aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-02-10 14:46:30 -0600
committerMatt Strapp <matt@mattstrapp.net>2022-02-10 14:46:37 -0600
commit919c274d78ad9f68bd843c3cdd0a5814fb38e9ef (patch)
treef9ddb10e4fe2babeb9627dbff3689f8bd20b6f0e
parentAdd CSRF cookie and make it somewhat secure (diff)
downloadee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar
ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.gz
ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.bz2
ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.lz
ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.xz
ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.tar.zst
ee4511w-web-919c274d78ad9f68bd843c3cdd0a5814fb38e9ef.zip
Get rid of express-session and use a cookie instead
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
-rw-r--r--package.json5
-rw-r--r--src/index.ts11
-rw-r--r--yarn.lock33
3 files changed, 3 insertions, 46 deletions
diff --git a/package.json b/package.json
index 50cc603..45ff92a 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,6 @@
"ejs": "^3.1.6",
"express": "^4.17.2",
"express-rate-limit": "^6.2.1",
- "express-session": "^1.17.2",
"express-slow-down": "^1.4.0",
"helmet": "^5.0.2"
},
@@ -13,7 +12,6 @@
"@types/cookie-parser": "^1.4.2",
"@types/csurf": "^1.11.2",
"@types/express": "^4.17.13",
- "@types/express-session": "^1.17.4",
"@types/express-slow-down": "^1.3.2",
"@types/node": "^17.0.17",
"@typescript-eslint/eslint-plugin": "^5.11.0",
@@ -42,6 +40,7 @@
"description": "The webapp for Professor Lamperski's Pendulum",
"main": "dist/index.js",
"author": "Matt Strapp <matt@mattstrapp.net>",
+ "repository": "https: //github.com/RosstheRoss/4951w-pendulum",
"license": "MIT",
"private": true
-}
+} \ No newline at end of file
diff --git a/src/index.ts b/src/index.ts
index a456313..9e7d082 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,5 +1,4 @@
import express, { Request, Response } from 'express';
-import session from 'express-session';
import rateLimit from 'express-rate-limit';
import slowDown from 'express-slow-down';
import path from 'path';
@@ -7,7 +6,6 @@ import { env } from 'process';
import helmet from 'helmet';
import csurf from 'csurf';
import cookieParser from 'cookie-parser';
-import { randomBytes } from 'crypto';
const app = express();
@@ -16,15 +14,6 @@ const port: string = env.PORT || '2000';
app.use(cookieParser());
const csrf = csurf({ cookie: true });
-app.use(session({
- secret: randomBytes(50).toString('base64'),
- resave: false,
- saveUninitialized: true,
- cookie: {
- secure: false,
- maxAge: 1000 * 60 * 60 * 24 * 7,
- },
-}));
const rateLimiter = rateLimit({
windowMs: 1 * 60 * 1000, // 1 minute
max: 30, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
diff --git a/yarn.lock b/yarn.lock
index cdf10fe..b510ea3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -102,13 +102,6 @@
"@types/qs" "*"
"@types/range-parser" "*"
-"@types/express-session@^1.17.4":
- version "1.17.4"
- resolved "https://registry.yarnpkg.com/@types/express-session/-/express-session-1.17.4.tgz#97a30a35e853a61bdd26e727453b8ed314d6166b"
- integrity sha512-7cNlSI8+oOBUHTfPXMwDxF/Lchx5aJ3ho7+p9jJZYVg9dVDJFh3qdMXmJtRsysnvS+C6x46k9DRYmrmCkE+MVg==
- dependencies:
- "@types/express" "*"
-
"@types/express-slow-down@^1.3.2":
version "1.3.2"
resolved "https://registry.yarnpkg.com/@types/express-slow-down/-/express-slow-down-1.3.2.tgz#99a5513b3f465efb1cb4f2db6375d36d7ab72fa4"
@@ -683,11 +676,6 @@ depd@~1.1.2:
resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9"
integrity sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=
-depd@~2.0.0:
- version "2.0.0"
- resolved "https://registry.yarnpkg.com/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df"
- integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==
-
destroy@~1.0.4:
version "1.0.4"
resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80"
@@ -984,20 +972,6 @@ express-rate-limit@^6.2.1:
resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-6.2.1.tgz#4a7619634fb24417ae723ad2ac3707b38e2e1c64"
integrity sha512-22ovnpEiKR5iAMXDOQ7A6aOvb078JLvoHGlyrrWBl3PeJ34coyakaviPelj4Nc8d+yDoVIWYmaUNP5aYT4ICDQ==
-express-session@^1.17.2:
- version "1.17.2"
- resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.17.2.tgz#397020374f9bf7997f891b85ea338767b30d0efd"
- integrity sha512-mPcYcLA0lvh7D4Oqr5aNJFMtBMKPLl++OKKxkHzZ0U0oDq1rpKBnkR5f5vCHR26VeArlTOEF9td4x5IjICksRQ==
- dependencies:
- cookie "0.4.1"
- cookie-signature "1.0.6"
- debug "2.6.9"
- depd "~2.0.0"
- on-headers "~1.0.2"
- parseurl "~1.3.3"
- safe-buffer "5.2.1"
- uid-safe "~2.1.5"
-
express-slow-down@^1.4.0:
version "1.4.0"
resolved "https://registry.yarnpkg.com/express-slow-down/-/express-slow-down-1.4.0.tgz#89e0aef6c3bb3602b70f06e0824889bd2362cc21"
@@ -1893,11 +1867,6 @@ on-finished@~2.3.0:
dependencies:
ee-first "1.1.1"
-on-headers@~1.0.2:
- version "1.0.2"
- resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f"
- integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==
-
once@^1.3.0, once@^1.3.1, once@^1.4.0:
version "1.4.0"
resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
@@ -2511,7 +2480,7 @@ typescript@^4.5.5:
resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.5.5.tgz#d8c953832d28924a9e3d37c73d729c846c5896f3"
integrity sha512-TCTIul70LyWe6IJWT8QSYeA54WQe8EjQFU4wY52Fasj5UKx88LNYKCgBEHcOMOrFF1rKGbD8v/xcNWVUq9SymA==
-uid-safe@2.1.5, uid-safe@~2.1.5:
+uid-safe@2.1.5:
version "2.1.5"
resolved "https://registry.yarnpkg.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a"
integrity sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==