From: Benjamin Auder Date: Mon, 26 Apr 2021 10:15:05 +0000 (+0200) Subject: (Hopefully) better (cleaner) authentication mechanism now X-Git-Url: https://git.auder.net/doc/%7B%7B%20asset%28%27mixstore/current/pieces/%7B%7B%20pkg.url%20%7D%7D?a=commitdiff_plain;h=a5200af9e8734f342d77727b83c1e19dee967500;p=vchess.git (Hopefully) better (cleaner) authentication mechanism now --- diff --git a/TODO b/TODO index 4781bfd2..ad453557 100644 --- a/TODO +++ b/TODO @@ -34,3 +34,5 @@ The coin can never be placed on an occupied square, and therefore cannot be used A player wins by checkmating the opponent. Note that the coin can be used to remove escape squares from the king. https://www.chessvariants.com/other.dir/nemoroth.html :-) + +Chagagne ^^ diff --git a/client/src/store.js b/client/src/store.js index 6489b937..40e0ac25 100644 --- a/client/src/store.js +++ b/client/src/store.js @@ -1,6 +1,7 @@ // NOTE: do not use ajax() here because ajax.js requires the store import params from "./parameters"; //for server URL import { getRandString } from "./utils/alea"; +import { delCookie } from "./utils/cookie"; // Global store: see // https://medium.com/fullstackio/managing-state-in-vue-js-23a0352b1c87 @@ -48,7 +49,6 @@ export const store = { sid: mysid }; // Slow verification through the server: - // NOTE: still superficial identity usurpation possible, but difficult. fetch( params.serverUrl + "/whoami", { @@ -59,24 +59,30 @@ export const store = { ) .then(res => res.json()) .then(json => { - this.state.user.id = json.id; - const storedId = localStorage.getItem("myid"); - if (json.id > 0 && !storedId) - // User cleared localStorage - localStorage.setItem("myid", json.id); - else if (json.id == 0 && !!storedId) - // User cleared cookie - localStorage.removeItem("myid"); - this.state.user.name = json.name; - const storedName = localStorage.getItem("myname"); - if (!!json.name && !storedName) - // User cleared localStorage - localStorage.setItem("myname", json.name); - else if (!json.name && !!storedName) - // User cleared cookie - localStorage.removeItem("myname"); - this.state.user.email = json.email; - this.state.user.notify = json.notify; + if (!json.id) { + // Removed, or wrong token + if (this.state.user.id > 0) { + this.state.user.id = 0; + localStorage.removeItem("myid"); + } + if (!!this.state.user.name) { + this.state.user.name = ""; + localStorage.removeItem("myname"); + } + if (document.cookie.indexOf("token") >= 0) delCookie("token"); + } + else { + if (this.state.user.id != json.id) { + this.state.user.id = json.id; + localStorage.setItem("myid", json.id); + } + if (this.state.user.name != json.name) { + this.state.user.name = json.name; + localStorage.setItem("myname", json.name); + } + this.state.user.email = json.email; + this.state.user.notify = json.notify; + } }); // Settings initialized with values from localStorage const getItemDefault = (item, defaut) => { diff --git a/client/src/utils/cookie.js b/client/src/utils/cookie.js index 34802243..57e8668a 100644 --- a/client/src/utils/cookie.js +++ b/client/src/utils/cookie.js @@ -3,16 +3,20 @@ export function setCookie(name, value) { const date = new Date(); date.setTime(date.getTime() + 183 * 24 * 60 * 60 * 1000); //6 months const expires = "; expires=" + date.toGMTString(); - document.cookie = name + "=" + value + expires + "; path=/"; + document.cookie = name + "=" + value + expires + "; path=/;"; } export function getCookie(name, defaut) { const nameEQ = name + "="; const ca = document.cookie.split(";"); - for (var i = 0; i < ca.length; i++) { - var c = ca[i]; + for (let i = 0; i < ca.length; i++) { + let c = ca[i]; while (c.charAt(0) == " ") c = c.substring(1, c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); } return defaut; //cookie not found } + +export function delCookie(name) { + document.cookie = name + "=; Max-Age=-1;"; +}