From df14d08cc30bcaafe2ac5eefc7103593a71a68d9 Mon Sep 17 00:00:00 2001
From: Akif9748 <akif9748@gmail.com>
Date: Sat, 17 Sep 2022 22:21:35 +0300
Subject: [PATCH] Sessions are stored now
---
.env.example | 3 +-
index.js | 28 +++++-----
package-lock.json | 122 +++++++++++++++++++++++++++++++++++++++++
package.json | 1 +
routes/discord_auth.js | 5 +-
5 files changed, 144 insertions(+), 15 deletions(-)
diff --git a/.env.example b/.env.example
index 8048631..3a850e3 100644
--- a/.env.example
+++ b/.env.example
@@ -1,2 +1,3 @@
MONGO_DB_URL = mongodb://localhost:27017/akf-forum
-DISCORD_CLIENT = discord_app_id
\ No newline at end of file
+DISCORD_CLIENT = discord_app_id
+SECRET = secret
\ No newline at end of file
diff --git a/index.js b/index.js
index d000fdf..392fa05 100644
--- a/index.js
+++ b/index.js
@@ -1,8 +1,4 @@
-const { urlencoded: BP } = require('body-parser'),
- { mw: IP } = require('request-ip'),
- RL = require('express-rate-limit'),
- SES = require('express-session');
-
+require("dotenv").config();
const
{ def_theme, forum_name, description, limits, global_ratelimit: RLS, discord_auth, host } = require("./config.json"),
{ UserModel, BanModel } = require("./models"),
@@ -10,19 +6,25 @@ const
mongoose = require("mongoose"),
express = require('express'),
fs = require("fs"),
- app = express();
+ app = express(),
+ { urlencoded: BP } = require('body-parser'),
+ { mw: IP } = require('request-ip'),
+ RL = require('express-rate-limit'),
+ SES = require('express-session'),
+ MS = require("connect-mongo"),
+ DB = mongoose.connect(process.env.MONGO_DB_URL)
+ .then(async m => {
+ console.log("Database is connected with", (app.ips = await BanModel.find({})).length, "banned IPs");
+ return m.connection.getClient()
+ });
app.ips = [];
-require("dotenv").config();
-mongoose.connect(process.env.MONGO_DB_URL,
- async () => console.log("Database is connected with", (app.ips = await BanModel.find({})).length, "banned IPs"));
-
app.set("view engine", "ejs");
app.set("limits", limits);
-app.use(express.static("public"), express.json(), IP(),
- SES({ secret: 'secret', resave: true, saveUninitialized: true }),
+app.use(express.static("public"), express.json(), IP(), BP({ extended: true }),
+ SES({ secret: process.env.SECRET, store: MS.create({ clientPromise: DB, stringify: false }), resave: true, saveUninitialized: true }),
async (req, res, next) => {
if (app.ips.includes(req.clientIp)) return res.status(403).send("You are banned from this forum.");
@@ -39,7 +41,7 @@ app.use(express.static("public"), express.json(), IP(),
return res.error(403, "Your account has been deleted.");
}
next();
- }, BP({ extended: true })
+ }
);
if (discord_auth)
diff --git a/package-lock.json b/package-lock.json
index 54648bc..a4c86b5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,6 +11,7 @@
"dependencies": {
"bcrypt": "^5.0.1",
"body-parser": "^1.19.2",
+ "connect-mongo": "^4.6.0",
"dotenv": "^16.0.1",
"ejs": "^3.1.6",
"express": "^4.18.1",
@@ -161,6 +162,17 @@
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
"integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
},
+ "node_modules/asn1.js": {
+ "version": "5.4.1",
+ "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
+ "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==",
+ "dependencies": {
+ "bn.js": "^4.0.0",
+ "inherits": "^2.0.1",
+ "minimalistic-assert": "^1.0.0",
+ "safer-buffer": "^2.1.0"
+ }
+ },
"node_modules/async": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
@@ -203,6 +215,11 @@
"node": ">= 10.0.0"
}
},
+ "node_modules/bn.js": {
+ "version": "4.12.0",
+ "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
+ "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA=="
+ },
"node_modules/body-parser": {
"version": "1.20.0",
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
@@ -398,6 +415,42 @@
"safe-buffer": "~5.1.0"
}
},
+ "node_modules/connect-mongo": {
+ "version": "4.6.0",
+ "resolved": "https://registry.npmjs.org/connect-mongo/-/connect-mongo-4.6.0.tgz",
+ "integrity": "sha512-8new4Z7NLP3CGP65Aw6ls3xDBeKVvHRSh39CXuDZTQsvpeeU9oNMzfFgvqmHqZ6gWpxIl663RyoVEmCAGf1yOg==",
+ "dependencies": {
+ "debug": "^4.3.1",
+ "kruptein": "^3.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ },
+ "peerDependencies": {
+ "mongodb": "^4.1.0"
+ }
+ },
+ "node_modules/connect-mongo/node_modules/debug": {
+ "version": "4.3.4",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+ "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+ "dependencies": {
+ "ms": "2.1.2"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/connect-mongo/node_modules/ms": {
+ "version": "2.1.2",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+ },
"node_modules/console-control-strings": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
@@ -924,6 +977,17 @@
"resolved": "https://registry.npmjs.org/kareem/-/kareem-2.4.1.tgz",
"integrity": "sha512-aJ9opVoXroQUPfovYP5kaj2lM7Jn02Gw13bL0lg9v0V7SaUc0qavPs0Eue7d2DcC3NjqI6QAUElXNsuZSeM+EA=="
},
+ "node_modules/kruptein": {
+ "version": "3.0.5",
+ "resolved": "https://registry.npmjs.org/kruptein/-/kruptein-3.0.5.tgz",
+ "integrity": "sha512-c1pyg/HKep8y5l+AoiicTs94k4bnzBSiS1b8NQcnQDtv9Yh45rNLuDIUwEwawmuFYpcA5xqhG7k0LqiMhrBPXw==",
+ "dependencies": {
+ "asn1.js": "^5.4.1"
+ },
+ "engines": {
+ "node": ">8"
+ }
+ },
"node_modules/lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@@ -1014,6 +1078,11 @@
"node": ">= 0.6"
}
},
+ "node_modules/minimalistic-assert": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
+ "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
+ },
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
@@ -1894,6 +1963,17 @@
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
"integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
},
+ "asn1.js": {
+ "version": "5.4.1",
+ "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
+ "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==",
+ "requires": {
+ "bn.js": "^4.0.0",
+ "inherits": "^2.0.1",
+ "minimalistic-assert": "^1.0.0",
+ "safer-buffer": "^2.1.0"
+ }
+ },
"async": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
@@ -1918,6 +1998,11 @@
"node-addon-api": "^3.1.0"
}
},
+ "bn.js": {
+ "version": "4.12.0",
+ "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
+ "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA=="
+ },
"body-parser": {
"version": "1.20.0",
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
@@ -2067,6 +2152,30 @@
}
}
},
+ "connect-mongo": {
+ "version": "4.6.0",
+ "resolved": "https://registry.npmjs.org/connect-mongo/-/connect-mongo-4.6.0.tgz",
+ "integrity": "sha512-8new4Z7NLP3CGP65Aw6ls3xDBeKVvHRSh39CXuDZTQsvpeeU9oNMzfFgvqmHqZ6gWpxIl663RyoVEmCAGf1yOg==",
+ "requires": {
+ "debug": "^4.3.1",
+ "kruptein": "^3.0.0"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.3.4",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+ "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+ "requires": {
+ "ms": "2.1.2"
+ }
+ },
+ "ms": {
+ "version": "2.1.2",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+ }
+ }
+ },
"console-control-strings": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
@@ -2466,6 +2575,14 @@
"resolved": "https://registry.npmjs.org/kareem/-/kareem-2.4.1.tgz",
"integrity": "sha512-aJ9opVoXroQUPfovYP5kaj2lM7Jn02Gw13bL0lg9v0V7SaUc0qavPs0Eue7d2DcC3NjqI6QAUElXNsuZSeM+EA=="
},
+ "kruptein": {
+ "version": "3.0.5",
+ "resolved": "https://registry.npmjs.org/kruptein/-/kruptein-3.0.5.tgz",
+ "integrity": "sha512-c1pyg/HKep8y5l+AoiicTs94k4bnzBSiS1b8NQcnQDtv9Yh45rNLuDIUwEwawmuFYpcA5xqhG7k0LqiMhrBPXw==",
+ "requires": {
+ "asn1.js": "^5.4.1"
+ }
+ },
"lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@@ -2528,6 +2645,11 @@
"mime-db": "1.52.0"
}
},
+ "minimalistic-assert": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
+ "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
+ },
"minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
diff --git a/package.json b/package.json
index 436e452..35bc1d1 100644
--- a/package.json
+++ b/package.json
@@ -27,6 +27,7 @@
"dependencies": {
"bcrypt": "^5.0.1",
"body-parser": "^1.19.2",
+ "connect-mongo": "^4.6.0",
"dotenv": "^16.0.1",
"ejs": "^3.1.6",
"express": "^4.18.1",
diff --git a/routes/discord_auth.js b/routes/discord_auth.js
index 9f5c2cc..f22eb10 100644
--- a/routes/discord_auth.js
+++ b/routes/discord_auth.js
@@ -3,6 +3,9 @@ const { UserModel } = require("../models");
const fetch = require("node-fetch");
const app = Router();
+app.use(async (req, res, next) =>
+ req.app.get("discord_auth") ? next() : res.error(404,"Discord auth is disabled")
+)
app.get("/hash", (req, res) => res.send('<script>location.href=location.href.replace("#","?").replace("discord_auth/hash","discord_auth");</script>'))
app.get("/", async (req, res) => {
@@ -33,7 +36,7 @@ app.get("/", async (req, res) => {
req.session.userID = forum.id;
return res.redirect("/");
}
-
+
let name = discord.username + discord.discriminator;
while (await UserModel.findOne({ name }))
name += Math.floor(Math.random() * 2);