fuggin session clearing fo admins pogchamp

2025-12-16 23:02:13 +11:00 · 2021-04-22 21:16:15 +10:00 · 2021-04-22 21:16:15 +10:00 · 5a67d13f75
commit 5a67d13f75
parent 95f5d2cf48
3 changed files with 43 additions and 3 deletions
--- a/index.js
+++ b/index.js
@ -151,7 +151,6 @@ app.get('/BankF', ensureAuthenticated, async function(req, res){
  }

  logsent = logsent.body.value
-  console.log(logsent)
  if(logsent == 1 || logsent == -1 || logrec == null){
    logsent = undefined
  }else{
@ -249,12 +248,10 @@ app.post('/sendfunds', async function(req, res){
    for( i in logrec){
      let d = new Date(logrec[i].time)
      logrec[i].time = d
-      console.log(logrec[i].time)
    }
    for( i in logsent){
      let d = new Date(logsent[i].time)
      logsent[i].time = d
-      console.log(logsent[i].time)
    }

    res.render("bankf",{
--- a/routes/admin.js
+++ b/routes/admin.js
@ -9,7 +9,10 @@ const expressValidator = require('express-validator');
 const session = require('express-session');
 const {postUser} = require('../helpers/functions.js')
 const got = require('got')
+const MemoryStore = require('memorystore')(session)
 console.log('Sen was here')
+
+
 router.get('/', checkAdmin, function(req, res){
  res.render('adminsettings', {
    user: req.session.user,
@ -151,6 +154,36 @@ router.post('/userdelete', checkAdmin, async function(req,res){
    errors: errors,
  })
 })
+router.post('/destroyallsessions', checkAdmin, async function(req,res) {
+  let {attempt} = req.body;
+  let adminTest
+  let errors = []
+  try{
+    adminTest = await got.post(process.env.BANKAPIURL+'BankF/admin/vpass',{
+      json:{
+        attempt: attempt,
+      },
+      responseType:'json'
+    })
+  } catch(err){
+    console.log(err)
+  }
+  console.log(adminTest.body.value)
+  if(adminTest){
+    req.sessionStore.clear(function(err){
+      console.log(err)
+    })
+    res.redirect('/')
+  }else{
+    errors.push({msg: "failed admin password check"})
+    res.render("adminsettings",{
+      user: req.session.user,
+      admin: req.session.admin,
+      errors: errors,
+    })
+  }
+
+})
 router.post('/close', checkAdmin, async function(req,res){
  let {attempt} = req.body;
  let close;
--- a/views/adminsettings.pug
+++ b/views/adminsettings.pug
@ -57,6 +57,16 @@ block content
          br
          input.btn.btn-primary(type='submit',value='Submit')
      br
+      .card.shadow-lg
+        h4 Destroy All Sessions
+        form(method='POST', action='/admin/destroyallsessions')
+          #form-group
+            p WARNING THIS WILL DESTROY ALL LOGIN SESSIONS, EVERYONE WILL HAVE TO LOG IN AGAIN
+            label Confirm admin password to DESTROY
+            input.form-control(name='attempt', type='password')
+          br
+          input.btn.btn-danger(type='submit',value='Destroy')
+      br
      .card.shadow-lg
        h4 Close Server
        form(method='POST', action='/admin/close')