diff options
Diffstat (limited to '')
-rw-r--r-- | middlewares/formParser.js | 3 | ||||
-rw-r--r-- | middlewares/helmet.js | 12 | ||||
-rw-r--r-- | middlewares/requireAuth.js | 8 | ||||
-rw-r--r-- | middlewares/sessions.js | 29 |
4 files changed, 52 insertions, 0 deletions
diff --git a/middlewares/formParser.js b/middlewares/formParser.js new file mode 100644 index 0000000..41134ac --- /dev/null +++ b/middlewares/formParser.js @@ -0,0 +1,3 @@ +import bodyParser from "body-parser"; + +export default bodyParser.urlencoded({ extended: false }); diff --git a/middlewares/helmet.js b/middlewares/helmet.js new file mode 100644 index 0000000..5ced2c3 --- /dev/null +++ b/middlewares/helmet.js @@ -0,0 +1,12 @@ +import helmet from "helmet"; + +const myHelmet = helmet({ + contentSecurityPolicy: { + directives: { + ...helmet.contentSecurityPolicy.getDefaultDirectives(), + "script-src": ["'self'", "'unsafe-inline'"], + }, + }, +}); + +export default myHelmet; diff --git a/middlewares/requireAuth.js b/middlewares/requireAuth.js new file mode 100644 index 0000000..3cf10ec --- /dev/null +++ b/middlewares/requireAuth.js @@ -0,0 +1,8 @@ +function requireAuth(req, res, next) { + if (req.session.userId) { + next(); + } + res.redirect(302, "/login"); +} + +export default requireAuth; diff --git a/middlewares/sessions.js b/middlewares/sessions.js new file mode 100644 index 0000000..6112a8c --- /dev/null +++ b/middlewares/sessions.js @@ -0,0 +1,29 @@ +import expressSession from "express-session"; +import sqlite from "better-sqlite3"; +import sqliteStore from "better-sqlite3-session-store"; + +const SqliteStore = sqliteStore(expressSession); +const db = new sqlite("sessions.db", { verbose: console.log }); +const secret = process.env.SESSION_SECRET || "secret"; +const session = expressSession({ + cookie: { + httpOnly: true, + maxAge: 1000 * 60 * 60 * 24 * 15, // 15 days + sameSite: "Strict", + secure: process.env.NODE_ENV === "production" ? true : false, + }, + name: "JDMSessionId", + saveUninitialized: false, + secret: secret, + store: new SqliteStore({ + client: db, + expired: { + clear: true, + intervalMs: 1000 * 60 * 60, // 60min + } + }), + resave: false, + unset: "destroy", +}); + +export default session; |