frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply httpAdminCookieOptions to session cookie

Browse Source
This commit is contained in:
Nick O'Leary 2024-05-23 17:01:48 +01:00
parent c604ac2207
commit 805ed593fb
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
packages/node_modules/@node-red/editor-api/lib/auth/index.js vendored
View File

@ -160,11 +160,11 @@ function completeVerify(profile,done) {
function genericStrategy(adminApp,strategy) {
var crypto = require("crypto")
var session = require('express-session')
var MemoryStore = require('memorystore')(session)
const crypto = require("crypto")
const session = require('express-session')
const MemoryStore = require('memorystore')(session)
adminApp.use(session({
const sessionOptions = {
// As the session is only used across the life-span of an auth
// hand-shake, we can use a instance specific random string
secret: crypto.randomBytes(20).toString('hex'),
@ -173,7 +173,17 @@ function genericStrategy(adminApp,strategy) {
store: new MemoryStore({
checkPeriod: 86400000 // prune expired entries every 24h
})
}));
}
if (settings.httpAdminCookieOptions) {
sessionOptions.cookie = {
path: '/',
httpOnly: true,
secure: false,
maxAge: null,
...settings.httpAdminCookieOptions
}
}
adminApp.use(session(sessionOptions));
//TODO: all passport references ought to be in ./auth
adminApp.use(passport.initialize());
adminApp.use(passport.session());