archive/rsnext
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
rsnext/examples/with-firebase-authentication/server.js
bokuweb 2cd8f1c920 Update server.js (#10056) 
I think `httpOnly` property should set as `cookie`'s property.
This is because `SessionOptions` is following.

```
  interface SessionOptions {
    secret: string | string[];
    name?: string;
    store?: Store | MemoryStore;
    cookie?: {
      maxAge?: number;
      signed?: boolean;
      expires?: Date;
      httpOnly?: boolean;
      path?: string;
      domain?: string;
      secure?: boolean | 'auto';
      encode?: (val: string) => string;
      sameSite?: boolean | 'lax' | 'strict' | 'none';
    };
    genid?(req: express.Request): string;
    rolling?: boolean;
    resave?: boolean;
    proxy?: boolean;
    saveUninitialized?: boolean;
    unset?: string;
  }
```
2020-01-13 12:17:06 +01:00

68 lines
1.7 KiB
JavaScript
Raw Blame History

const express = require('express')
const bodyParser = require('body-parser')
const session = require('express-session')
const FileStore = require('session-file-store')(session)
const next = require('next')
const admin = require('firebase-admin')
const port = parseInt(process.env.PORT, 10) || 3000
const dev = process.env.NODE_ENV !== 'production'
const app = next({ dev })
const handle = app.getRequestHandler()
const firebase = admin.initializeApp(
{
credential: admin.credential.cert(require('./credentials/server')),
},
'server'
)
app.prepare().then(() => {
const server = express()
server.use(bodyParser.json())
server.use(
session({
secret: 'geheimnis',
saveUninitialized: true,
store: new FileStore({ secret: 'geheimnis' }),
resave: false,
rolling: true,
cookie: { maxAge: 604800000, httpOnly: true }, // week
})
)
server.use((req, res, next) => {
req.firebaseServer = firebase
next()
})
server.post('/api/login', (req, res) => {
if (!req.body) return res.sendStatus(400)
const token = req.body.token
firebase
.auth()
.verifyIdToken(token)
.then(decodedToken => {
req.session.decodedToken = decodedToken
return decodedToken
})
.then(decodedToken => res.json({ status: true, decodedToken }))
.catch(error => res.json({ error }))
})
server.post('/api/logout', (req, res) => {
req.session.decodedToken = null
res.json({ status: true })
})
server.get('*', (req, res) => {
return handle(req, res)
})
server.listen(port, err => {
if (err) throw err
console.log(`> Ready on http://localhost:${port}`)
})
})
Reference in a new issue View git blame Copy permalink