From 0e26a232611e7ca569683352cd6fac55fbb7513f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=90=B3=E5=85=83=E7=9A=93?= <hw@yuanhau.com>
Date: Sat, 17 May 2025 21:22:48 +0800
Subject: [PATCH] Make a basic check date functon, and EVEN if the user does
 NOT have a lastCheckCookie, they are forced to relog, as there is somewhat of
 a risk it might be a bad attacker, also postgres has limits, and I don't what
 to blow it all, so you need the lastCheck Cookie as is. (Yes this is a super
 important commit :D

---
 server/api/user/checkcookie.ts | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/server/api/user/checkcookie.ts b/server/api/user/checkcookie.ts
index b7fd917..5046c25 100644
--- a/server/api/user/checkcookie.ts
+++ b/server/api/user/checkcookie.ts
@@ -2,8 +2,24 @@
 import postgres from "~/server/components/postgres";
 export default defineEventHandler(async (event) => {
   const loginCookie = getCookie(event, "session");
+  const lastCheckCookie = getCookie(event, "last_check");
+  if (!lastCheckCookie && loginCookie) {
+    deleteCookie(event, "session");
+    deleteCookie(event, "lastCheckCookie");
+    return {
+      auth: false,
+      user: null,
+    };
+  }
+  const checkDate = new Date().toLocaleString();
+  console.log(checkDate);
+  setCookie(event, "lastCheckCookie", checkDate, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+  });
   return {
-    auth: "true",
+    auth: true,
     user: "testing",
   };
 });