fix: secure cookie configs.

morganney · Dec 14, 2023 · 6463699 · 6463699
1 parent 38b72e3
commit 6463699
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 1 deletion.
diff --git a/packages/api/src/handlers/authn.ts b/packages/api/src/handlers/authn.ts
@@ -79,6 +79,14 @@ const authn = {
                 expires: req.session.cookie.expires
               }
 
+              /**
+               * Doesn't seem necessary atm since the session
+               * is currently being saved to the store at the
+               * end of the HTTP response, however, consider
+               * using `req.session.regenerate` and `req.session.save`
+               * as exemplified in the documentation:
+               * @see https://www.npmjs.com/package/express-session#user-login
+               */
               debug('setting user to session', sessUser)
               req.session.user = sessUser
               debug('setting session user ID', user.id)

diff --git a/packages/api/src/index.ts b/packages/api/src/index.ts
@@ -25,6 +25,7 @@ const sess: SessionOptions = {
   resave: false,
   saveUninitialized: false,
   unset: 'destroy',
+  proxy: true,
   cookie: {
     maxAge: SESSION_DURATION_MS,
     httpOnly: true,

diff --git a/packages/web/certs/README.md b/packages/web/certs/README.md
@@ -2,7 +2,7 @@
 
 1. Install [mkcert](https://github.com/FiloSottile/mkcert#installation).
 2. `mkcert -install`.
-3. `mkcert busmap.localhost`.
+3. `mkcert -key-file busmap.localhost-key.pem -cert-file busmap.localhost.pem busmap.localhost localhost`.
 
 That should install a CA in your OS trust store and produce two files:
 

diff --git a/packages/web/templates/default.conf.template b/packages/web/templates/default.conf.template
@@ -31,6 +31,7 @@ server {
       proxy_pass http://api_server;
       # Allow keepalive to work with the upstream
       proxy_http_version 1.1;
+      proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Connection "";
     }