From 83d9a52a9472e5a9824e1a788b986be9be77acde Mon Sep 17 00:00:00 2001
From: Moe <github@m03.ca>
Date: Mon, 28 Nov 2022 15:54:27 -0800
Subject: [PATCH] Fix API Permissions for Session Key

---
 libs/auth.js    | 13 +++++++------
 libs/monitor.js |  5 +++--
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/libs/auth.js b/libs/auth.js
index ea2d61b0..9372f0f5 100644
--- a/libs/auth.js
+++ b/libs/auth.js
@@ -99,12 +99,13 @@ module.exports = function(s,config,lang){
             }else{
                 getUserBySessionKey(params,function(err,user){
                     if(user){
-                        isSessionKey = true
-                        createSession(apiKey,{
+                        createSession(user,{
+                            auth: params.auth,
                             details: JSON.parse(user.details),
+                            isSessionKey: true,
                             permissions: {}
                         })
-                        callback(err,user,isSessionKey)
+                        callback(err,user,true)
                     }
                 })
             }
@@ -122,7 +123,7 @@ module.exports = function(s,config,lang){
             }
             user.details = s.parseJSON(user.details)
             user.permissions = {}
-            s.api[generatedId] = Object.assign(user,additionalData)
+            s.api[generatedId] = Object.assign({},user,additionalData)
             return generatedId
         }
     }
@@ -204,9 +205,9 @@ module.exports = function(s,config,lang){
             })
         }else if(params.auth && params.ke){
             loginWithApiKey(params,function(err,user,isSessionKey){
-                if(isSessionKey)resetActiveSessionTimer(user)
+                if(isSessionKey)resetActiveSessionTimer(s.api[params.auth])
                 if(user){
-                    onSuccess(user)
+                    onSuccess(s.api[params.auth])
                 }else{
                     onFail()
                 }
diff --git a/libs/monitor.js b/libs/monitor.js
index baaf0d25..4ff1d2b2 100644
--- a/libs/monitor.js
+++ b/libs/monitor.js
@@ -1839,6 +1839,7 @@ module.exports = function(s,config,lang){
         // provide "user" object given from "s.auth"
         const isSubAccount = !!user.details.sub
         const isApiKey = !user.login_type;
+        const isSessionKey = user.isSessionKey;
         const response = {
             isSubAccount,
             hasAllPermissions: isSubAccount && user.details.allmonitors === '1',
@@ -1859,8 +1860,8 @@ module.exports = function(s,config,lang){
             'watch_videos',
             'delete_videos',
         ].forEach((key) => {
-            const permissionOff = isApiKey && permissions[key] !== '1';
-            response.apiKeyPermissions[key] = permissions[key] === '1';
+            const permissionOff = !isSessionKey && isApiKey && permissions[key] !== '1';
+            response.apiKeyPermissions[key] = isSessionKey || permissions[key] === '1';
             response.apiKeyPermissions[`${key}_disallowed`] = permissionOff;
             response.isRestrictedApiKey = response.isRestrictedApiKey || permissionOff;
         });