jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Use a file based session store

Browse Source 
This prevents login sessions to be lost after a box restart
This commit is contained in:
Johannes Zellner
2019-09-17 22:37:13 +02:00
parent 3a10003246
commit 2bde023d4d
4 changed files with 89 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server.js
+17 -3
View File
@@ -18,7 +18,9 @@ var accesscontrol = require('./accesscontrol.js'),
middleware = require('./middleware'),
passport = require('passport'),
path = require('path'),
paths = require('./paths.js'),
routes = require('./routes/index.js'),
safe = require('safetydance'),
settings = require('./settings.js'),
ws = require('ws');
@@ -57,6 +59,15 @@ function initializeExpressSync() {
var router = new express.Router();
router.del = router.delete; // amend router.del for readability further on
// load or generate the session secret
var sessionSecret = safe.fs.readFileSync(paths.SESSION_SECRET_FILE, 'utf8');
if (!sessionSecret) {
sessionSecret = hat(128);
safe.fs.writeFileSync(paths.SESSION_SECRET_FILE, sessionSecret);
}
var SessionFileStore = require('session-file-store')(middleware.session);
app
// the timeout middleware will respond with a 503. the request itself cannot be 'aborted' and will continue
// search for req.clearTimeout in route handlers to see places where this timeout is reset
@@ -66,9 +77,12 @@ function initializeExpressSync() {
.use(middleware.cookieParser())
.use(middleware.cors({ origins: [ '*' ], allowCredentials: false }))
.use(middleware.session({
secret: hat(128), // we only use the session during oauth, and already have an in-memory session store, so we can safely change that during restarts
resave: true,
saveUninitialized: true,
secret: sessionSecret,
saveUninitialized: false,
resave: false,
store: new SessionFileStore({
path: paths.SESSION_DIR
}),
cookie: {
path: '/',
httpOnly: true,