dsfsdf

2021-12-21 22:03:13 +02:00 · 2021-12-21 22:03:13 +02:00 · 3ee2c0749f
parent 833bee6e49
commit 3ee2c0749f
4 changed files with 10 additions and 15 deletions
--- a/files/main.py
+++ b/files/main.py
@ -108,7 +108,7 @@ def before_request():

 	if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"):
 		session.permanent = True
-		if not session.get("session_id"): session["session_id"] = secrets.token_hex(50)
+		if not session.get("session_id"): session["session_id"] = secrets.token_hex(52)

 	if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]:
 		url = request.url.replace("http://", "https://", 1)
--- a/files/classes/user.py
+++ b/files/classes/user.py
@ -300,8 +300,7 @@ class User(Base):
 	@lazy
 	def formkey(self):

-		if "session_id" not in session:
-			session["session_id"] = token_hex(50)
+		if "session_id" not in session: session["session_id"] = token_hex(52)

 		msg = f"{session['session_id']}+{self.id}+{self.login_nonce}"

--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -14,14 +14,13 @@ def get_logged_in_user():
 		v.client = client
 		return v
 	else:
-		uid = session.get("user_id")
 		nonce = session.get("login_nonce", 0)
-		logged_in = session.get("logged_in")
+		logged_in_user = session.get("logged_in_user")

-		if not uid or not logged_in or uid != logged_in: return None
+		if not logged_in_user: return None

 		try:
-			if g.db: v = g.db.query(User).filter_by(id=logged_in).one_or_none()
+			if g.db: v = g.db.query(User).filter_by(id=logged_in_user).one_or_none()
 			else: return None
 		except: return None

--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -134,9 +134,8 @@ def login_post():
 	else:
 		abort(400)

-	session["user_id"] = account.id
-	session["logged_in"] = account.id
-	session["session_id"] = token_hex(50)
+	session["logged_in_user"] = account.id
+	session["session_id"] = token_hex(52)
 	session["login_nonce"] = account.login_nonce
 	session.permanent = True

@ -164,9 +163,8 @@ def me(v):
@validate_formkey
 def logout(v):

-	session.pop("user_id", None)
 	session.pop("session_id", None)
-	session.pop("logged_in", None)
+	session.pop("logged_in_user", None)

 	return {"message": "Logout successful!"}

@ -340,9 +338,8 @@ def sign_up_post(v):

 	if "rama" in request.host: send_notification(new_user.id, WELCOME_MSG)

-	session["user_id"] = new_user.id
-	session["logged_in"] = new_user.id
-	session["session_id"] = token_hex(50)
+	session["logged_in_user"] = new_user.id
+	session["session_id"] = token_hex(52)

 	g.db.commit()