diff options
author | Matt Strapp <matt@mattstrapp.net> | 2022-02-10 14:46:30 -0600 |
---|---|---|
committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-10 14:46:37 -0600 |
commit | 919c274d78ad9f68bd843c3cdd0a5814fb38e9ef (patch) | |
tree | f9ddb10e4fe2babeb9627dbff3689f8bd20b6f0e | |
parent | Add CSRF cookie and make it somewhat secure (diff) | |
download | ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.gz ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.bz2 ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.lz ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.xz ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.zst ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.zip |
Get rid of express-session and use a cookie instead
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
-rw-r--r-- | package.json | 5 | ||||
-rw-r--r-- | src/index.ts | 11 | ||||
-rw-r--r-- | yarn.lock | 33 |
3 files changed, 3 insertions, 46 deletions
diff --git a/package.json b/package.json index 50cc603..45ff92a 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,6 @@ "ejs": "^3.1.6", "express": "^4.17.2", "express-rate-limit": "^6.2.1", - "express-session": "^1.17.2", "express-slow-down": "^1.4.0", "helmet": "^5.0.2" }, @@ -13,7 +12,6 @@ "@types/cookie-parser": "^1.4.2", "@types/csurf": "^1.11.2", "@types/express": "^4.17.13", - "@types/express-session": "^1.17.4", "@types/express-slow-down": "^1.3.2", "@types/node": "^17.0.17", "@typescript-eslint/eslint-plugin": "^5.11.0", @@ -42,6 +40,7 @@ "description": "The webapp for Professor Lamperski's Pendulum", "main": "dist/index.js", "author": "Matt Strapp <matt@mattstrapp.net>", + "repository": "https: //github.com/RosstheRoss/4951w-pendulum", "license": "MIT", "private": true -} +}
\ No newline at end of file diff --git a/src/index.ts b/src/index.ts index a456313..9e7d082 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,5 +1,4 @@ import express, { Request, Response } from 'express'; -import session from 'express-session'; import rateLimit from 'express-rate-limit'; import slowDown from 'express-slow-down'; import path from 'path'; @@ -7,7 +6,6 @@ import { env } from 'process'; import helmet from 'helmet'; import csurf from 'csurf'; import cookieParser from 'cookie-parser'; -import { randomBytes } from 'crypto'; const app = express(); @@ -16,15 +14,6 @@ const port: string = env.PORT || '2000'; app.use(cookieParser()); const csrf = csurf({ cookie: true }); -app.use(session({ - secret: randomBytes(50).toString('base64'), - resave: false, - saveUninitialized: true, - cookie: { - secure: false, - maxAge: 1000 * 60 * 60 * 24 * 7, - }, -})); const rateLimiter = rateLimit({ windowMs: 1 * 60 * 1000, // 1 minute max: 30, // Limit each IP to 100 requests per `window` (here, per 15 minutes) @@ -102,13 +102,6 @@ "@types/qs" "*" "@types/range-parser" "*" -"@types/express-session@^1.17.4": - version "1.17.4" - resolved "https://registry.yarnpkg.com/@types/express-session/-/express-session-1.17.4.tgz#97a30a35e853a61bdd26e727453b8ed314d6166b" - integrity sha512-7cNlSI8+oOBUHTfPXMwDxF/Lchx5aJ3ho7+p9jJZYVg9dVDJFh3qdMXmJtRsysnvS+C6x46k9DRYmrmCkE+MVg== - dependencies: - "@types/express" "*" - "@types/express-slow-down@^1.3.2": version "1.3.2" resolved "https://registry.yarnpkg.com/@types/express-slow-down/-/express-slow-down-1.3.2.tgz#99a5513b3f465efb1cb4f2db6375d36d7ab72fa4" @@ -683,11 +676,6 @@ depd@~1.1.2: resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9" integrity sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak= -depd@~2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df" - integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== - destroy@~1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80" @@ -984,20 +972,6 @@ express-rate-limit@^6.2.1: resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-6.2.1.tgz#4a7619634fb24417ae723ad2ac3707b38e2e1c64" integrity sha512-22ovnpEiKR5iAMXDOQ7A6aOvb078JLvoHGlyrrWBl3PeJ34coyakaviPelj4Nc8d+yDoVIWYmaUNP5aYT4ICDQ== -express-session@^1.17.2: - version "1.17.2" - resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.17.2.tgz#397020374f9bf7997f891b85ea338767b30d0efd" - integrity sha512-mPcYcLA0lvh7D4Oqr5aNJFMtBMKPLl++OKKxkHzZ0U0oDq1rpKBnkR5f5vCHR26VeArlTOEF9td4x5IjICksRQ== - dependencies: - cookie "0.4.1" - cookie-signature "1.0.6" - debug "2.6.9" - depd "~2.0.0" - on-headers "~1.0.2" - parseurl "~1.3.3" - safe-buffer "5.2.1" - uid-safe "~2.1.5" - express-slow-down@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/express-slow-down/-/express-slow-down-1.4.0.tgz#89e0aef6c3bb3602b70f06e0824889bd2362cc21" @@ -1893,11 +1867,6 @@ on-finished@~2.3.0: dependencies: ee-first "1.1.1" -on-headers@~1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f" - integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA== - once@^1.3.0, once@^1.3.1, once@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" @@ -2511,7 +2480,7 @@ typescript@^4.5.5: resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.5.5.tgz#d8c953832d28924a9e3d37c73d729c846c5896f3" integrity sha512-TCTIul70LyWe6IJWT8QSYeA54WQe8EjQFU4wY52Fasj5UKx88LNYKCgBEHcOMOrFF1rKGbD8v/xcNWVUq9SymA== -uid-safe@2.1.5, uid-safe@~2.1.5: +uid-safe@2.1.5: version "2.1.5" resolved "https://registry.yarnpkg.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a" integrity sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA== |