sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2025-12-11 19:44:35 +00:00
Code Issues Projects Releases Wiki Activity

fix: added domain for session cookies

Browse Source
This commit is contained in:
Saad Jutt
2022-10-09 22:08:01 +05:00
parent b64c0c12da
commit 94072c3d24
4 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/.env.example
View File

@@ -1,5 +1,6 @@
MODE=[desktop|server] default considered as desktop MODE=[desktop|server] default considered as desktop
CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE
ALLOWED_DOMAIN=<just domain e.g. example.com >
WHITELIST=<space separated urls, each starting with protocol `http` or `https`> WHITELIST=<space separated urls, each starting with protocol `http` or `https`>
PROTOCOL=[http|https] default considered as http PROTOCOL=[http|https] default considered as http

14
api/src/app-modules/configureExpressSession.ts
View File

@@ -1,10 +1,9 @@
import { Express } from 'express' import { Express, CookieOptions } from 'express'
import mongoose from 'mongoose' import mongoose from 'mongoose'
import session from 'express-session' import session from 'express-session'
import MongoStore from 'connect-mongo' import MongoStore from 'connect-mongo'
import { ModeType } from '../utils' import { ModeType, ProtocolType } from '../utils'
import { cookieOptions } from '../app'
export const configureExpressSession = (app: Express) => { export const configureExpressSession = (app: Express) => {
const { MODE } = process.env const { MODE } = process.env
@@ -19,6 +18,15 @@ export const configureExpressSession = (app: Express) => {
}) })
} }
const { PROTOCOL, ALLOWED_DOMAIN } = process.env
const cookieOptions: CookieOptions = {
secure: PROTOCOL === ProtocolType.HTTPS,
httpOnly: true,
sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
maxAge: 24 * 60 * 60 * 1000, // 24 hours
domain: ALLOWED_DOMAIN?.trim() || undefined
}
app.use( app.use(
session({ session({
secret: process.secrets.SESSION_SECRET, secret: process.secrets.SESSION_SECRET,

12
api/src/app.ts
View File

@@ -1,5 +1,5 @@
import path from 'path' import path from 'path'
import express, { ErrorRequestHandler, CookieOptions } from 'express' import express, { ErrorRequestHandler } from 'express'
import cookieParser from 'cookie-parser' import cookieParser from 'cookie-parser'
import dotenv from 'dotenv' import dotenv from 'dotenv'
@@ -8,7 +8,6 @@ import {
getWebBuildFolder, getWebBuildFolder,
instantiateLogger, instantiateLogger,
loadAppStreamConfig, loadAppStreamConfig,
ProtocolType,
ReturnCode, ReturnCode,
setProcessVariables, setProcessVariables,
setupFolders, setupFolders,
@@ -29,15 +28,6 @@ if (verifyEnvVariables()) process.exit(ReturnCode.InvalidEnv)
const app = express() const app = express()
const { PROTOCOL } = process.env
export const cookieOptions: CookieOptions = {
secure: PROTOCOL === ProtocolType.HTTPS,
httpOnly: true,
sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
maxAge: 24 * 60 * 60 * 1000 // 24 hours
}
const onError: ErrorRequestHandler = (err, req, res, next) => { const onError: ErrorRequestHandler = (err, req, res, next) => {
console.error(err.stack) console.error(err.stack)
res.status(500).send('Something broke!') res.status(500).send('Something broke!')

2
api/src/utils/verifyEnvVariables.ts
View File

@@ -267,7 +267,7 @@ const verifyRUN_TIMES = (): string[] => {
return errors return errors
} }
const verifyExecutablePaths = () => { const verifyExecutablePaths = (): string[] => {
const errors: string[] = [] const errors: string[] = []
const { RUN_TIMES, SAS_PATH, NODE_PATH, PYTHON_PATH, R_PATH, MODE } = const { RUN_TIMES, SAS_PATH, NODE_PATH, PYTHON_PATH, R_PATH, MODE } =
process.env process.env