diff --git a/api/dev/sessions/sess_mock-user-session b/api/dev/sessions/sess_mock-user-session index e69de29bb..256370000 100644 --- a/api/dev/sessions/sess_mock-user-session +++ b/api/dev/sessions/sess_mock-user-session @@ -0,0 +1 @@ +unraid_login|i:1736523078;unraid_user|s:4:"root";locale|s:0:"";buildDate|s:8:"20241202"; \ No newline at end of file diff --git a/api/src/unraid-api/auth/cookie.service.spec.ts b/api/src/unraid-api/auth/cookie.service.spec.ts index 213a2caa5..284580882 100644 --- a/api/src/unraid-api/auth/cookie.service.spec.ts +++ b/api/src/unraid-api/auth/cookie.service.spec.ts @@ -1,7 +1,11 @@ -import { Test, type TestingModule } from '@nestjs/testing'; +import type { TestingModule } from '@nestjs/testing'; +import { Test } from '@nestjs/testing'; +import { writeFile } from 'node:fs/promises'; + +import { emptyDir } from 'fs-extra'; +import { afterAll, beforeAll, describe, it } from 'vitest'; + import { CookieService, SESSION_COOKIE_CONFIG } from './cookie.service'; -import { describe, it, beforeAll, afterAll } from 'vitest'; -import { emptyDir, ensureFile } from 'fs-extra'; describe.concurrent('CookieService', () => { let service: CookieService; @@ -10,7 +14,11 @@ describe.concurrent('CookieService', () => { // helper to create a session file function makeSession(sessionId: string, cookieService: CookieService = service) { const path = cookieService.getSessionFilePath(sessionId); - return ensureFile(path); + return writeFile( + path, + `unraid_login|i:1736523078;unraid_user|s:4:"root";locale|s:0:"";buildDate|s:8:"20241202";`, + 'ascii' + ); } beforeAll(async () => { diff --git a/api/src/unraid-api/auth/cookie.service.ts b/api/src/unraid-api/auth/cookie.service.ts index 4737b5d41..a5d64cf08 100644 --- a/api/src/unraid-api/auth/cookie.service.ts +++ b/api/src/unraid-api/auth/cookie.service.ts @@ -1,4 +1,5 @@ -import { Inject, Injectable } from '@nestjs/common'; +import { Inject, Injectable, Logger } from '@nestjs/common'; +import { readFile } from 'fs/promises'; import { join } from 'path'; import { fileExists } from '@app/core/utils/files/file-exists'; @@ -18,6 +19,7 @@ type SessionCookieConfig = { @Injectable() export class CookieService { + private readonly logger = new Logger(CookieService.name); constructor( @Inject(SESSION_COOKIE_CONFIG) readonly opts: SessionCookieConfig = CookieService.defaultOpts() ) {} @@ -60,10 +62,17 @@ export class CookieService { */ private async isValidAuthCookie(cookieName: string, cookieValue: string): Promise { const { namePrefix } = this.opts; - if (!cookieName.startsWith(namePrefix)) { + const sessionFile = this.getSessionFilePath(cookieValue); + if (!cookieName.startsWith(namePrefix) || !(await fileExists(sessionFile))) { + return false; + } + try { + const sessionData = await readFile(sessionFile, 'ascii'); + return sessionData.includes('unraid_login') && sessionData.includes('unraid_user'); + } catch (e) { + this.logger.error(e, 'Error reading session file'); return false; } - return fileExists(this.getSessionFilePath(cookieValue)); } /**