cameron/stock-management-demo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changes sessions to be stored in the DB, this ensures that sessions persist after a restart!

Browse source
This commit is contained in:
Cameron Redmore 2025-04-25 13:03:25 +01:00
parent 83d93aefc0
commit 1f9bb34853
5 changed files with 103 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

69
src-server/server.js
View file

@ -9,9 +9,12 @@
* Make sure to yarn add / npm install (in your project root)
* anything you import here (except for express and compression).
*/
import dotenv from 'dotenv';
import express from 'express';
import compression from 'compression';
import session from 'express-session'; // Added for session management
import { PrismaSessionStore } from '@quixo3/prisma-session-store'; // Import Prisma session store
import { PrismaClient } from '@prisma/client'; // Import Prisma Client
import { v4 as uuidv4 } from 'uuid'; // Added for generating session IDs
import apiRoutes from './routes/api.js';
import authRoutes from './routes/auth.js'; // Added for WebAuthn routes
@ -19,6 +22,8 @@ import chatRoutes from './routes/chat.js'; // Added for Chat routes
import cron from 'node-cron';
import { generateAndStoreMantisSummary } from './services/mantisSummarizer.js';
dotenv.config();
// Define Relying Party details (Update with your actual details)
export const rpID = process.env.NODE_ENV === 'production' ? 'your-production-domain.com' : 'localhost';
export const rpName = 'StylePoint';
@ -27,14 +32,30 @@ export const origin = process.env.NODE_ENV === 'production' ? `https://${rpID}`
// In-memory store for challenges (Replace with a persistent store in production)
export const challengeStore = new Map();
const prisma = new PrismaClient(); // Instantiate Prisma Client
const app = express();
if(!process.env.SESSION_SECRET)
{
console.error('SESSION_SECRET environment variable is not set. Please set it to a strong secret key.');
process.exit(1); // Exit the process if the secret is not set
}
// Session middleware configuration
app.use(session({
genid: (req) => uuidv4(), // Use UUIDs for session IDs
secret: process.env.SESSION_SECRET || 'a-very-strong-secret-key', // Use an environment variable for the secret
secret: process.env.SESSION_SECRET, // Use an environment variable for the secret
resave: false,
saveUninitialized: true,
saveUninitialized: false, // Changed to false as recommended for session stores
store: new PrismaSessionStore( // Use PrismaSessionStore
prisma,
{
checkPeriod: 2 * 60 * 1000, //ms
dbRecordIdIsSessionId: true,
dbRecordIdFunction: undefined,
}
),
cookie: {
secure: process.env.NODE_ENV === 'production', // Use secure cookies in production
httpOnly: true,
@ -42,36 +63,24 @@ app.use(session({
}
}));
// Initialize the database (now synchronous)
try
// Schedule the Mantis summary task
// Run daily at 1:00 AM server time (adjust as needed)
cron.schedule('0 1 * * *', async() =>
{
console.log('Prisma Client is ready.'); // Log Prisma readiness
// Schedule the Mantis summary task after DB initialization
// Run daily at 1:00 AM server time (adjust as needed)
cron.schedule('0 1 * * *', async() =>
console.log('Running scheduled Mantis summary task...');
try
{
console.log('Running scheduled Mantis summary task...');
try
{
await generateAndStoreMantisSummary();
console.log('Scheduled Mantis summary task completed.');
}
catch (error)
{
console.error('Error running scheduled Mantis summary task:', error);
}
}, {
scheduled: true,
timezone: 'Europe/London' // Example: Set to your server's timezone
});
}
catch (error)
{
console.error('Error during server setup:', error);
// Optionally handle the error more gracefully, e.g., prevent server start
process.exit(1); // Exit if setup fails
}
await generateAndStoreMantisSummary();
console.log('Scheduled Mantis summary task completed.');
}
catch (error)
{
console.error('Error running scheduled Mantis summary task:', error);
}
}, {
scheduled: true,
timezone: 'Europe/London' // Example: Set to your server's timezone
});
// attackers can use this header to detect apps running Express
// and then launch specifically-targeted attacks