From: Benjamin Auder <benjamin.auder@somewhere>
Date: Mon, 26 Apr 2021 10:15:05 +0000 (+0200)
Subject: (Hopefully) better (cleaner) authentication mechanism now
X-Git-Url: https://git.auder.net/%7B%7B%20asset%28%27mixstore/images/assets/current/doc/%7B%7B%20pkg.url%20%7D%7D?a=commitdiff_plain;h=a5200af9e8734f342d77727b83c1e19dee967500;p=vchess.git

(Hopefully) better (cleaner) authentication mechanism now
---

diff --git a/TODO b/TODO
index 4781bfd2..ad453557 100644
--- a/TODO
+++ b/TODO
@@ -34,3 +34,5 @@ The coin can never be placed on an occupied square, and therefore cannot be used
 A player wins by checkmating the opponent. Note that the coin can be used to remove escape squares from the king.
 
 https://www.chessvariants.com/other.dir/nemoroth.html :-)
+
+Chagagne ^^
diff --git a/client/src/store.js b/client/src/store.js
index 6489b937..40e0ac25 100644
--- a/client/src/store.js
+++ b/client/src/store.js
@@ -1,6 +1,7 @@
 // NOTE: do not use ajax() here because ajax.js requires the store
 import params from "./parameters"; //for server URL
 import { getRandString } from "./utils/alea";
+import { delCookie } from "./utils/cookie";
 
 // Global store: see
 // https://medium.com/fullstackio/managing-state-in-vue-js-23a0352b1c87
@@ -48,7 +49,6 @@ export const store = {
       sid: mysid
     };
     // Slow verification through the server:
-    // NOTE: still superficial identity usurpation possible, but difficult.
     fetch(
       params.serverUrl + "/whoami",
       {
@@ -59,24 +59,30 @@ export const store = {
     )
     .then(res => res.json())
     .then(json => {
-      this.state.user.id = json.id;
-      const storedId = localStorage.getItem("myid");
-      if (json.id > 0 && !storedId)
-        // User cleared localStorage
-        localStorage.setItem("myid", json.id);
-      else if (json.id == 0 && !!storedId)
-        // User cleared cookie
-        localStorage.removeItem("myid");
-      this.state.user.name = json.name;
-      const storedName = localStorage.getItem("myname");
-      if (!!json.name && !storedName)
-        // User cleared localStorage
-        localStorage.setItem("myname", json.name);
-      else if (!json.name && !!storedName)
-        // User cleared cookie
-        localStorage.removeItem("myname");
-      this.state.user.email = json.email;
-      this.state.user.notify = json.notify;
+      if (!json.id) {
+        // Removed, or wrong token
+        if (this.state.user.id > 0) {
+          this.state.user.id = 0;
+          localStorage.removeItem("myid");
+        }
+        if (!!this.state.user.name) {
+          this.state.user.name = "";
+          localStorage.removeItem("myname");
+        }
+        if (document.cookie.indexOf("token") >= 0) delCookie("token");
+      }
+      else {
+        if (this.state.user.id != json.id) {
+          this.state.user.id = json.id;
+          localStorage.setItem("myid", json.id);
+        }
+        if (this.state.user.name != json.name) {
+          this.state.user.name = json.name;
+          localStorage.setItem("myname", json.name);
+        }
+        this.state.user.email = json.email;
+        this.state.user.notify = json.notify;
+      }
     });
     // Settings initialized with values from localStorage
     const getItemDefault = (item, defaut) => {
diff --git a/client/src/utils/cookie.js b/client/src/utils/cookie.js
index 34802243..57e8668a 100644
--- a/client/src/utils/cookie.js
+++ b/client/src/utils/cookie.js
@@ -3,16 +3,20 @@ export function setCookie(name, value) {
   const date = new Date();
   date.setTime(date.getTime() + 183 * 24 * 60 * 60 * 1000); //6 months
   const expires = "; expires=" + date.toGMTString();
-  document.cookie = name + "=" + value + expires + "; path=/";
+  document.cookie = name + "=" + value + expires + "; path=/;";
 }
 
 export function getCookie(name, defaut) {
   const nameEQ = name + "=";
   const ca = document.cookie.split(";");
-  for (var i = 0; i < ca.length; i++) {
-    var c = ca[i];
+  for (let i = 0; i < ca.length; i++) {
+    let c = ca[i];
     while (c.charAt(0) == " ") c = c.substring(1, c.length);
     if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
   }
   return defaut; //cookie not found
 }
+
+export function delCookie(name) {
+  document.cookie = name + "=; Max-Age=-1;";
+}