fix: move database call used to associate a NodeBB session UUID to its express session id into user.auth.addSession, which is the only time it is called

isekai-main
Julian Lam 1 year ago
parent 9dc9d5ef54
commit e1bced8c2c

@ -379,15 +379,12 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
new Promise((resolve) => {
req.session.save(resolve);
}),
user.auth.addSession(uid, req.sessionID),
user.auth.addSession(uid, req.sessionID, uuid),
user.updateLastOnlineTime(uid),
user.onUserOnline(uid, Date.now()),
analytics.increment('logins'),
db.incrObjectFieldBy('global', 'loginCount', 1),
]);
if (uid > 0) {
await db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, req.sessionID);
}
// Force session check for all connected socket.io clients with the same session id
sockets.in(`sess_${req.sessionID}`).emit('checkSession', uid);

@ -106,12 +106,15 @@ module.exports = function (User) {
await db.sortedSetRemove(`uid:${uid}:sessions`, expiredSids);
}
User.auth.addSession = async function (uid, sessionId) {
User.auth.addSession = async function (uid, sessionId, uuid) {
if (!(parseInt(uid, 10) > 0)) {
return;
}
await cleanExpiredSessions(uid);
await db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId);
await Promise.all([
db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId),
db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, sessionId),
]);
await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
};

Loading…
Cancel
Save