
||||
continue;
|
||||
}
|
||||
|
||||
session.last_store = now;
|
||||
if (
|
||||
! user_updates[session.user_id] ||
|
||||
|
@ -391,10 +391,7 @@ class AuthService extends BaseService {
|
||||
|
||||
async revoke_session (actor, uuid) {
|
||||
delete this.sessions[uuid];
|
||||
await this.db.write(
|
||||
`DELETE FROM sessions WHERE uuid = ? AND user_id = ?`,
|
||||
[uuid, actor.type.user.id]
|
||||
);
|
||||
this.svc_session.remove_session(uuid);
|
||||
}
|
||||
|
||||
async get_user_app_token_from_origin (origin) {
|
||||
|
Loading…
Reference in New Issue
Block a user