diff options
author | Matt Strapp <matt@mattstrapp.net> | 2022-02-10 14:37:15 -0600 |
---|---|---|
committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-10 14:37:15 -0600 |
commit | 160e299631c5a1741e93cfb0681c9218b5898d34 (patch) | |
tree | 1c8dff154d86dab60385c109d0bbb7dd0bb595a0 | |
parent | Merge pull request #5 from RosstheRoss/dependabot/npm_and_yarn/express-rate-l... (diff) | |
download | ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.gz ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.bz2 ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.lz ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.xz ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.zst ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.zip |
Add CSRF cookie and make it somewhat secure
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | src/index.ts | 7 | ||||
-rw-r--r-- | yarn.lock | 15 |
3 files changed, 22 insertions, 2 deletions
diff --git a/package.json b/package.json index c47b57d..50cc603 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,6 @@ { "dependencies": { + "cookie-parser": "^1.4.6", "csurf": "^1.11.0", "ejs": "^3.1.6", "express": "^4.17.2", @@ -9,6 +10,7 @@ "helmet": "^5.0.2" }, "devDependencies": { + "@types/cookie-parser": "^1.4.2", "@types/csurf": "^1.11.2", "@types/express": "^4.17.13", "@types/express-session": "^1.17.4", diff --git a/src/index.ts b/src/index.ts index e396151..a456313 100644 --- a/src/index.ts +++ b/src/index.ts @@ -6,15 +6,18 @@ import path from 'path'; import { env } from 'process'; import helmet from 'helmet'; import csurf from 'csurf'; +import cookieParser from 'cookie-parser'; +import { randomBytes } from 'crypto'; const app = express(); // Middleware const port: string = env.PORT || '2000'; -const csrf = csurf({ cookie: false }); +app.use(cookieParser()); +const csrf = csurf({ cookie: true }); app.use(session({ - secret: 'keyboard cat', + secret: randomBytes(50).toString('base64'), resave: false, saveUninitialized: true, cookie: { @@ -79,6 +79,13 @@ dependencies: "@types/node" "*" +"@types/cookie-parser@^1.4.2": + version "1.4.2" + resolved "https://registry.yarnpkg.com/@types/cookie-parser/-/cookie-parser-1.4.2.tgz#e4d5c5ffda82b80672a88a4281aaceefb1bd9df5" + integrity sha512-uwcY8m6SDQqciHsqcKDGbo10GdasYsPCYkH3hVegj9qAah6pX5HivOnOuI3WYmyQMnOATV39zv/Ybs0bC/6iVg== + dependencies: + "@types/express" "*" + "@types/csurf@^1.11.2": version "1.11.2" resolved "https://registry.yarnpkg.com/@types/csurf/-/csurf-1.11.2.tgz#c1cba70f7af653c508b28db047e6c1be72411345" @@ -547,6 +554,14 @@ content-type@~1.0.4: resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz#e138cc75e040c727b1966fe5e5f8c9aee256fe3b" integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA== +cookie-parser@^1.4.6: + version "1.4.6" + resolved "https://registry.yarnpkg.com/cookie-parser/-/cookie-parser-1.4.6.tgz#3ac3a7d35a7a03bbc7e365073a26074824214594" + integrity sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA== + dependencies: + cookie "0.4.1" + cookie-signature "1.0.6" + cookie-signature@1.0.6: version "1.0.6" resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c" |