hobbyhimmel/Project-Image-Uploader
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b912670cab
Project-Image-Uploader/backend/src/middlewares/session.js

71 lines
2.0 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const fs = require('fs');
const path = require('path');
const session = require('express-session');
const SQLiteStore = require('connect-sqlite3')(session);
const SESSION_FILENAME = process.env.ADMIN_SESSION_DB || 'sessions.sqlite';
const SESSION_DIR = process.env.ADMIN_SESSION_DIR
? path.resolve(process.env.ADMIN_SESSION_DIR)
: path.join(__dirname, '..', 'data');
const SESSION_SECRET = process.env.ADMIN_SESSION_SECRET;
const IS_PRODUCTION = process.env.NODE_ENV === 'production';
const ADMIN_SESSION_COOKIE_SECURE = process.env.ADMIN_SESSION_COOKIE_SECURE;
const parseBooleanEnv = (value) => {
if (typeof value !== 'string') {
return undefined;
}
switch (value.toLowerCase().trim()) {
case 'true':
case '1':
case 'yes':
case 'on':
return true;
case 'false':
case '0':
case 'no':
case 'off':
return false;
default:
return undefined;
}
};
const secureOverride = parseBooleanEnv(ADMIN_SESSION_COOKIE_SECURE);
const cookieSecure = secureOverride ?? IS_PRODUCTION;
if (IS_PRODUCTION && secureOverride === false) {
console.warn('[Session] ADMIN_SESSION_COOKIE_SECURE=false detected secure cookies disabled in production. Only do this on trusted HTTP deployments.');
}
if (!SESSION_SECRET) {
throw new Error('ADMIN_SESSION_SECRET is required for session management');
}
// Ensure session directory exists so SQLite can create the DB file
if (!fs.existsSync(SESSION_DIR)) {
fs.mkdirSync(SESSION_DIR, { recursive: true });
}
const store = new SQLiteStore({
db: SESSION_FILENAME,
dir: SESSION_DIR,
ttl: 8 * 60 * 60 // seconds
});
const sessionMiddleware = session({
name: 'sid',
store,
secret: SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: true,
secure: cookieSecure,
sameSite: 'strict',
maxAge: 8 * 60 * 60 * 1000 // 8 hours
}
});
module.exports = sessionMiddleware;
Reference in New Issue View Git Blame Copy Permalink