swaf/src/components/SessionComponent.ts

import ApplicationComponent from "../ApplicationComponent";
import session from "express-session";
import config from "config";
import RedisComponent from "./RedisComponent";
import flash from "connect-flash";
import {Router} from "express";
import SecurityError from "../SecurityError";

export default class SessionComponent extends ApplicationComponent<void> {
    private readonly storeComponent: RedisComponent;

    public constructor(storeComponent: RedisComponent) {
        super();
        this.storeComponent = storeComponent;
    }


    public async checkSecuritySettings(): Promise<void> {
        this.checkSecurityConfigField('session.secret');
        if (!config.get<boolean>('session.cookie.secure')) {
            throw new SecurityError('Cannot set cookie secure field to false.');
        }
    }

    public async init(router: Router): Promise<void> {
        router.use(session({
            saveUninitialized: true,
            secret: config.get('session.secret'),
            store: this.storeComponent.getStore(),
            resave: true,
            cookie: {
                httpOnly: true,
                secure: config.get('session.cookie.secure'),
                maxAge: config.get('session.cookie.maxAge'),
            },
            rolling: true,
        }));

        router.use(flash());

        router.use((req, res, next) => {
            if (!req.session) {
                throw new Error('Session is unavailable.');
            }

            res.locals.session = req.session;

            let _flash: any = {};
            res.locals.flash = (key?: string) => {
                if (key !== undefined) {
                    if (_flash[key] === undefined) _flash[key] = req.flash(key) || null;
                    return _flash[key];
                }

                if (_flash._messages === undefined) {
                    _flash._messages = {
                        info: req.flash('info'),
                        success: req.flash('success'),
                        warning: req.flash('warning'),
                        error: req.flash('error'),
                    };
                }
                return _flash._messages;
            };
            next();
        });
    }
}
Add sources 2020-04-22 15:52:17 +02:00			`import ApplicationComponent from "../ApplicationComponent";`
			`import session from "express-session";`
			`import config from "config";`
			`import RedisComponent from "./RedisComponent";`
			`import flash from "connect-flash";`
Properly split routing in 2 steps: init, handle 2020-07-11 11:46:16 +02:00			`import {Router} from "express";`
Don't start in production if important security fields are misconfigured 2020-07-15 15:06:13 +02:00			`import SecurityError from "../SecurityError";`
Add sources 2020-04-22 15:52:17 +02:00
			`export default class SessionComponent extends ApplicationComponent<void> {`
			`private readonly storeComponent: RedisComponent;`

			`public constructor(storeComponent: RedisComponent) {`
			`super();`
			`this.storeComponent = storeComponent;`
			`}`

Don't start in production if important security fields are misconfigured 2020-07-15 15:06:13 +02:00
			`public async checkSecuritySettings(): Promise<void> {`
			`this.checkSecurityConfigField('session.secret');`
			`if (!config.get<boolean>('session.cookie.secure')) {`
			`throw new SecurityError('Cannot set cookie secure field to false.');`
			`}`
			`}`

Properly split routing in 2 steps: init, handle 2020-07-11 11:46:16 +02:00			`public async init(router: Router): Promise<void> {`
Add sources 2020-04-22 15:52:17 +02:00			`router.use(session({`
			`saveUninitialized: true,`
			`secret: config.get('session.secret'),`
			`store: this.storeComponent.getStore(),`
			`resave: true,`
			`cookie: {`
			`httpOnly: true,`
			`secure: config.get('session.cookie.secure'),`
Add configurable maxAge for session cookie, defaults to 30 days 2020-07-14 15:06:46 +02:00			`maxAge: config.get('session.cookie.maxAge'),`
Add sources 2020-04-22 15:52:17 +02:00			`},`
			`rolling: true,`
			`}));`

			`router.use(flash());`

			`router.use((req, res, next) => {`
			`if (!req.session) {`
			`throw new Error('Session is unavailable.');`
			`}`

			`res.locals.session = req.session;`

Add frontend support for custom flashed data keys 2020-07-06 10:42:46 +02:00			`let _flash: any = {};`
			`res.locals.flash = (key?: string) => {`
			`if (key !== undefined) {`
			`if (_flash[key] === undefined) _flash[key] = req.flash(key) \|\| null;`
			`return _flash[key];`
			`}`

			`if (_flash._messages === undefined) {`
			`_flash._messages = {`
Add sources 2020-04-22 15:52:17 +02:00			`info: req.flash('info'),`
			`success: req.flash('success'),`
			`warning: req.flash('warning'),`
			`error: req.flash('error'),`
			`};`
			`}`
Add frontend support for custom flashed data keys 2020-07-06 10:42:46 +02:00			`return _flash._messages;`
Add sources 2020-04-22 15:52:17 +02:00			`};`
			`next();`
			`});`
			`}`
			`}`