fix(session-prefix): remove redis prefix

WalletConnect · Jul 13, 2023 · e19fecd · e19fecd
1 parent f738dce
commit e19fecd
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 7 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -17,6 +17,7 @@
     "@prisma/client": "^4.15.0",
     "connect-redis": "^7.1.0",
     "cookie": "^0.5.0",
+    "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
@@ -28,6 +29,7 @@
   },
   "devDependencies": {
     "@types/cookie": "^0.5.1",
+    "@types/cookie-parser": "^1.4.3",
     "@types/cors": "^2.8.13",
     "@types/express": "^4.17.17",
     "@types/express-session": "^1.17.6",

diff --git a/src/handlers/verify.ts b/src/handlers/verify.ts
@@ -13,6 +13,11 @@ export const verifyAndSignIn = async (req: Request, res: Response) => {
 
     const message = new SiweMessage(req.body.message);
     const fields = await message.validate(req.body.signature);
+    console.log({
+      isProd: process.env.NODE_ENV === "production",
+      fieldsNonce: fields.nonce,
+      sessionNonce: req.session.nonce,
+    });
     if (fields.nonce !== req.session.nonce) {
       res.status(422).json({
         message: `Invalid nonce.`,

diff --git a/src/index.ts b/src/index.ts
@@ -1,4 +1,5 @@
 import RedisStore from "connect-redis";
+import cookieParser from "cookie-parser";
 import cors, { CorsOptions } from "cors";
 import dotenv from "dotenv";
 import express, { NextFunction, Request, Response } from "express";
@@ -60,6 +61,7 @@ const app = express();
 app.disable("x-powered-by");
 // Enable body parser
 app.use(express.json());
+app.use(cookieParser(COOKIE_SECRET));
 
 const isProd = process.env.NODE_ENV === "production";
 const allowedOrigins = isProd
@@ -93,12 +95,12 @@ app.use(
   Session({
     name: COOKIE_NAME,
     secret: COOKIE_SECRET,
-    resave: true,
-    saveUninitialized: true,
+    resave: false,
+    saveUninitialized: false,
     store: redisStore,
     cookie: {
       secure: isProd,
-      sameSite: isProd,
+      sameSite: isProd || "none",
       httpOnly: true,
     },
   })
@@ -115,15 +117,15 @@ const limiter = rateLimit({
 app.use(limiter);
 
 app.get("/health", async function (req, res) {
-  await redisClient.set("test", "value");
-  const test = await redisClient.get("test");
-  console.log({ test });
   return res.status(200).json({ status: "OK" });
 });
 
 app.post("/nonce", captchaVerification, async function (req, res) {
   req.session.nonce = generateNonce();
-  return res.status(200).json({ nonce: req.session.nonce });
+
+  return req.session.save(() =>
+    res.status(200).json({ nonce: req.session.nonce })
+  );
 });
 
 app.post("/connect", captchaVerification, verifyAndSignIn);