deps: bump passport from 0.5.3 to 0.7.0 in the passport group (#630)

* deps: bump passport from 0.5.3 to 0.7.0 in the passport group Bumps the passport group with 1 update: [passport](https://github.com/jaredhanson/passport). Updates `passport` from 0.5.3 to 0.7.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.5.3...v0.7.0) --- updated-dependencies: - dependency-name: passport dependency-type: direct:production update-type: version-update:semver-minor dependency-group: passport ... Signed-off-by: dependabot[bot] <[email protected]> * Add express-session * logout from passport * bump express-session types * secure cookie inp rod --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Renée Kooi <[email protected]>
u-wave · Nov 26, 2024 · f65fdd6 · f65fdd6
1 parent 3e95976
commit f65fdd6
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/package.json b/package.json
@@ -40,6 +40,7 @@
     "escape-string-regexp": "^5.0.0",
     "explain-error": "^1.0.4",
     "express": "^5.0.0",
+    "express-session": "^1.18.1",
     "has": "^1.0.3",
     "helmet": "^8.0.0",
     "htmlescape": "^1.1.1",
@@ -56,7 +57,7 @@
     "node-fetch": "^3.3.1",
     "nodemailer": "^6.4.2",
     "object.groupby": "^1.0.1",
-    "passport": "^0.5.0",
+    "passport": "^0.7.0",
     "passport-google-oauth20": "^2.0.0",
     "passport-local": "^1.0.0",
     "pg": "^8.10.0",
@@ -84,6 +85,7 @@
     "@types/cookie-parser": "^1.4.2",
     "@types/cors": "^2.8.10",
     "@types/express": "^5.0.0",
+    "@types/express-session": "^1.18.1",
     "@types/has": "^1.0.0",
     "@types/htmlescape": "^1.1.1",
     "@types/http-errors": "^2.0.0",

diff --git a/src/HttpApi.js b/src/HttpApi.js
@@ -6,6 +6,7 @@ import bodyParser from 'body-parser';
 import cookieParser from 'cookie-parser';
 import cors from 'cors';
 import helmet from 'helmet';
+import session from 'express-session';
 import qs from 'qs';
 import { pinoHttp } from 'pino-http';
 
@@ -101,6 +102,9 @@ async function httpApi(uw, options) {
     authRegistry: new AuthRegistry(uw.redis),
   });
 
+  uw.express = express();
+  uw.express.set('query parser', /** @param {string} str */ (str) => qs.parse(str, { depth: 1 }));
+
   uw.httpApi
     .use(pinoHttp({
       genReqId: () => randomUUID(),
@@ -109,6 +113,15 @@ async function httpApi(uw, options) {
     }))
     .use(bodyParser.json())
     .use(cookieParser())
+    .use(session({
+      secret: options.secret,
+      resave: false,
+      saveUninitialized: false,
+      cookie: {
+        secure: uw.express.get('env') === 'production',
+        httpOnly: true,
+      },
+    }))
     .use(uw.passport.initialize())
     .use(addFullUrl())
     .use(attachUwaveMeta(uw.httpApi, uw))
@@ -130,9 +143,6 @@ async function httpApi(uw, options) {
     .use('/server', server())
     .use('/users', users());
 
-  uw.express = express();
-  uw.express.set('query parser', /** @param {string} str */ (str) => qs.parse(str, { depth: 1 }));
-
   uw.server = http.createServer(uw.express);
   if (options.helmet !== false) {
     uw.express.use(helmet({

diff --git a/src/controllers/authenticate.js b/src/controllers/authenticate.js
@@ -1,3 +1,4 @@
+import { promisify } from 'node:util';
 import cookie from 'cookie';
 import jwt from 'jsonwebtoken';
 import randomString from 'random-string';
@@ -458,6 +459,9 @@ async function logout(req, res) {
     res.setHeader('Set-Cookie', serialized);
   }
 
+  const passportLogout = promisify(req.logout.bind(req));
+  await passportLogout();
+
   return toItemResponse({});
 }