mchus/turborfq
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Harden auth session handling and SQL identifier validation

Browse Source
This commit is contained in:
Mikhail Chusavitin
2026-02-04 16:56:53 +03:00
parent 155b1ba9d0
commit b67bac89ee
3 changed files with 108 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
public/js/user.js
View File

@@ -1,7 +1,7 @@
// ===== USER.JS - Авторизация и сессия =====
const STORAGE_KEYS = {
credentials: 'turborfq_credentials',
username: 'turborfq_username',
columns: 'turborfq_columns',
lastTable: 'turborfq_lastTable',
tableState: 'turborfq_tableState'
@@ -111,22 +111,22 @@ function showLogin() {
document.getElementById('loginScreen').style.display = 'flex';
document.getElementById('header').style.display = 'none';
document.getElementById('appContent').style.display = 'none';
document.getElementById('loginUser').value = '';
document.getElementById('loginUser').value = localStorage.getItem(STORAGE_KEYS.username) || '';
document.getElementById('loginPass').value = '';
document.getElementById('loginStatus').textContent = '';
document.getElementById('loginStatus').className = '';
}
// Выполнить авторизацию
async function doLogin(user, pass, saveCredentials = true) {
async function doLogin(user, pass, saveUsername = true) {
const statusEl = document.getElementById('loginStatus');
try {
const res = await api('/api/login', 'POST', { user, pass });
if (res.ok) {
if (saveCredentials) {
localStorage.setItem(STORAGE_KEYS.credentials, JSON.stringify({ user, pass }));
if (saveUsername) {
localStorage.setItem(STORAGE_KEYS.username, user);
}
showApp(user);
await loadTree();
@@ -145,8 +145,12 @@ async function doLogin(user, pass, saveCredentials = true) {
}
// Выйти из системы
function logout() {
localStorage.removeItem(STORAGE_KEYS.credentials);
async function logout() {
try {
await api('/api/logout', 'POST', {});
} catch (e) {
console.error('Logout error:', e);
}
showLogin();
document.getElementById('tree').innerHTML = '';
if (table) {
@@ -168,21 +172,17 @@ function resetSettings() {
// Автологин при загрузке
async function tryAutoLogin() {
const saved = localStorage.getItem(STORAGE_KEYS.credentials);
if (saved) {
try {
const { user, pass } = JSON.parse(saved);
document.getElementById('loginStatus').textContent = 'Автоматический вход...';
const success = await doLogin(user, pass, false);
if (!success) {
localStorage.removeItem(STORAGE_KEYS.credentials);
showLogin();
}
} catch (e) {
localStorage.removeItem(STORAGE_KEYS.credentials);
showLogin();
try {
const session = await api('/api/session');
if (session.authenticated) {
showApp(session.user || 'MariaDB User');
await loadTree();
return;
}
} catch (e) {
console.error('Session restore error:', e);
}
showLogin();
}
// Инициализация обработчиков авторизации