From a3c0ac7ab694335f1c1ffd5eba83a920d036b660 Mon Sep 17 00:00:00 2001
From: Niko <niko@nobigtech.es>
Date: Thu, 10 Feb 2022 02:08:46 +0100
Subject: [PATCH] Added improved session enforcing and redirection methods

---
 web/src/base.php         | 28 +++++++++++++++++++++++++---
 web/src/public/login.php |  2 +-
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/web/src/base.php b/web/src/base.php
index 474c154..5cc5175 100644
--- a/web/src/base.php
+++ b/web/src/base.php
@@ -40,8 +40,30 @@ function tpl_styles($styles) {
 }
 
 
-function cookie_redirect_app() {
-	// TODO: also check if cookie is valid to redirect
-	if (isset($_COOKIE['fedilove_session']))
+function session() {
+	if (!isset($_COOKIE['fedilove_session']))
+		return null;
+
+	require_once 'database.php';
+	$session = null;
+	if (isset($GLOBALS['db_session']))
+		$session = $GLOBALS['db_session'];
+	else {
+		$session = (new DB())->findOne('u__sessions',
+			['session' => $_COOKIE['fedilove_session']]);
+		$GLOBALS['db_session'] = $session;
+	}
+	if ($session !== null && strlen((string)$session->_id) > 0)
+		return $session;
+	return null;
+}
+
+function session_enforce($redirect = '/') {
+	if (session() === null)
+		redirect($redirect);
+}
+
+function if_session_redirect_app() {
+	if (session() !== null)
 		redirect(APP_DIR);
 }
diff --git a/web/src/public/login.php b/web/src/public/login.php
index bf3828d..fb3e964 100644
--- a/web/src/public/login.php
+++ b/web/src/public/login.php
@@ -1,5 +1,5 @@
 <?php require 'base.php' ?>
-<?php cookie_redirect_app() ?>
+<?php if_session_redirect_app() ?>
 <?php tpl('pub.header', [
 	'title' => ' s(login)',
 	'scripts' => ['http']