Merge pull request #43 from versx/cookie-sessions

Cookie Sessions (Thanks wragru)
WatWowMap · Aug 17, 2020 · 14e4356 · 14e4356
2 parents 691e5b8 + e6e5fc9
commit 14e4356
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 14 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -23,6 +23,7 @@
     "axios": "^0.19.2",
     "btoa": "^1.2.1",
     "cookie-parser": "^1.4.5",
+    "cookie-session": "^1.4.0",
     "csurf": "^1.11.0",
     "discord-oauth2": "^2.2.0",
     "discord.js": "^12.2.0",

diff --git a/src/config.example.json b/src/config.example.json
@@ -4,6 +4,7 @@
     "title": "MapJS",
     "locale": "en",
     "style": "dark",
+    "sessionSecret": "98ki^e72~!@#(85o3kXLI*#c9wu5l!Z",
     "map": {
         "maxPokemonId": 649,
         "startLat": 0,

diff --git a/src/index.js b/src/index.js
@@ -4,7 +4,7 @@ const path = require('path');
 const csrf = require('csurf');
 const cookieParser = require('cookie-parser');
 const express = require('express');
-const session = require('express-session');
+const cookieSession = require('cookie-session')
 const app = express();
 const mustacheExpress = require('mustache-express');
 const i18n = require('i18n');
@@ -66,11 +66,10 @@ app.use((req, res, next) => {
 i18n.setLocale(config.locale);
 
 // Sessions middleware
-app.use(session({
-    secret: utils.generateString(),
-    cookie: { maxAge: 86400000 },
-    resave: true,
-    saveUninitialized: true
+app.use(cookieSession({
+    name: 'session',
+    keys: [config.sessionSecret],
+    maxAge: 518400000
 }));
 
 // CSRF token middleware
@@ -113,10 +112,6 @@ app.use(async (req, res, next) => {
     if (config.discord.enabled && (req.path === '/api/discord/login' || req.path === '/login')) {
         return next();
     }
-    if (req.session.valid && req.session.user_id && req.session.username && req.session.guilds && req.session.roles) {
-        //console.log("Previous discord auth still active for user id:", req.session.user_id);
-        return next();
-    }
     if (!config.discord.enabled || req.session.logged_in) {
         defaultData.logged_in = true;
         defaultData.username = req.session.username;

diff --git a/src/routes/discord.js b/src/routes/discord.js
@@ -48,6 +48,7 @@ router.get('/callback', catchAsyncErrors(async (req, res) => {
         req.session.guilds = guilds;
         const valid = perms.map !== false;
         req.session.valid = valid;
+        req.session.save();
         if (valid) {
             console.log(user.id, 'Authenticated successfully.');
             res.redirect(`/?token=${response.data.access_token}`);

diff --git a/src/routes/ui.js b/src/routes/ui.js
@@ -16,10 +16,8 @@ if (config.discord.enabled) {
     });
 
     router.get('/logout', (req, res) => {
-        req.session.destroy((err) => {
-            if (err) throw err;
-            res.redirect('/login');
-        });
+        req.session = null;
+        res.redirect('/login');
     });
 }