aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-02-10 14:37:15 -0600
committerMatt Strapp <matt@mattstrapp.net>2022-02-10 14:37:15 -0600
commit160e299631c5a1741e93cfb0681c9218b5898d34 (patch)
tree1c8dff154d86dab60385c109d0bbb7dd0bb595a0
parentMerge pull request #5 from RosstheRoss/dependabot/npm_and_yarn/express-rate-l... (diff)
downloadee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.gz
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.bz2
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.lz
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.xz
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.zst
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.zip
Add CSRF cookie and make it somewhat secure
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
-rw-r--r--package.json2
-rw-r--r--src/index.ts7
-rw-r--r--yarn.lock15
3 files changed, 22 insertions, 2 deletions
diff --git a/package.json b/package.json
index c47b57d..50cc603 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,6 @@
{
"dependencies": {
+ "cookie-parser": "^1.4.6",
"csurf": "^1.11.0",
"ejs": "^3.1.6",
"express": "^4.17.2",
@@ -9,6 +10,7 @@
"helmet": "^5.0.2"
},
"devDependencies": {
+ "@types/cookie-parser": "^1.4.2",
"@types/csurf": "^1.11.2",
"@types/express": "^4.17.13",
"@types/express-session": "^1.17.4",
diff --git a/src/index.ts b/src/index.ts
index e396151..a456313 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -6,15 +6,18 @@ import path from 'path';
import { env } from 'process';
import helmet from 'helmet';
import csurf from 'csurf';
+import cookieParser from 'cookie-parser';
+import { randomBytes } from 'crypto';
const app = express();
// Middleware
const port: string = env.PORT || '2000';
-const csrf = csurf({ cookie: false });
+app.use(cookieParser());
+const csrf = csurf({ cookie: true });
app.use(session({
- secret: 'keyboard cat',
+ secret: randomBytes(50).toString('base64'),
resave: false,
saveUninitialized: true,
cookie: {
diff --git a/yarn.lock b/yarn.lock
index f6a0219..cdf10fe 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -79,6 +79,13 @@
dependencies:
"@types/node" "*"
+"@types/cookie-parser@^1.4.2":
+ version "1.4.2"
+ resolved "https://registry.yarnpkg.com/@types/cookie-parser/-/cookie-parser-1.4.2.tgz#e4d5c5ffda82b80672a88a4281aaceefb1bd9df5"
+ integrity sha512-uwcY8m6SDQqciHsqcKDGbo10GdasYsPCYkH3hVegj9qAah6pX5HivOnOuI3WYmyQMnOATV39zv/Ybs0bC/6iVg==
+ dependencies:
+ "@types/express" "*"
+
"@types/csurf@^1.11.2":
version "1.11.2"
resolved "https://registry.yarnpkg.com/@types/csurf/-/csurf-1.11.2.tgz#c1cba70f7af653c508b28db047e6c1be72411345"
@@ -547,6 +554,14 @@ content-type@~1.0.4:
resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz#e138cc75e040c727b1966fe5e5f8c9aee256fe3b"
integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==
+cookie-parser@^1.4.6:
+ version "1.4.6"
+ resolved "https://registry.yarnpkg.com/cookie-parser/-/cookie-parser-1.4.6.tgz#3ac3a7d35a7a03bbc7e365073a26074824214594"
+ integrity sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==
+ dependencies:
+ cookie "0.4.1"
+ cookie-signature "1.0.6"
+
cookie-signature@1.0.6:
version "1.0.6"
resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"