From d6b4a0f32d17e240d0ffcba857a2c5f914c9c41a Mon Sep 17 00:00:00 2001 From: Wingysam Date: Thu, 22 Nov 2018 18:42:19 -0500 Subject: [PATCH] Use express-session-level --- .gitignore | 6 +- config/index.js | 2 +- config/secret/index.js | 13 +++ index.js | 14 +++- package.json | 2 + yarn.lock | 174 ++++++++++++++++++++++++++++++++++++++++- 6 files changed, 204 insertions(+), 7 deletions(-) create mode 100644 config/secret/index.js diff --git a/.gitignore b/.gitignore index 9df9fcb..7cdfc73 100644 --- a/.gitignore +++ b/.gitignore @@ -36,4 +36,8 @@ typings/ .DS_Store # Database -db/ \ No newline at end of file +db/ + +# Session store +sessions/ +config/secret/secret.txt \ No newline at end of file diff --git a/config/index.js b/config/index.js index b559670..d52b1e7 100644 --- a/config/index.js +++ b/config/index.js @@ -4,6 +4,6 @@ module.exports = { defaultFailureRedirect: process.env.DEFAULT_FAILURE_REDIRECT || '/login', port: process.env.PORT || 3000, proxyServer: process.env.PROXY_SERVER || undefined, - secret: process.env.SECRET || require('uuid/v4')(), + secret: process.env.SECRET || require('./secret'), siteTitle: process.env.SITE_TITLE || 'Christmas Community' }; diff --git a/config/secret/index.js b/config/secret/index.js new file mode 100644 index 0000000..dabdf94 --- /dev/null +++ b/config/secret/index.js @@ -0,0 +1,13 @@ +const uuid = require('uuid/v4'); +const path = require('path'); +const fs = require('fs'); + +const secretFilePath = path.join(__dirname, 'secret.txt'); + +try { + module.exports = fs.readFileSync(secretFilePath).toString(); +} catch (_) { + const secret = uuid(); + fs.writeFileSync(secretFilePath, secret); + module.exports = secret; +} \ No newline at end of file diff --git a/index.js b/index.js index 54b3a09..073959d 100644 --- a/index.js +++ b/index.js @@ -1,9 +1,12 @@ +const expressSessionLevel = require('express-session-level'); const LocalStrategy = require('passport-local').Strategy; +const session = require('express-session'); const bcrypt = require('bcrypt-nodejs'); const flash = require('connect-flash'); const passport = require('passport'); const express = require('express'); const PouchDB = require('pouchdb'); +const level = require('level'); const config = require('./config'); @@ -38,8 +41,17 @@ passport.deserializeUser((user, callback) => { .catch(err => callback(err)); }); + +const LevelStore = expressSessionLevel(session); +const sessionDb = level('./sessions') + app.use(require('body-parser').urlencoded({ extended: true })); -app.use(require('express-session')({ secret: config.secret, resave: false, saveUninitialized: true })); +app.use(session({ + secret: config.secret, + resave: false, + saveUninitialized: true, + store: new LevelStore(sessionDb) +})); app.use(flash()); app.use(passport.initialize()); app.use(passport.session()); diff --git a/package.json b/package.json index ae45f93..638ac7d 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,9 @@ "dotenv": "^6.1.0", "express": "^4.16.4", "express-session": "^1.15.6", + "express-session-level": "^1.0.0", "get-product-name": "^1.0.0", + "level": "^4.0.0", "passport": "^0.4.0", "passport-local": "^1.0.0", "pouchdb": "^7.0.0", diff --git a/yarn.lock b/yarn.lock index 0c2d5fb..82a2643 100644 --- a/yarn.lock +++ b/yarn.lock @@ -22,12 +22,18 @@ abstract-leveldown@^4.0.0, abstract-leveldown@~4.0.0: dependencies: xtend "~4.0.0" -abstract-leveldown@~5.0.0: +abstract-leveldown@^5.0.0, abstract-leveldown@~5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/abstract-leveldown/-/abstract-leveldown-5.0.0.tgz#f7128e1f86ccabf7d2893077ce5d06d798e386c6" dependencies: xtend "~4.0.0" +abstract-leveldown@~0.12.1: + version "0.12.4" + resolved "http://registry.npmjs.org/abstract-leveldown/-/abstract-leveldown-0.12.4.tgz#29e18e632e60e4e221d5810247852a63d7b2e410" + dependencies: + xtend "~3.0.0" + accepts@~1.3.5: version "1.3.5" resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.5.tgz#eb777df6011723a3b14e8a72c0805c8e86746bd2" @@ -49,6 +55,10 @@ acorn@^4.0.4, acorn@~4.0.2: version "4.0.13" resolved "https://registry.yarnpkg.com/acorn/-/acorn-4.0.13.tgz#105495ae5361d697bd195c825192e1ad7f253787" +"after@>=0.8.1 <0.9.0-0": + version "0.8.2" + resolved "https://registry.yarnpkg.com/after/-/after-0.8.2.tgz#fedb394f9f0e02aa9768e702bda23b505fae7e1f" + agent-base@^4.1.0: version "4.2.1" resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-4.2.1.tgz#d89e5999f797875674c07d87f260fc41e83e8ca9" @@ -143,6 +153,12 @@ bl@^1.0.0: readable-stream "^2.3.5" safe-buffer "^5.1.1" +bl@~0.8.1: + version "0.8.2" + resolved "http://registry.npmjs.org/bl/-/bl-0.8.2.tgz#c9b6bca08d1bc2ea00fc8afb4f1a5fd1e1c66e4e" + dependencies: + readable-stream "~1.0.26" + body-parser@1.18.3, body-parser@^1.18.3: version "1.18.3" resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.18.3.tgz#5b292198ffdd553b3a0f20ded0592b956955c8b4" @@ -339,6 +355,12 @@ css-what@2.1: version "2.1.2" resolved "https://registry.yarnpkg.com/css-what/-/css-what-2.1.2.tgz#c0876d9d0480927d7d4920dcd72af3595649554d" +debug@2.2.0: + version "2.2.0" + resolved "http://registry.npmjs.org/debug/-/debug-2.2.0.tgz#f87057e995b1a1f6ae6a4960664137bc56f039da" + dependencies: + ms "0.7.1" + debug@2.6.9: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" @@ -365,6 +387,12 @@ deep-extend@^0.6.0: version "0.6.0" resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac" +deferred-leveldown@~0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/deferred-leveldown/-/deferred-leveldown-0.2.0.tgz#2cef1f111e1c57870d8bbb8af2650e587cd2f5b4" + dependencies: + abstract-leveldown "~0.12.1" + deferred-leveldown@~3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/deferred-leveldown/-/deferred-leveldown-3.0.0.tgz#bff7241bf156aa3635f520bedf34330c408d3307" @@ -462,6 +490,16 @@ encoding-down@~4.0.0: level-errors "^1.0.4" xtend "^4.0.1" +encoding-down@~5.0.0: + version "5.0.4" + resolved "https://registry.yarnpkg.com/encoding-down/-/encoding-down-5.0.4.tgz#1e477da8e9e9d0f7c8293d320044f8b2cd8e9614" + dependencies: + abstract-leveldown "^5.0.0" + inherits "^2.0.3" + level-codec "^9.0.0" + level-errors "^2.0.0" + xtend "^4.0.1" + end-of-stream@^1.0.0, end-of-stream@^1.1.0: version "1.4.1" resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.1.tgz#ed29634d19baba463b6ce6b80a37213eab71ec43" @@ -518,6 +556,15 @@ expand-template@^1.0.2: version "1.1.1" resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-1.1.1.tgz#981f188c0c3a87d2e28f559bc541426ff94f21dd" +express-session-level@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/express-session-level/-/express-session-level-1.0.0.tgz#82c2a96017707a0f5231ab74592a632c251bea29" + dependencies: + debug "2.2.0" + level-ttl "3.1.0" + levelup-defaults "1.0.2" + xtend "4.0.1" + express-session@^1.15.6: version "1.15.6" resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.15.6.tgz#47b4160c88f42ab70fe8a508e31cbff76757ab0a" @@ -800,13 +847,17 @@ level-codec@^8.0.0: version "8.0.0" resolved "https://registry.yarnpkg.com/level-codec/-/level-codec-8.0.0.tgz#3a4a0de06dae20c2f5a57b3372c7651e67083e03" +level-codec@^9.0.0: + version "9.0.0" + resolved "https://registry.yarnpkg.com/level-codec/-/level-codec-9.0.0.tgz#2d3a0e835c4aa8339ec63de3f5a37480b74a5f87" + level-errors@^1.0.4, level-errors@~1.1.0: version "1.1.2" resolved "https://registry.yarnpkg.com/level-errors/-/level-errors-1.1.2.tgz#4399c2f3d3ab87d0625f7e3676e2d807deff404d" dependencies: errno "~0.1.1" -level-errors@~2.0.0: +level-errors@^2.0.0, level-errors@~2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/level-errors/-/level-errors-2.0.0.tgz#2de5b566b62eef92f99e19be74397fbc512563fa" dependencies: @@ -820,6 +871,14 @@ level-iterator-stream@~2.0.0: readable-stream "^2.0.5" xtend "^4.0.0" +level-iterator-stream@~3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/level-iterator-stream/-/level-iterator-stream-3.0.1.tgz#2c98a4f8820d87cdacab3132506815419077c730" + dependencies: + inherits "^2.0.1" + readable-stream "^2.3.6" + xtend "^4.0.0" + level-packager@^2.0.2: version "2.1.1" resolved "https://registry.yarnpkg.com/level-packager/-/level-packager-2.1.1.tgz#10b653decb67b0a09c4e961ae84f196edaad205a" @@ -827,6 +886,21 @@ level-packager@^2.0.2: encoding-down "~4.0.0" levelup "^2.0.0" +level-packager@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/level-packager/-/level-packager-3.1.0.tgz#e617c8633d6ecc2ed40c56d86b75464392fa3ccd" + dependencies: + encoding-down "~5.0.0" + levelup "^3.0.0" + +level-ttl@3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/level-ttl/-/level-ttl-3.1.0.tgz#2d0471e023e3c482619b8f6eff3a0856fdcf2cc6" + dependencies: + after ">=0.8.1 <0.9.0-0" + list-stream ">=1.0.0 <1.1.0-0" + xtend ">=4.0.0 <4.1.0-0" + level-write-stream@1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/level-write-stream/-/level-write-stream-1.0.0.tgz#3f7fbb679a55137c0feb303dee766e12ee13c1dc" @@ -841,6 +915,14 @@ level@3.0.2: leveldown "^3.0.0" opencollective-postinstall "^2.0.0" +level@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/level/-/level-4.0.0.tgz#86aa46b5430bac12676e693ebff206232ef1e549" + dependencies: + level-packager "^3.0.0" + leveldown "^4.0.0" + opencollective-postinstall "^2.0.0" + leveldown@3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/leveldown/-/leveldown-3.0.0.tgz#a42ef5d4029f88ba538ed8da3e6c34c5b008ddd7" @@ -861,6 +943,22 @@ leveldown@^3.0.0: nan "~2.10.0" prebuild-install "^4.0.0" +leveldown@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/leveldown/-/leveldown-4.0.1.tgz#7bc3df93c9fa574feb39ce45a0c4073aa948cfef" + dependencies: + abstract-leveldown "~5.0.0" + bindings "~1.3.0" + fast-future "~1.0.2" + nan "~2.10.0" + prebuild-install "^4.0.0" + +levelup-defaults@1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/levelup-defaults/-/levelup-defaults-1.0.2.tgz#aaa9f6780e6a6d4d7975726394e4cf80a237bcb2" + dependencies: + levelup "^0.19.0" + levelup@3.0.1: version "3.0.1" resolved "https://registry.yarnpkg.com/levelup/-/levelup-3.0.1.tgz#07794639fd0af185089130aaea09d03023637b8d" @@ -870,6 +968,18 @@ levelup@3.0.1: level-iterator-stream "~2.0.0" xtend "~4.0.0" +levelup@^0.19.0: + version "0.19.1" + resolved "https://registry.yarnpkg.com/levelup/-/levelup-0.19.1.tgz#f3a6a7205272c4b5f35e412ff004a03a0aedf50b" + dependencies: + bl "~0.8.1" + deferred-leveldown "~0.2.0" + errno "~0.1.1" + prr "~0.0.0" + readable-stream "~1.0.26" + semver "~5.1.0" + xtend "~3.0.0" + levelup@^2.0.0: version "2.0.2" resolved "https://registry.yarnpkg.com/levelup/-/levelup-2.0.2.tgz#83dd22ffd5ee14482143c37cddfb8457854d3727" @@ -879,6 +989,22 @@ levelup@^2.0.0: level-iterator-stream "~2.0.0" xtend "~4.0.0" +levelup@^3.0.0: + version "3.1.1" + resolved "https://registry.yarnpkg.com/levelup/-/levelup-3.1.1.tgz#c2c0b3be2b4dc316647c53b42e2f559e232d2189" + dependencies: + deferred-leveldown "~4.0.0" + level-errors "~2.0.0" + level-iterator-stream "~3.0.0" + xtend "~4.0.0" + +"list-stream@>=1.0.0 <1.1.0-0": + version "1.0.1" + resolved "https://registry.yarnpkg.com/list-stream/-/list-stream-1.0.1.tgz#e34492addccd1a165b028ad6d795a36c4fd95d29" + dependencies: + readable-stream "~2.0.5" + xtend "~4.0.1" + lodash@^4.15.0: version "4.17.11" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" @@ -949,6 +1075,10 @@ mkdirp@0.5.1, mkdirp@^0.5.1: dependencies: minimist "0.0.8" +ms@0.7.1: + version "0.7.1" + resolved "http://registry.npmjs.org/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098" + ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" @@ -1141,6 +1271,10 @@ prebuild-install@^4.0.0: tunnel-agent "^0.6.0" which-pm-runs "^1.0.0" +process-nextick-args@~1.0.6: + version "1.0.7" + resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-1.0.7.tgz#150e20b756590ad3f91093f25a4f2ad8bff30ba3" + process-nextick-args@~2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.0.tgz#a37d732f4271b4ab1ad070d35508e8290788ffaa" @@ -1166,6 +1300,10 @@ proxy-from-env@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.0.0.tgz#33c50398f70ea7eb96d21f7b817630a55791c7ee" +prr@~0.0.0: + version "0.0.0" + resolved "https://registry.yarnpkg.com/prr/-/prr-0.0.0.tgz#1a84b85908325501411853d0081ee3fa86e2926a" + prr@~1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/prr/-/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476" @@ -1337,7 +1475,7 @@ readable-stream@1.0.33: isarray "0.0.1" string_decoder "~0.10.x" -readable-stream@^2.0.5, readable-stream@^2.0.6, readable-stream@^2.1.5, readable-stream@^2.2.2, readable-stream@^2.3.0, readable-stream@^2.3.5: +readable-stream@^2.0.5, readable-stream@^2.0.6, readable-stream@^2.1.5, readable-stream@^2.2.2, readable-stream@^2.3.0, readable-stream@^2.3.5, readable-stream@^2.3.6: version "2.3.6" resolved "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz#b11c27d88b8ff1fbe070643cf94b0c79ae1b0aaf" dependencies: @@ -1361,6 +1499,26 @@ readable-stream@~0.0.2: version "0.0.4" resolved "http://registry.npmjs.org/readable-stream/-/readable-stream-0.0.4.tgz#f32d76e3fb863344a548d79923007173665b3b8d" +readable-stream@~1.0.26: + version "1.0.34" + resolved "http://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz#125820e34bc842d2f2aaafafe4c2916ee32c157c" + dependencies: + core-util-is "~1.0.0" + inherits "~2.0.1" + isarray "0.0.1" + string_decoder "~0.10.x" + +readable-stream@~2.0.5: + version "2.0.6" + resolved "http://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz#8f90341e68a53ccc928788dacfcd11b36eb9b78e" + dependencies: + core-util-is "~1.0.0" + inherits "~2.0.1" + isarray "~1.0.0" + process-nextick-args "~1.0.6" + string_decoder "~0.10.x" + util-deprecate "~1.0.1" + regenerator-runtime@^0.11.0: version "0.11.1" resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz#be05ad7f9bf7d22e056f9726cee5017fbf19e2e9" @@ -1399,6 +1557,10 @@ semver@^5.4.1: version "5.6.0" resolved "https://registry.yarnpkg.com/semver/-/semver-5.6.0.tgz#7e74256fbaa49c75aa7c7a205cc22799cac80004" +semver@~5.1.0: + version "5.1.1" + resolved "http://registry.npmjs.org/semver/-/semver-5.1.1.tgz#a3292a373e6f3e0798da0b20641b9a9c5bc47e19" + send@0.16.2: version "0.16.2" resolved "https://registry.yarnpkg.com/send/-/send-0.16.2.tgz#6ecca1e0f8c156d141597559848df64730a6bbc1" @@ -1669,10 +1831,14 @@ ws@^5.1.1: dependencies: async-limiter "~1.0.0" -xtend@^4.0.0, xtend@^4.0.1, xtend@~4.0.0, xtend@~4.0.1: +xtend@4.0.1, "xtend@>=4.0.0 <4.1.0-0", xtend@^4.0.0, xtend@^4.0.1, xtend@~4.0.0, xtend@~4.0.1: version "4.0.1" resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.1.tgz#a5c6d532be656e23db820efb943a1f04998d63af" +xtend@~3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/xtend/-/xtend-3.0.0.tgz#5cce7407baf642cba7becda568111c493f59665a" + yargs@~3.10.0: version "3.10.0" resolved "https://registry.yarnpkg.com/yargs/-/yargs-3.10.0.tgz#f7ee7bd857dd7c1d2d38c0e74efbd681d1431fd1"