Close #470 ability to renew an existing bypass, which is slightly useful if you allow long living bypasses

2 years ago · fd7fc1adbf
parent 9c5dd5efa8
commit fd7fc1adbf
2 changed files with 10 additions and 4 deletions
--- a/db/bypass.js
+++ b/db/bypass.js
@ -29,10 +29,15 @@ module.exports = {
 			'anonymizer': anonymizer,
 			'expireAt': new Date(Date.now() + blockBypass.expireAfterTime)
 		};
-		if (anonymizer === true && id !== null) {
+		if (id !== null) {
 			newBypass._id = Mongo.ObjectId(id);
+			return db.replaceOne({
+				_id: newBypass._id
+			}, newBypass, {
+				upsert: true,
+			});
 		}
-		return db.insertOne(newBypass);		
+		return db.insertOne(newBypass);
 	},

 	deleteAll: () => {
--- a/models/forms/blockbypass.js
+++ b/models/forms/blockbypass.js
@ -8,8 +8,9 @@ const { Bypass } = require(__dirname+'/../../db/')
 module.exports = async (req, res) => {

 	const { secureCookies, blockBypass } = config.get;
-	const bypass = await Bypass.getBypass(res.locals.anonymizer, res.locals.pseudoIp, blockBypass.expireAfterUses);
-	const bypassId = bypass.insertedId;
+	const existingBypassId = req.signedCookies.bypassid || res.locals.pseudoIp;
+	const bypass = await Bypass.getBypass(res.locals.anonymizer, existingBypassId, blockBypass.expireAfterUses);
+	const bypassId = bypass.insertedId || existingBypassId; // if upserted, insertedId will be null, and will be the existingId
 	res.locals.blockBypass = true;

 	res.cookie('bypassid', bypassId.toString(), {