From 160e299631c5a1741e93cfb0681c9218b5898d34 Mon Sep 17 00:00:00 2001
From: Matt Strapp <matt@mattstrapp.net>
Date: Thu, 10 Feb 2022 14:37:15 -0600
Subject: Add CSRF cookie and make it somewhat secure

Signed-off-by: Matt Strapp <matt@mattstrapp.net>
---
 src/index.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/index.ts b/src/index.ts
index e396151..a456313 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -6,15 +6,18 @@ import path from 'path';
 import { env } from 'process';
 import helmet from 'helmet';
 import csurf from 'csurf';
+import cookieParser from 'cookie-parser';
+import { randomBytes } from 'crypto';
 
 const app = express();
 
 // Middleware
 const port: string = env.PORT || '2000';
 
-const csrf = csurf({ cookie: false });
+app.use(cookieParser());
+const csrf = csurf({ cookie: true });
 app.use(session({
-    secret: 'keyboard cat',
+    secret: randomBytes(50).toString('base64'),
     resave: false,
     saveUninitialized: true,
     cookie: {
-- 
cgit v1.2.3