summaryrefslogtreecommitdiff
path: root/middlewares
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--middlewares/formParser.js3
-rw-r--r--middlewares/helmet.js12
-rw-r--r--middlewares/requireAuth.js8
-rw-r--r--middlewares/sessions.js29
4 files changed, 52 insertions, 0 deletions
diff --git a/middlewares/formParser.js b/middlewares/formParser.js
new file mode 100644
index 0000000..41134ac
--- /dev/null
+++ b/middlewares/formParser.js
@@ -0,0 +1,3 @@
+import bodyParser from "body-parser";
+
+export default bodyParser.urlencoded({ extended: false });
diff --git a/middlewares/helmet.js b/middlewares/helmet.js
new file mode 100644
index 0000000..5ced2c3
--- /dev/null
+++ b/middlewares/helmet.js
@@ -0,0 +1,12 @@
+import helmet from "helmet";
+
+const myHelmet = helmet({
+ contentSecurityPolicy: {
+ directives: {
+ ...helmet.contentSecurityPolicy.getDefaultDirectives(),
+ "script-src": ["'self'", "'unsafe-inline'"],
+ },
+ },
+});
+
+export default myHelmet;
diff --git a/middlewares/requireAuth.js b/middlewares/requireAuth.js
new file mode 100644
index 0000000..3cf10ec
--- /dev/null
+++ b/middlewares/requireAuth.js
@@ -0,0 +1,8 @@
+function requireAuth(req, res, next) {
+ if (req.session.userId) {
+ next();
+ }
+ res.redirect(302, "/login");
+}
+
+export default requireAuth;
diff --git a/middlewares/sessions.js b/middlewares/sessions.js
new file mode 100644
index 0000000..6112a8c
--- /dev/null
+++ b/middlewares/sessions.js
@@ -0,0 +1,29 @@
+import expressSession from "express-session";
+import sqlite from "better-sqlite3";
+import sqliteStore from "better-sqlite3-session-store";
+
+const SqliteStore = sqliteStore(expressSession);
+const db = new sqlite("sessions.db", { verbose: console.log });
+const secret = process.env.SESSION_SECRET || "secret";
+const session = expressSession({
+ cookie: {
+ httpOnly: true,
+ maxAge: 1000 * 60 * 60 * 24 * 15, // 15 days
+ sameSite: "Strict",
+ secure: process.env.NODE_ENV === "production" ? true : false,
+ },
+ name: "JDMSessionId",
+ saveUninitialized: false,
+ secret: secret,
+ store: new SqliteStore({
+ client: db,
+ expired: {
+ clear: true,
+ intervalMs: 1000 * 60 * 60, // 60min
+ }
+ }),
+ resave: false,
+ unset: "destroy",
+});
+
+export default session;