Apply httpAdminCookieOptions to session cookie

Closes #4717

packages/node_modules/@node-red/editor-api/lib/auth/index.js

@@ -160,20 +160,30 @@ function completeVerify(profile,done) {
 
 
 function genericStrategy(adminApp,strategy) {
-    var crypto = require("crypto")
-    var session = require('express-session')
-    var MemoryStore = require('memorystore')(session)
+    const crypto = require("crypto")
+    const session = require('express-session')
+    const MemoryStore = require('memorystore')(session)
 
-    adminApp.use(session({
-      // As the session is only used across the life-span of an auth
-      // hand-shake, we can use a instance specific random string
-      secret: crypto.randomBytes(20).toString('hex'),
-      resave: false,
-      saveUninitialized: false,
-      store: new MemoryStore({
-        checkPeriod: 86400000 // prune expired entries every 24h
-      })
-    }));
+    const sessionOptions = {
+        // As the session is only used across the life-span of an auth
+        // hand-shake, we can use a instance specific random string
+        secret: crypto.randomBytes(20).toString('hex'),
+        resave: false,
+        saveUninitialized: false,
+        store: new MemoryStore({
+          checkPeriod: 86400000 // prune expired entries every 24h
+        })
+    }
+    if (settings.httpAdminCookieOptions) {
+        sessionOptions.cookie = {
+            path: '/',
+            httpOnly: true,
+            secure: false,
+            maxAge: null,
+            ...settings.httpAdminCookieOptions
+        }
+    }
+    adminApp.use(session(sessionOptions));
     //TODO: all passport references ought to be in ./auth
     adminApp.use(passport.initialize());
     adminApp.use(passport.session());

packages/node_modules/node-red/red.js

@@ -42,6 +42,7 @@ try { bcrypt = require('bcrypt'); }
 catch(e) { bcrypt = require('bcryptjs'); }
 var nopt = require("nopt");
 var path = require("path");
+const os = require("os")
 var fs = require("fs-extra");
 var RED = require("./lib/red.js");
 
@@ -59,6 +60,7 @@ var knownOpts = {
     "userDir": [path],
     "verbose": Boolean,
     "safe": Boolean,
+    "version": Boolean,
     "define": [String, Array]
 };
 var shortHands = {
@@ -92,6 +94,7 @@ if (parsedArgs.help) {
     console.log("  -v, --verbose        enable verbose output");
     console.log("      --safe           enable safe mode");
     console.log("  -D, --define   X=Y   overwrite value in settings file");
+    console.log("      --version        show version information");
     console.log("  -?, --help           show this help");
     console.log("  admin <command>      run an admin command");
     console.log("");
@@ -99,6 +102,13 @@ if (parsedArgs.help) {
     process.exit();
 }
 
+if (parsedArgs.version) {
+    console.log("Node-RED v"+RED.version())
+    console.log("Node.js "+process.version)
+    console.log(os.type()+" "+os.release()+" "+os.arch()+" "+os.endianness())
+    process.exit()
+}
+
 if (parsedArgs.argv.remain.length > 0) {
     flowFile = parsedArgs.argv.remain[0];
 }

packages/node_modules/node-red/settings.js

@@ -133,6 +133,7 @@ module.exports = {
  *  - httpServerOptions
  *  - httpAdminRoot
  *  - httpAdminMiddleware
+ *  - httpAdminCookieOptions
  *  - httpNodeRoot
  *  - httpNodeCors
  *  - httpNodeMiddleware
@@ -178,6 +179,11 @@ module.exports = {
     //    next();
     // },
 
+    /** The following property can be used to set addition options on the session
+     * cookie used as part of adminAuth authentication system
+     * Available options are documented here: https://www.npmjs.com/package/express-session#cookie
+     */
+    // httpAdminCookieOptions: { },
 
     /** Some nodes, such as HTTP In, can be used to listen for incoming http requests.
      * By default, these are served relative to '/'. The following property