cds-snc · CalvinRodo · Nov 27, 2019 · Nov 27, 2019 · Dec 2, 2019
diff --git a/.gitignore b/.gitignore
@@ -73,4 +73,7 @@ cdk.out
 cdk.out
 
 cdk/local-image
-credentials
+credentials
+
+#Ignore session added from file-session-store
+sessions
diff --git a/app.js b/app.js
@@ -7,8 +7,7 @@ const cookieParser = require('cookie-parser')
 const compression = require('compression')
 const helmet = require('helmet')
 const path = require('path')
-const cookieSession = require('cookie-session')
-const cookieSessionConfig = require('./config/cookieSession.config')
+const sessionConfig = require('./config/session.config')
 const { hasData } = require('./utils')
 const { addNunjucksFilters } = require('./filters')
 const csp = require('./config/csp.config')
@@ -43,9 +42,8 @@ app.use(function(req, res, next) {
   next()
 })
 
-// in production: use redis for sessions
-// but this works for now
-app.use(cookieSession(cookieSessionConfig))
+// add the session selected in session.config.js
+app.use(sessionConfig)
 
 // public assets go here (css, js, etc)
 app.use(express.static(path.join(__dirname, 'public')))

diff --git a/config/cookieSession.config.js b/config/cookieSession.config.js
diff --git a/config/session.config.js b/config/session.config.js
@@ -0,0 +1,34 @@
+/*
+ configuration for our sessions
+  - set a name for the session so that the session persists between server reloads
+    - if a SESSION_SECRET environment variable, use that as a secret name
+    - else use a timestamp that rotates every 60 minutes
+  - also set session expiry time to 60 minutes
+  more docs here: https://expressjs.com/en/resources/middleware/cookie-session.html
+*/
+const session = require('express-session')
+const MemoryStore = require('memorystore')(session)
+const FileStore = require('session-file-store')(session)
+
+const oneHour = 1000 * 60 * 60
+const sessionName = `ctb-${process.env.SESSION_SECRET ||
+  Math.floor(new Date().getTime() / oneHour)}`
+
+
+// In production use redis but this works for now
+const store = { 
+  memory: () => new MemoryStore({ checkPeriod: oneHour }),
+  fileStore: () => new FileStore({}),
+}
+
+const sessionConfig= {
+  cookie: { httpOnly: true, maxAge: oneHour, sameSite: 'strict' },
+  store: store.fileStore(),
+  secret: sessionName,
+  resave: false,
+  saveUninitialized: false,
+  unset: 'destroy',
+}
+
+
+module.exports =  session(sessionConfig)
diff --git a/package.json b/package.json
@@ -29,6 +29,8 @@
   },
   "dependencies": {
     "@cdssnc/webpack-starter": "^2.0.2",
+    "@csstools/postcss-sass": "^4.0.0",
+    "@fullhuman/postcss-purgecss": "^1.3.0",
     "compression": "^1.7.4",
     "cookie-parser": "~1.4.4",
     "cookie-session": "^1.3.3",
@@ -43,12 +45,12 @@
     "express-validator": "^6.2.0",
     "helmet": "^3.21.2",
     "i18n": "^0.8.4",
+    "memorystore": "^1.6.1",
     "mini-css-extract-plugin": "^0.8.0",
     "nunjucks": "^3.2.0",
     "request": "^2.88.0",
-    "tailwindcss": "^1.1.3",
-    "@csstools/postcss-sass": "^4.0.0",
-    "@fullhuman/postcss-purgecss": "^1.3.0"
+    "session-file-store": "^1.3.1",
+    "tailwindcss": "^1.1.3"
   },
   "devDependencies": {
     "@aws-cdk/aws-docdb": "1.17.1",
@@ -81,7 +83,7 @@
   "nodemonConfig": {
     "ext": "js,json,njk,scss",
     "ignore": [
-      "public/dist/**/*.*"
+      "public/dist/**/*.*", "sessions/*"
     ]
   }
 }