diff --git a/middlewares/verifyAuth.js b/middlewares/verifyAuth.js index aa823f3..eebeb91 100644 --- a/middlewares/verifyAuth.js +++ b/middlewares/verifyAuth.js @@ -1,4 +1,6 @@ -const config = require('../config') +const ROUGHLY_ONE_YEAR_IN_MILLISECONDS = 1000 * 60 * 60 * 24 * 30 * 12 +const COOKIE_NAME = 'christmas_community.guestpassword' + module.exports = options => { return (req, res, next) => { options = options || {} @@ -9,12 +11,13 @@ module.exports = options => { return res.send('auth fail') } if (authed) return next() - if (_CC.config.guestPassword && req.query.pw === _CC.config.guestPassword) { + if (_CC.config.guestPassword && (req.query.pw === _CC.config.guestPassword || req.cookies[COOKIE_NAME] === _CC.config.guestPassword)) { req.user = { _id: '_CCUNKNOWN' } + res.cookie(COOKIE_NAME, _CC.config.guestPassword, { maxAge: ROUGHLY_ONE_YEAR_IN_MILLISECONDS }) return next() } - res.redirect(options.failureRedirect || config.defaultFailureRedirect) + res.redirect(options.failureRedirect || _CC.config.defaultFailureRedirect) } } diff --git a/package.json b/package.json index 5727a5b..1011176 100644 --- a/package.json +++ b/package.json @@ -22,6 +22,7 @@ "chalk": "^4.1.2", "child-process-promise": "^2.2.1", "connect-flash": "^0.1.1", + "cookie-parser": "^1.4.6", "dompurify": "^2.3.1", "dotenv": "^10.0.0", "express": "4.17.1", diff --git a/routes/index.js b/routes/index.js index 6ef5870..4288c94 100644 --- a/routes/index.js +++ b/routes/index.js @@ -29,6 +29,7 @@ module.exports = ({ db, config }) => { const router = express.Router() router.use('/', express.static(path.join(__dirname, '../static'))) + router.use(require('cookie-parser')()) router.get('/', async (req, res, next) => { diff --git a/yarn.lock b/yarn.lock index 864c3f5..64799b1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -743,12 +743,12 @@ "resolved" "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz" "version" "1.0.4" -"cookie-parser@^1.4.3": - "integrity" "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==" - "resolved" "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz" - "version" "1.4.5" +"cookie-parser@^1.4.3", "cookie-parser@^1.4.6": + "integrity" "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==" + "resolved" "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz" + "version" "1.4.6" dependencies: - "cookie" "0.4.0" + "cookie" "0.4.1" "cookie-signature" "1.0.6" "cookie-signature@1.0.6":