shell bypass 403
const jwt = require('jsonwebtoken');
const JWT_SECRET = "l!TtLeGr()O//En";
const Admin = require("../Schema/Admin");
const cookieAuth = () => {
return async (req, res, next) => {
try {
const cookieAuthtoken = req.cookies['authtoken'];
if (cookieAuthtoken) {
// Verify the token and fetch admin details
const tokenAdmin = jwt.verify(cookieAuthtoken, JWT_SECRET);
const dbAdmin = await Admin.findById(tokenAdmin.id);
const { _id, name, email } = dbAdmin;
// Create a new admin object and generate a new token
const admin = { id: _id, name, email };
const authtoken = jwt.sign({ id: _id, email }, JWT_SECRET);
// Set the new token in the cookie
res.cookie('authtoken', authtoken);
req.admin = admin;
// Redirect to admin dashboard if already logged in and trying to access login/register
if (admin && (req.path.includes('login') || req.path.includes('register'))) {
return res.redirect('/sites/pioneer-reality/admin/');
}
// Proceed to the next middleware
next();
} else {
// Redirect to login or register based on the route
if (req.path.includes('register')) {
next(); // Allow access to the register page
} else if (!req.path.includes('login')) {
res.redirect('/sites/pioneer-reality/admin/login'); // Redirect to login for other pages
} else {
next(); // Allow access to the login page
}
}
} catch (err) {
console.log('Error in cookieAuth:', err.message);
// Redirect to login or register based on the route
if (req.path.includes('register')) {
next(); // Allow access to the register page
} else if (!req.path.includes('login')) {
res.redirect('/sites/pioneer-reality/admin/login'); // Redirect to login for other pages
} else {
next(); // Allow access to the login page
}
}
};
};
module.exports = cookieAuth;