Browse Source

web - fix login timeout

master
Ruben Meyer 5 months ago
parent
commit
8ed3d8cbf5
Signed by: rxbn_ GPG Key ID: BE3BF898BE352FE2
  1. 11
      bin/web/module.js
  2. 9
      bin/web/routes/api/login.js

11
bin/web/module.js

@ -100,6 +100,17 @@ methods.start = () => {
}
app.use(session_handler(session_options));
// login timeout, clear on all requests
app.use((req, res, next) => {
if(req.session && req.session.user && req.session.user.login_timeout) {
if(Date.now() > req.session.user.login_timeout + cfg.web.loginTimeout * 1000) {
res.clearCookie('RememberMe');
req.session.destroy();
}
}
next();
})
// web routes
let mRoutes = require(global['__dirname']+'/bin/web/routes/static');
let mainRoutes = await mRoutes.getRoutes();

9
bin/web/routes/api/login.js

@ -27,15 +27,6 @@ module.exports = {
}));
}
if(Date.now() > req.session.user.loginTimeout + cfg.web.loginTimeout) {
res.clearCookie('RememberMe');
req.session.destroy();
return res.type('json').status(401).end(JSON.stringify({
status: 401,
message: 'msg.auth.login.failed'
}));
}
let mfa = sanitize(req.body.mfa);
user = await db.getUser(req.session.user.id);

Loading…
Cancel
Save