Browse Source

restore 2hr token, test 3 tweaks to session sttngs

master
Rich Brown 11 months ago
parent
commit
bbfa72d7d4
2 changed files with 6 additions and 11 deletions
  1. +3
    -8
      src/funcs.js
  2. +3
    -3
      src/index.js

+ 3
- 8
src/funcs.js View File

@@ -5,7 +5,6 @@ import Micropub from 'micropub-helper';
export const isMicropubTokenAuthed = (req, res, next) => {
const { token } = req.session;
if (!token) {
// TODO: testing
req.session.destroy();
return res.status(401).json({ error: "no token, foo'. destroying session." });
}
@@ -16,14 +15,10 @@ export const isMicropubTokenAuthed = (req, res, next) => {
// eslint-disable-next-line camelcase
const { issued_at } = decodedValue;
const now = Date.now() / 1000;
const twoHours = 60 * 120; // TODO: keep an eye out; is 2 hours enough/okay?
const tenMinutes = 60 * 10; // TODO: testing

const twoHours = 60 * 120;
// eslint-disable-next-line camelcase
if (now - tenMinutes > issued_at) {
req.session.token = null;
// TODO: destroy session?
// TODO: testing
if (now - twoHours > issued_at) {
// req.session.token = null; // TODO: uneccessary right?
req.session.destroy();
return res.status(401).json({ error: "old token, foo'. destroying session too." });
}


+ 3
- 3
src/index.js View File

@@ -36,9 +36,9 @@ const routesArray = ['/create', '/auth'];
app.use(routesArray, session({
secret: process.env.MONGO_PASSWORD, // dumb
store,
resave: true,
saveUninitialized: true,
cookie: { secure: false, maxAge: 1000 * 60 * 60 * 3, sameSite: false },
resave: false, // TODO: my store seems to destroy old, so this seems ok?
saveUninitialized: false, // TODO: testing - will this keep my db cleaner?
cookie: { secure: true, maxAge: 1000 * 60 * 60 * 3, sameSite: false }, // TODO: testing - i use https so this is ok?
}));

app.use((req, res, next) => {


Loading…
Cancel
Save