web - fix login timeout

2021-08-15 14:30:22 +02:00 · 2021-08-15 14:30:22 +02:00 · 8ed3d8cbf5
commit 8ed3d8cbf5
parent 5457ff3f05
2 changed files with 11 additions and 9 deletions
--- a/bin/web/module.js
+++ b/bin/web/module.js
@ -100,6 +100,17 @@ methods.start = () => {
 		}
 		app.use(session_handler(session_options));

+		// login timeout, clear on all requests
+		app.use((req, res, next) => {
+			if(req.session && req.session.user && req.session.user.login_timeout) {
+				if(Date.now() > req.session.user.login_timeout + cfg.web.loginTimeout * 1000) {
+					res.clearCookie('RememberMe');
+					req.session.destroy();
+				}
+			}
+			next();
+		})
+
 		// web routes
 		let mRoutes = require(global['__dirname']+'/bin/web/routes/static');
 		let mainRoutes = await mRoutes.getRoutes();
--- a/bin/web/routes/api/login.js
+++ b/bin/web/routes/api/login.js
@ -27,15 +27,6 @@ module.exports = {
 					}));
 				}

-				if(Date.now() > req.session.user.loginTimeout + cfg.web.loginTimeout) {
-					res.clearCookie('RememberMe');
-					req.session.destroy();
-					return res.type('json').status(401).end(JSON.stringify({
-						status: 401,
-						message: 'msg.auth.login.failed'
-					}));
-				}
-
 				let mfa = sanitize(req.body.mfa);
 				user = await db.getUser(req.session.user.id);