1 месяц назад · 3f8e5bc504
--- a/routes/include/auth.js
+++ b/routes/include/auth.js
@@ -101,7 +101,13 @@ export default (langName, lang) => new Elysia({ prefix: "/auth" })
 
				 
			
 
				     const session = await Auth.createSession(verification.email)
			
 
				 
			
 
				-    cookie.session.value = session.token
			
 
				+    cookie.session.set({
			
 
				+      value: session.token,
			
 
				+      expires: new Date(2147483647 * 1000),
			
 
				+      maxAge: new Date(2147483647 * 1000),
			
 
				+      domain: process.env.BASE_URL.replace(/^https?:\/\/(www\.)?|:\d+/gi, ''),
			
 
				+      httpOnly: true
			
 
				+    })
			
 
				 
			
 
				     return redirect(`/${langName === "sk" ? `` : `${langName}/`}panel`)
			
 
				   })
			
--- a/utils/auth.js
+++ b/utils/auth.js
@@ -18,7 +18,8 @@ authDB.run(`create table if not exists sessions (
 
				     id text not null primary key,
			
 
				     secretHash text not null,
			
 
				     email text not null,
			
 
				-    timestamp datetime default current_timestamp
			
 
				+    timestamp datetime default current_timestamp,
			
 
				+    lastAccessed datetime default current_timestamp,
			
 
				 );`)
			
 
				 
			
 
				 import nodemailer from "nodemailer"
			
@@ -176,10 +177,12 @@ export default class Auth {
 
				 
			
 
				         const [id, secret] = token.split(".")
			
 
				 
			
 
				+        const secretHash = await hashSecret(secret)
			
 
				+
			
 
				         const statement = authDB.prepare(`
			
 
				             SELECT *, 
			
 
				             ( CASE
			
 
				-                WHEN (strftime('%s', 'now') - strftime('%s', timestamp)) > $seconds THEN 0
			
 
				+                WHEN (strftime('%s', 'now') - strftime('%s', lastAccessed)) > $seconds THEN 0
			
 
				                 ELSE 1
			
 
				                 END
			
 
				             ) AS valid
			
@@ -190,8 +193,19 @@ export default class Auth {
 
				         const result = statement.get({
			
 
				             $seconds: process.env.SESSION_TIMEOUT,
			
 
				             $id: id,
			
 
				-            $secretHash: await hashSecret(secret)
			
 
				-        });
			
 
				+            $secretHash: secretHash
			
 
				+        })
			
 
				+
			
 
				+        const updateStmt = authDB.prepare(`
			
 
				+            UPDATE sessions 
			
 
				+            SET lastAccessed = CURRENT_TIMESTAMP 
			
 
				+            WHERE id = $id AND secretHash = $secretHash
			
 
				+        `)
			
 
				+        
			
 
				+        updateStmt.run({
			
 
				+            $id: id,
			
 
				+            $secretHash: secretHash
			
 
				+        })
			
 
				 
			
 
				         return result
			
 
				     }