From 2611ded920a8345922346ed0d43e4efdd94401a1 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Thu, 27 Oct 2022 23:56:29 +0200
Subject: Began implementing middlewares, session and auth

---
 middlewares/formParser.js  |  3 +++
 middlewares/helmet.js      | 12 ++++++++++++
 middlewares/requireAuth.js |  8 ++++++++
 middlewares/sessions.js    | 29 +++++++++++++++++++++++++++++
 4 files changed, 52 insertions(+)
 create mode 100644 middlewares/formParser.js
 create mode 100644 middlewares/helmet.js
 create mode 100644 middlewares/requireAuth.js
 create mode 100644 middlewares/sessions.js

(limited to 'middlewares')

diff --git a/middlewares/formParser.js b/middlewares/formParser.js
new file mode 100644
index 0000000..41134ac
--- /dev/null
+++ b/middlewares/formParser.js
@@ -0,0 +1,3 @@
+import bodyParser from "body-parser";
+
+export default bodyParser.urlencoded({ extended: false });
diff --git a/middlewares/helmet.js b/middlewares/helmet.js
new file mode 100644
index 0000000..5ced2c3
--- /dev/null
+++ b/middlewares/helmet.js
@@ -0,0 +1,12 @@
+import helmet from "helmet";
+
+const myHelmet = helmet({
+	contentSecurityPolicy: {
+		directives: {
+			...helmet.contentSecurityPolicy.getDefaultDirectives(),
+			"script-src": ["'self'", "'unsafe-inline'"],
+		},
+	},
+});
+
+export default myHelmet;
diff --git a/middlewares/requireAuth.js b/middlewares/requireAuth.js
new file mode 100644
index 0000000..3cf10ec
--- /dev/null
+++ b/middlewares/requireAuth.js
@@ -0,0 +1,8 @@
+function requireAuth(req, res, next) {
+	if (req.session.userId) {
+		next();
+	}
+	res.redirect(302, "/login");
+}
+
+export default requireAuth;
diff --git a/middlewares/sessions.js b/middlewares/sessions.js
new file mode 100644
index 0000000..6112a8c
--- /dev/null
+++ b/middlewares/sessions.js
@@ -0,0 +1,29 @@
+import expressSession from "express-session";
+import sqlite from "better-sqlite3";
+import sqliteStore from "better-sqlite3-session-store";
+
+const SqliteStore = sqliteStore(expressSession);
+const db = new sqlite("sessions.db", { verbose: console.log });
+const secret = process.env.SESSION_SECRET || "secret";
+const session = expressSession({
+	cookie: {
+		httpOnly: true,
+		maxAge: 1000 * 60 * 60 * 24 * 15, // 15 days
+		sameSite: "Strict",
+		secure: process.env.NODE_ENV === "production" ? true : false,
+	},
+	name: "JDMSessionId",
+	saveUninitialized: false,
+	secret: secret,
+	store: new SqliteStore({
+		client: db,
+		expired: {
+			clear: true,
+			intervalMs: 1000 * 60 * 60, // 60min
+		}
+	}),
+	resave: false,
+	unset: "destroy",
+});
+
+export default session;
-- 
cgit v1.2.3