From e6e5fc93a35e3de8a17373807dc0ff941ace6aa6 Mon Sep 17 00:00:00 2001 From: versx Date: Sun, 16 Aug 2020 22:18:52 -0700 Subject: [PATCH] Use cookie sessions --- package-lock.json | 34 ++++++++++++++++++++++++++++++++++ package.json | 1 + src/config.example.json | 1 + src/index.js | 15 +++++---------- src/routes/discord.js | 1 + src/routes/ui.js | 6 ++---- 6 files changed, 44 insertions(+), 14 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4f642648..b2992cc0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -351,11 +351,37 @@ "cookie-signature": "1.0.6" } }, + "cookie-session": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/cookie-session/-/cookie-session-1.4.0.tgz", + "integrity": "sha512-0hhwD+BUIwMXQraiZP/J7VP2YFzqo6g4WqZlWHtEHQ22t0MeZZrNBSCxC1zcaLAs8ApT3BzAKizx9gW/AP9vNA==", + "requires": { + "cookies": "0.8.0", + "debug": "2.6.9", + "on-headers": "~1.0.2" + } + }, "cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" }, + "cookies": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/cookies/-/cookies-0.8.0.tgz", + "integrity": "sha512-8aPsApQfebXnuI+537McwYsDtjVxGm8gTIzQI3FDW6t5t/DAhERxtnbEPN/8RX+uZthoz4eCOgloXaE5cYyNow==", + "requires": { + "depd": "~2.0.0", + "keygrip": "~1.1.0" + }, + "dependencies": { + "depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" + } + } + }, "core-util-is": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", @@ -1113,6 +1139,14 @@ "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=" }, + "keygrip": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/keygrip/-/keygrip-1.1.0.tgz", + "integrity": "sha512-iYSchDJ+liQ8iwbSI2QqsQOvqv58eJCEanyJPJi+Khyu8smkcKSFUCbPwzFcL7YVtZ6eONjqRX/38caJ7QjRAQ==", + "requires": { + "tsscmp": "1.0.6" + } + }, "levn": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", diff --git a/package.json b/package.json index f428c939..d0f3eabb 100644 --- a/package.json +++ b/package.json @@ -23,6 +23,7 @@ "axios": "^0.19.2", "btoa": "^1.2.1", "cookie-parser": "^1.4.5", + "cookie-session": "^1.4.0", "csurf": "^1.11.0", "discord-oauth2": "^2.2.0", "discord.js": "^12.2.0", diff --git a/src/config.example.json b/src/config.example.json index bc4efca2..2ed4b21c 100644 --- a/src/config.example.json +++ b/src/config.example.json @@ -4,6 +4,7 @@ "title": "MapJS", "locale": "en", "style": "dark", + "sessionSecret": "98ki^e72~!@#(85o3kXLI*#c9wu5l!Z", "map": { "maxPokemonId": 649, "startLat": 0, diff --git a/src/index.js b/src/index.js index e30a2a10..4f42a8d5 100644 --- a/src/index.js +++ b/src/index.js @@ -4,7 +4,7 @@ const path = require('path'); const csrf = require('csurf'); const cookieParser = require('cookie-parser'); const express = require('express'); -const session = require('express-session'); +const cookieSession = require('cookie-session') const app = express(); const mustacheExpress = require('mustache-express'); const i18n = require('i18n'); @@ -66,11 +66,10 @@ app.use((req, res, next) => { i18n.setLocale(config.locale); // Sessions middleware -app.use(session({ - secret: utils.generateString(), - cookie: { maxAge: 86400000 }, - resave: true, - saveUninitialized: true +app.use(cookieSession({ + name: 'session', + keys: [config.sessionSecret], + maxAge: 518400000 })); // CSRF token middleware @@ -113,10 +112,6 @@ app.use(async (req, res, next) => { if (config.discord.enabled && (req.path === '/api/discord/login' || req.path === '/login')) { return next(); } - if (req.session.valid && req.session.user_id && req.session.username && req.session.guilds && req.session.roles) { - //console.log("Previous discord auth still active for user id:", req.session.user_id); - return next(); - } if (!config.discord.enabled || req.session.logged_in) { defaultData.logged_in = true; defaultData.username = req.session.username; diff --git a/src/routes/discord.js b/src/routes/discord.js index c58127fc..2a213584 100644 --- a/src/routes/discord.js +++ b/src/routes/discord.js @@ -48,6 +48,7 @@ router.get('/callback', catchAsyncErrors(async (req, res) => { req.session.guilds = guilds; const valid = perms.map !== false; req.session.valid = valid; + req.session.save(); if (valid) { console.log(user.id, 'Authenticated successfully.'); res.redirect(`/?token=${response.data.access_token}`); diff --git a/src/routes/ui.js b/src/routes/ui.js index 73d9471a..007100c2 100644 --- a/src/routes/ui.js +++ b/src/routes/ui.js @@ -16,10 +16,8 @@ if (config.discord.enabled) { }); router.get('/logout', (req, res) => { - req.session.destroy((err) => { - if (err) throw err; - res.redirect('/login'); - }); + req.session = null; + res.redirect('/login'); }); }