Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-10 10:22:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: 🎸 Seperate auth check

Browse Source
This commit is contained in:
Jin 2025-03-26 00:50:37 +01:00
parent 083ee5d23b
commit e957a17f1c
3 changed files with 32 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/app.ts
View File

@ -7,6 +7,7 @@ import compression from "compression";
import { fileURLToPath } from "url";
import { dirname } from "path";
import sessionParser from "./routes/session_parser.js";
import checkAuthState from "./routes/auth_check.js";
import utils from "./services/utils.js";
import assets from "./routes/assets.js";
import routes from "./routes/routes.js";
@ -61,6 +62,7 @@ app.use(`/manifest.webmanifest`, express.static(path.join(scriptDir, "public/man
app.use(`/robots.txt`, express.static(path.join(scriptDir, "public/robots.txt")));
app.use(`/icon.png`, express.static(path.join(scriptDir, "public/icon.png")));
app.use(sessionParser);
app.use(checkAuthState);
app.use(favicon(`${scriptDir}/../images/app-icons/icon.ico`));
// Check if TOTP is enabled and validate TOTP secret is set

29
src/routes/auth_check.ts Normal file
View File

@ -0,0 +1,29 @@
import totp from "../services/totp.js";
import open_id from "../services/open_id.js";
import type { Request, Response, NextFunction } from "express";
export default function checkAuthState(req: Request, res: Response, next: NextFunction) {
if (!req.session.loggedIn || req.path === '/login') return next();
const currentTotpStatus = totp.isTotpEnabled();
const currentSsoStatus = open_id.isOpenIDEnabled();
const lastAuthState = req.session.lastAuthState || { totpEnabled: false, ssoEnabled: false };
if (lastAuthState.totpEnabled !== currentTotpStatus ||
lastAuthState.ssoEnabled !== currentSsoStatus) {
req.session.destroy((err) => {
if (err) console.error('Error destroying session:', err);
if (typeof res.redirect === 'function') {
res.redirect('/login');
} else {
console.warn("res.redirect unavailable");
res.end?.();
}
});
return;
}
next();
}

36
src/routes/session_parser.ts
View File

@ -3,9 +3,6 @@ import sessionFileStore from "session-file-store";
import sessionSecret from "../services/session_secret.js";
import dataDir from "../services/data_dir.js";
import config from "../services/config.js";
import totp from "../services/totp.js";
import open_id from "../services/open_id.js";
import type { Request, Response, NextFunction } from "express";
const FileStore = sessionFileStore(session);
@ -25,35 +22,4 @@ const sessionParser = session({
})
});
const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
if (!req.session.loggedIn || req.path === '/login') {
return next();
}
const currentTotpStatus = totp.isTotpEnabled();
const currentSsoStatus = open_id.isOpenIDEnabled();
const lastAuthState = req.session.lastAuthState || {
totpEnabled: false,
ssoEnabled: false
};
if (lastAuthState.totpEnabled !== currentTotpStatus ||
lastAuthState.ssoEnabled !== currentSsoStatus) {
req.session.destroy((err) => {
if (err) {
console.error('Error destroying session:', err);
}
res.redirect('/login');
});
return;
}
next();
};
export default function (req: Request, res: Response, next: NextFunction) {
sessionParser(req, res, () => {
checkAuthState(req, res, next);
});
}
export default sessionParser;