meb/OLD-server-architecture
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: additional fix for auth login flow and auth web pages and database

Browse Source 
connection.
This commit is contained in:
Giuseppe Raffa
2026-04-21 20:08:59 +02:00
parent c8668920a6
commit 974cbe93cd
17 changed files with 327 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
auth/src/core/auth.core.js
View File

@@ -14,7 +14,7 @@ async function register(username, password) {
throw new Error('User already exists');
}
const hashedPassword = security.hashPassword(password);
const hashedPassword = await security.hashPassword(password);
const id = uuid();
await query('INSERT INTO users (id, username, password_hash) VALUES ($1, $2, $3)', [id, username, hashedPassword]);
@@ -33,7 +33,7 @@ async function register(username, password) {
* Esegue il login di un utente
*/
async function login(username, password) {
const result = await query('SELECT id, username, password_hash, active, created_at FROM users WHERE username = $1', [username]);
const result = await query('SELECT id, username, password_hash, created_at FROM users WHERE username = $1', [username]);
if (result.rows.length === 0) {
throw new Error('No user matched')
}
@@ -83,30 +83,24 @@ async function newSession(userId, userAgent, ip) {
}
/**
* Valida una sessione
* Valida una sessione tramite il suo UUID
*/
async function validateSession(token) {
const parsed = security.parseSessionToken(token);
if (!parsed) {
throw new Error('Invalid token format');
async function validateSession(sessionId) {
if (!sessionId || typeof sessionId !== 'string') {
throw new Error('Invalid session ID');
}
const { code, username } = parsed;
const result = await query(
'SELECT s.id, u.is_active FROM sessions s JOIN users u ON s.user_id = u.id WHERE s.id = $1 AND s.is_revoked = FALSE',
[sessionId]
);
const result = await query('SELECT s.id as session_id, s.user_id, u.username, u.is_active, u.created_at FROM sessions s JOIN users u ON s.user_id = u.id WHERE s.session_code = $1 AND s.is_revoked = FALSE', [code]);
if (result.rows.length === 0) {
throw new Error('Session not found or revoked')
throw new Error('Session not found or revoked');
}
const session = result.rows[0];
if (session.username !== username) {
throw new Error('Session user mismatch');
}
if (!session.active) {
throw new Error('Session is not active');
if (!result.rows[0].is_active) {
throw new Error('User account is not active');
}
}