Make a basic check date functon, and EVEN if the user does NOT have a

lastCheckCookie, they are forced to relog, as there is somewhat of a risk it might be a bad attacker, also postgres has limits, and I don't what to blow it all, so you need the lastCheck Cookie as is. (Yes this is a super important commit :D
2025-06-23 15:51:01 +08:00 · 2025-05-17 21:22:48 +08:00 · 2025-05-17 21:22:48 +08:00 · 0e26a23261
commit 0e26a23261
parent 383ad2e467
1 changed files with 17 additions and 1 deletions
--- a/server/api/user/checkcookie.ts
+++ b/server/api/user/checkcookie.ts
@ -2,8 +2,24 @@
 import postgres from "~/server/components/postgres";
 export default defineEventHandler(async (event) => {
  const loginCookie = getCookie(event, "session");
+  const lastCheckCookie = getCookie(event, "last_check");
+  if (!lastCheckCookie && loginCookie) {
+    deleteCookie(event, "session");
+    deleteCookie(event, "lastCheckCookie");
+    return {
+      auth: false,
+      user: null,
+    };
+  }
+  const checkDate = new Date().toLocaleString();
+  console.log(checkDate);
+  setCookie(event, "lastCheckCookie", checkDate, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+  });
  return {
-    auth: "true",
+    auth: true,
    user: "testing",
  };
 });