From dcbe7509d2f2720da31429d9d79dcc2b35856431 Mon Sep 17 00:00:00 2001
From: rxbn_ <contact@rxbn.de>
Date: Mon, 17 Aug 2020 13:57:10 +0200
Subject: [PATCH] web - persistent sessions using mongodb as session-store

---
 README.md              |  4 ++--
 app.js                 |  2 +-
 bin/config.js          |  4 ++--
 bin/database/module.js |  9 ++++++++
 bin/web/module.js      | 50 ++++++++++++++++++++++++++++++------------
 package.json           |  1 +
 6 files changed, 51 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index ae5dc49..cee1f4b 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,11 @@ Single sign-on authentication and authorization service for rxbn.de services
 # start server
 ## normal start
 ```sh
-$ DB_URL=mongodb://user:pass@ip:port/authdb DB_NAME=authRxbn node app.js
+$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" node app.js
 ```
 ## debug start (with debug output/logs)
 ```sh
-$ DB_URL=mongodb://user:pass@ip:port/authdb DB_NAME=authRxbn NODE_ENV=debug node app.js
+$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" NODE_ENV=debug node app.js
 ```
 
 # TODO
diff --git a/app.js b/app.js
index 4b8d547..bb13651 100644
--- a/app.js
+++ b/app.js
@@ -21,7 +21,7 @@ let load = global['requireModule'] = (name) => {
 };
 
 // environment variable check
-let env_vars = ["DB_URL", "DB_NAME"];
+let env_vars = ["DB_URL", "DB_NAME", "SESSION_KEY", "COOKIE_KEY"];
 let env_missing = false;
 env_vars.forEach((el) => {
 	if(typeof process.env[el] == 'undefined') {
diff --git a/bin/config.js b/bin/config.js
index 4201779..a52c0cc 100644
--- a/bin/config.js
+++ b/bin/config.js
@@ -20,8 +20,8 @@ module.exports = {
 		host: "auth.rxbn.de",
 		port: 8080,
 		poweredBy: 'authRXBN.js',
-		sessionKey: require('crypto').randomBytes(32).toString('hex'),
-		cookieKey: require('crypto').randomBytes(32).toString('hex'),
+		sessionKey: process.env.SESSION_KEY,
+		cookieKey: process.env.COOKIE_KEY,
 		registration: false, // false -> no registration
 		cookieMaxAge: 1000*60*60 // one hour (milliseconds*seconds*minutes)
 	},
diff --git a/bin/database/module.js b/bin/database/module.js
index bf718a7..865f5b7 100644
--- a/bin/database/module.js
+++ b/bin/database/module.js
@@ -48,6 +48,15 @@ methods.connect = async () => {
 	});
 }
 
+/**
+ * returns db instance
+ * @author Ruben Meyer
+ * @return {Object} mongoose
+ */
+methods.getConnection = () => {
+	return db;
+}
+
 //  //    //  //////// ////////  ///////
 //  //    //  //       //        //    //
 //  //    //  //////   //////    //////
diff --git a/bin/web/module.js b/bin/web/module.js
index 6992dde..95176ad 100644
--- a/bin/web/module.js
+++ b/bin/web/module.js
@@ -18,6 +18,7 @@ methods.start = () => {
 	// init express framework
 	let express = require('express');
 	let session_handler = require('express-session');
+	let session_store = require('connect-mongo')(session_handler);
 
 	// utilities
 	let fs = require('fs');
@@ -86,18 +87,34 @@ methods.start = () => {
 	if(app.get('env') === 'debug')
 		app.locals.pretty = true;
 
-	// Sessions
-	session_options = {
-		secret: cfg.web.sessionKey,
-		resave: false,
-		saveUninitialized: false, cookie: {}};
-	if(app.get('env') === 'production') {
-		session_options.cookie.secure = true;
-	}
-	app.use(session_handler(session_options));
-
-	// web routes
 	(async function() {
+		// mongooseConnection
+		let db = global['requireModule']('database');
+		await db.connect();
+		let con = db.getConnection();
+
+		// Sessions
+		session_options = {
+			secret: cfg.web.sessionKey,
+			resave: false,
+			saveUninitialized: false,
+			cookie: {
+				maxAge: cfg.web.cookieMaxAge
+			},
+			store: new session_store({
+				mongooseConnection: con,
+				dbName: cfg.mongoose.db,
+				ttl: cfg.web.cookieMaxAge,
+				secret: (app.get('env') === 'production') ? true : false
+			})
+		};
+		if(app.get('env') === 'production') {
+			app.set('trust proxy', 1);
+			session_options.cookie.secure = true;
+		}
+		app.use(session_handler(session_options));
+
+		// web routes
 		let mRoutes = require(global['__dirname']+'/bin/web/routes/static');
 		let mainRoutes = await mRoutes.getRoutes();
 		app.use('/', mainRoutes);
@@ -106,9 +123,14 @@ methods.start = () => {
 		app.use('/api', restAPI);
 
 		// start server
-		app.listen(cfg.web.port, () => {
-			global['logs'].log("Server is listening on port: "+cfg.web.port);
-		});
+		if(app.get('env') === 'production' && cfg.web.host && typeof cfg.web.host == "string")
+			app.listen(cfg.web.port, cfg.web.host, () => {
+				global['logs'].log("Server is listening on port: "+cfg.web.port);
+			});
+		else if(app.get('env') === 'debug' || !cfg.web.host || typeof cfg.web.host !== "string")
+			app.listen(cfg.web.port, () => {
+				global['logs'].log("Server is listening on port: "+cfg.web.port);
+			});
 	})();
 };
 
diff --git a/package.json b/package.json
index a6d72d2..e78054c 100644
--- a/package.json
+++ b/package.json
@@ -7,6 +7,7 @@
   "license": "",
   "dependencies": {
     "body-parser": "^1.19.0",
+    "connect-mongo": "^3.2.0",
     "cookie-parser": "^1.4.5",
     "express": "^4.17.1",
     "express-async-handler": "^1.1.4",