2020-04-22 15:52:17 +02:00
|
|
|
import config from "config";
|
|
|
|
|
import flash from "connect-flash";
|
2020-07-11 11:46:16 +02:00
|
|
|
import {Router} from "express";
|
2021-05-03 19:29:22 +02:00
|
|
|
import session from "express-session";
|
|
|
|
|
|
|
|
|
|
import ApplicationComponent from "../ApplicationComponent.js";
|
|
|
|
|
import SecurityError from "../SecurityError.js";
|
|
|
|
|
import RedisComponent from "./RedisComponent.js";
|
2020-04-22 15:52:17 +02:00
|
|
|
|
2020-09-25 22:03:22 +02:00
|
|
|
export default class SessionComponent extends ApplicationComponent {
|
2020-04-22 15:52:17 +02:00
|
|
|
private readonly storeComponent: RedisComponent;
|
|
|
|
|
|
|
|
|
|
public constructor(storeComponent: RedisComponent) {
|
|
|
|
|
super();
|
|
|
|
|
this.storeComponent = storeComponent;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-15 15:06:13 +02:00
|
|
|
public async checkSecuritySettings(): Promise<void> {
|
|
|
|
|
this.checkSecurityConfigField('session.secret');
|
|
|
|
|
if (!config.get<boolean>('session.cookie.secure')) {
|
|
|
|
|
throw new SecurityError('Cannot set cookie secure field to false.');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 16:03:59 +02:00
|
|
|
public async initRoutes(router: Router): Promise<void> {
|
2020-04-22 15:52:17 +02:00
|
|
|
router.use(session({
|
|
|
|
|
saveUninitialized: true,
|
|
|
|
|
secret: config.get('session.secret'),
|
|
|
|
|
store: this.storeComponent.getStore(),
|
2021-01-22 15:55:06 +01:00
|
|
|
resave: false,
|
2020-04-22 15:52:17 +02:00
|
|
|
cookie: {
|
2022-02-18 22:52:59 +01:00
|
|
|
httpOnly: false,
|
2020-04-22 15:52:17 +02:00
|
|
|
secure: config.get('session.cookie.secure'),
|
2022-02-18 22:52:59 +01:00
|
|
|
sameSite: 'strict',
|
2020-04-22 15:52:17 +02:00
|
|
|
},
|
|
|
|
|
rolling: true,
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
router.use(flash());
|
|
|
|
|
|
|
|
|
|
router.use((req, res, next) => {
|
2021-01-24 16:29:23 +01:00
|
|
|
// Request session getters
|
2020-12-04 14:42:09 +01:00
|
|
|
req.getSessionOptional = () => {
|
2020-09-25 23:42:15 +02:00
|
|
|
return req.session;
|
|
|
|
|
};
|
2020-12-04 14:42:09 +01:00
|
|
|
req.getSession = () => {
|
|
|
|
|
const session = req.getSessionOptional();
|
|
|
|
|
if (!session) throw new Error('Session not initialized.');
|
|
|
|
|
return session;
|
|
|
|
|
};
|
2020-04-22 15:52:17 +02:00
|
|
|
|
2021-01-24 16:29:23 +01:00
|
|
|
// Session persistence
|
|
|
|
|
const session = req.getSession();
|
|
|
|
|
if (session.persistent) {
|
|
|
|
|
session.cookie.maxAge = config.get('session.cookie.maxAge');
|
|
|
|
|
} else {
|
|
|
|
|
session.cookie.maxAge = session.cookie.expires = undefined;
|
|
|
|
|
}
|
2020-04-22 15:52:17 +02:00
|
|
|
|
2021-01-24 16:29:23 +01:00
|
|
|
// Views session local
|
|
|
|
|
res.locals.session = session;
|
|
|
|
|
|
|
|
|
|
// Views flash function
|
2021-11-24 22:08:38 +01:00
|
|
|
res.setLazyLocal('flash', () => {
|
|
|
|
|
return {
|
|
|
|
|
info: req.flash('info'),
|
|
|
|
|
success: req.flash('success'),
|
|
|
|
|
warning: req.flash('warning'),
|
|
|
|
|
error: req.flash('error'),
|
|
|
|
|
'error-alert': req.flash('error-alert'),
|
|
|
|
|
};
|
|
|
|
|
});
|
2020-04-22 15:52:17 +02:00
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
}
|
2020-09-25 23:42:15 +02:00
|
|
|
}
|
