From b55c4e7f174e189dcfaccce8b6783d48168f70e4 Mon Sep 17 00:00:00 2001
From: Cali93 <32299095+Cali93@users.noreply.github.com>
Date: Thu, 13 Jul 2023 15:38:47 +0300
Subject: [PATCH] fix(cookie): update cookie settings based on environment

---
 src/handlers/verify.ts | 5 -----
 src/index.ts           | 9 ++++++---
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/handlers/verify.ts b/src/handlers/verify.ts
index a300459..d074c00 100644
--- a/src/handlers/verify.ts
+++ b/src/handlers/verify.ts
@@ -13,11 +13,6 @@ export const verifyAndSignIn = async (req: Request, res: Response) => {
 
     const message = new SiweMessage(req.body.message);
     const fields = await message.validate(req.body.signature);
-    console.log({
-      isProd: process.env.NODE_ENV === "production",
-      fieldsNonce: fields.nonce,
-      sessionNonce: req.session.nonce,
-    });
     if (fields.nonce !== req.session.nonce) {
       res.status(422).json({
         message: `Invalid nonce.`,
diff --git a/src/index.ts b/src/index.ts
index 832ea24..a74bfc9 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -62,6 +62,7 @@ app.disable("x-powered-by");
 // Enable body parser
 app.use(express.json());
 app.use(cookieParser(COOKIE_SECRET));
+app.set("trust proxy", 1);
 
 const isProd = process.env.NODE_ENV === "production";
 const isDev = process.env.NODE_ENV === "development";
@@ -97,11 +98,13 @@ app.use(
   Session({
     name: COOKIE_NAME,
     secret: COOKIE_SECRET,
-    resave: true,
-    saveUninitialized: true,
+    resave: false,
+    saveUninitialized: false,
+    store: redisStore,
     cookie: {
       secure: isDev ? false : true,
-      sameSite: isProd || "none",
+      sameSite: isProd ? "strict" : "none",
+      maxAge: 144 * 60 * 60 * 1000,
       httpOnly: true,
     },
   })