From 9760710c182abee6da2cdd458a750c7079ce8e95 Mon Sep 17 00:00:00 2001
From: sairajzero <sairaj0630@gmail.com>
Date: Thu, 20 Jan 2022 05:35:48 +0530
Subject: [PATCH] Check session expiry on each request

---
 src/request.js | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/src/request.js b/src/request.js
index 2547d58..8d51727 100644
--- a/src/request.js
+++ b/src/request.js
@@ -30,9 +30,11 @@ function validateRequestFromFloID(request, sign, floID, proxy = true) {
             return reject(INVALID(INVALID_SERVER_MSG));
         else if (!floCrypto.validateAddr(floID))
             return res.status(INVALID.e_code).send("Invalid floID");
-        DB.query("SELECT " + (proxy ? "proxyKey AS pubKey FROM Sessions" : "pubKey FROM Users") + " WHERE floID=?", [floID]).then(result => {
+        DB.query("SELECT " + (proxy ? "session_time, proxyKey AS pubKey FROM Sessions" : "pubKey FROM Users") + " WHERE floID=?", [floID]).then(result => {
             if (result.length < 1)
                 return reject(INVALID(proxy ? "Session not active" : "User not registered"));
+            if (proxy && result[0].session_time + maxSessionTimeout < Date.now())
+                return res.status(INVALID.e_code).send("Session Expired! Re-login required");
             let req_str = validateRequest(request, sign, result[0].pubKey);
             req_str instanceof INVALID ? reject(req_str) : resolve(req_str);
         }).catch(error => reject(error));
@@ -274,18 +276,11 @@ function Account(req, res) {
         type: "get_account",
         timestamp: data.timestamp
     }, data.sign, data.floID).then(req_str => {
-        DB.query("SELECT session_time FROM Sessions WHERE floID=?", [data.floID]).then(result => {
-            if (result.length < 1)
-                res.status(INVALID.e_code).send("floID not registered");
-            else if (result[0].session_time + maxSessionTimeout < Date.now())
-                res.status(INVALID.e_code).send("Session Expired! Re-login required");
-            else
-                market.getAccountDetails(data.floID).then(result => {
-                    if (trustedIDs.includes(data.floID))
-                        result.subAdmin = true;
-                    res.send(result);
-                });
-        }).catch(_ => res.status(INTERNAL.e_code).send("Try again later!"));
+        market.getAccountDetails(data.floID).then(result => {
+            if (trustedIDs.includes(data.floID))
+                result.subAdmin = true;
+            res.send(result);
+        });
     }).catch(error => {
         if (error instanceof INVALID)
             res.status(INVALID.e_code).send(error.message);