add express-session memorystore without leaks (#1435)

* add express-session memorystore without leaks * Bump memorystore to v1.6.0
2018-01-11 23:51:05 +01:00 · 2018-01-11 23:51:05 +01:00 · 2c4d5fa38d
parent bedb2d943e
commit 2c4d5fa38d
2 changed files with 13 additions and 7 deletions
--- a/package.json
+++ b/package.json
@ -47,6 +47,7 @@
        "json-stringify-safe":"5.0.1",
        "jsonata":"1.3.0",
        "media-typer": "0.3.0",
+        "memorystore": "1.6.0",
        "mqtt": "2.9.0",
        "multer": "1.3.0",
        "mustache": "2.3.0",
--- a/red/api/auth/index.js
+++ b/red/api/auth/index.js
@ -150,14 +150,19 @@ module.exports = {
    login: login,
    revoke: revoke,
    genericStrategy: function(adminApp,strategy) {
-        var session = require('express-session');
-        var crypto = require("crypto");
+        var crypto = require("crypto")
+        var session = require('express-session')
+        var MemoryStore = require('memorystore')(session)
+
        adminApp.use(session({
-            // As the session is only used across the life-span of an auth
-            // hand-shake, we can use a instance specific random string
-            secret: crypto.randomBytes(20).toString('hex'),
-            resave: false,
-            saveUninitialized:false
+          // As the session is only used across the life-span of an auth
+          // hand-shake, we can use a instance specific random string
+          secret: crypto.randomBytes(20).toString('hex'),
+          resave: false,
+          saveUninitialized: false,
+          store: new MemoryStore({
+            checkPeriod: 86400000 // prune expired entries every 24h
+          })
        }));
        //TODO: all passport references ought to be in ./auth
        adminApp.use(passport.initialize());