UNPKG

@cotype/core

Version:

<h2 align="center"> <img src="https://cotype.dev/logo.svg" alt="cotype" /> </h2>

github.com/cotype/core

cotype/core

47 lines 1.77 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const crypto_random_string_1 = __importDefault(require("crypto-random-string")); const cookie_session_1 = __importDefault(require("cookie-session")); const log_1 = __importDefault(require("./log")); function secret(opts = {}) { if (opts.secret) { /* Assume user provided everything needed */ return { secret: opts.secret, signed: true, httpOnly: false }; } // Don't sign session when testing as the http client in Node < 10 does not // properly handle multiple set-cookie headers. const signed = process.env.NODE_ENV !== "test"; if (!signed) { return { signed: false, secret: undefined, httpOnly: false }; } if (process.env.NODE_ENV === "development") { log_1.default.info(`SESSION_SECRET env not set - using default secret for development.`); return { secret: "insecure", signed: true, httpOnly: false }; } log_1.default.info(`SESSION_SECRET env not set - generating a random secret for production.`); log_1.default.info(`NOTE: Set a secret to keep sessions across server restarts and to allow horizontal scaling.`); return { secret: crypto_random_string_1.default({ length: 20 }), signed: true, httpOnly: false }; } /** * Returns a middleware that does the session handling. */ exports.default = (opts) => { return cookie_session_1.default({ name: "session", maxAge: 24 * 60 * 60 * 1000, ...opts, ...secret(opts) }); }; //# sourceMappingURL=session.js.map