From 5462326f79491640164becb67645df6e5eb82ea7 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Mon, 25 Nov 2024 01:46:27 +0800 Subject: [PATCH] Updated `dashboard.py` and `DashboardConfigurationStore.js` - Added `session.clear()` to clean the session specific to each login session - Clear all cookie with the `signout` request and also clear again (just in case) in the frontend code. --- src/dashboard.py | 2 +- src/static/app/src/stores/DashboardConfigurationStore.js | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/dashboard.py b/src/dashboard.py index 2519991..48582da 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -1726,7 +1726,6 @@ def API_ValidateAuthentication(): def API_AuthenticateLogin(): data = request.get_json() if DashboardConfig.APIAccessed: - authToken = hashlib.sha256(f"{request.headers.get('wg-dashboard-apikey')}{datetime.now()}".encode()).hexdigest() session['username'] = authToken resp = ResponseObject(True, DashboardConfig.GetConfig("Other", "welcome_session")[1]) @@ -1761,6 +1760,7 @@ def API_AuthenticateLogin(): def API_SignOut(): resp = ResponseObject(True, "") resp.delete_cookie("authToken") + session.clear() return resp @app.route(f'{APP_PREFIX}/api/getWireguardConfigurations', methods=["GET"]) diff --git a/src/static/app/src/stores/DashboardConfigurationStore.js b/src/static/app/src/stores/DashboardConfigurationStore.js index 7cd3afa..f4a7f48 100644 --- a/src/static/app/src/stores/DashboardConfigurationStore.js +++ b/src/static/app/src/stores/DashboardConfigurationStore.js @@ -63,8 +63,9 @@ export const DashboardConfigurationStore = defineStore('DashboardConfigurationSt }); }, async signOut(){ - await fetchGet("/api/signout", {}, (res) => { + await fetchGet("/api/signout", {}, () => { this.removeActiveCrossServer(); + document.cookie = ''; this.$router.go('/signin') }); },