MALIO-DEV/Inventory_backend
Archived
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: allow overriding session cookie secure flag

Browse Source
This commit is contained in:
Matthieu
2025-09-18 09:56:34 +02:00
parent 92c2e9d780
commit e1989d39ec
5 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dist/main.js vendored
View File

@@ -11,6 +11,9 @@ async function bootstrap() {
const requestSizeLimit = process.env.REQUEST_SIZE_LIMIT || '10mb';
app.use((0, express_1.json)({ limit: requestSizeLimit }));
app.use((0, express_1.urlencoded)({ limit: requestSizeLimit, extended: true }));
const sessionCookieSecure = process.env.SESSION_COOKIE_SECURE
? process.env.SESSION_COOKIE_SECURE === 'true'
: process.env.NODE_ENV === 'production';
app.use(session({
secret: process.env.SESSION_SECRET || 'change-me',
resave: false,
@@ -18,7 +21,7 @@ async function bootstrap() {
cookie: {
httpOnly: true,
sameSite: process.env.SESSION_SAME_SITE ?? 'lax',
secure: process.env.NODE_ENV === 'production',
secure: sessionCookieSecure,
maxAge: Number(process.env.SESSION_MAX_AGE ?? 1000 * 60 * 60 * 24 * 7),
},
}));

2
dist/main.js.map vendored
View File

@@ -1 +1 @@
{"version":3,"file":"main.js","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":";;AAAA,uCAA2C;AAC3C,2CAAgD;AAEhD,2CAA2C;AAC3C,qCAA2C;AAC3C,6CAAyC;AAEzC,KAAK,UAAU,SAAS;IACtB,MAAM,GAAG,GAAG,MAAM,kBAAW,CAAC,MAAM,CAAyB,sBAAS,CAAC,CAAC;IAExE,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAE1B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,MAAM,CAAC;IAClE,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,IAAA,oBAAU,EAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEjE,GAAG,CAAC,GAAG,CACL,OAAO,CAAC;QACN,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,WAAW;QACjD,MAAM,EAAE,KAAK;QACb,iBAAiB,EAAE,KAAK;QACxB,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAG,OAAO,CAAC,GAAG,CAAC,iBAA+C,IAAI,KAAK;YAC/E,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;SACvE;KACF,CAAC,CACH,CAAC;IAGF,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW;QAC5C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjE,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;IAE9B,GAAG,CAAC,UAAU,CAAC;QACb,MAAM,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;YAE3B,IAAI,CAAC,MAAM,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,KAAK,CAAC,UAAU,MAAM,sBAAsB,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IAEH,GAAG,CAAC,cAAc,CAAC,IAAI,uBAAc,CAAC;QACpC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;QACtD,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,iCAAiC,KAAK,MAAM;QAC9E,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;KACvD,CAAC,CAAC,CAAC;IAEJ,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,CAAC;IAClD,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;IAC9C,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,+CAA+C,IAAI,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,EAAE,CAAC"}
{"version":3,"file":"main.js","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":";;AAAA,uCAA2C;AAC3C,2CAAgD;AAEhD,2CAA2C;AAC3C,qCAA2C;AAC3C,6CAAyC;AAEzC,KAAK,UAAU,SAAS;IACtB,MAAM,GAAG,GAAG,MAAM,kBAAW,CAAC,MAAM,CAAyB,sBAAS,CAAC,CAAC;IAExE,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAE1B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,MAAM,CAAC;IAClE,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,IAAA,oBAAU,EAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEjE,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,MAAM;QAC9C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE1C,GAAG,CAAC,GAAG,CACL,OAAO,CAAC;QACN,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,WAAW;QACjD,MAAM,EAAE,KAAK;QACb,iBAAiB,EAAE,KAAK;QACxB,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAG,OAAO,CAAC,GAAG,CAAC,iBAA+C,IAAI,KAAK;YAC/E,MAAM,EAAE,mBAAmB;YAC3B,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;SACvE;KACF,CAAC,CACH,CAAC;IAGF,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW;QAC5C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjE,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;IAE9B,GAAG,CAAC,UAAU,CAAC;QACb,MAAM,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;YAE3B,IAAI,CAAC,MAAM,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,KAAK,CAAC,UAAU,MAAM,sBAAsB,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IAEH,GAAG,CAAC,cAAc,CAAC,IAAI,uBAAc,CAAC;QACpC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;QACtD,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,iCAAiC,KAAK,MAAM;QAC9E,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;KACvD,CAAC,CAAC,CAAC;IAEJ,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,CAAC;IAClD,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;IAC9C,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,+CAA+C,IAAI,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,EAAE,CAAC"}

2
dist/tsconfig.build.tsbuildinfo vendored
View File

File diff suppressed because one or more lines are too long

1
env.example
View File

@@ -17,6 +17,7 @@ SESSION_MAX_AGE=604800000
DEFAULT_PROFILE_FIRST_NAME=Admin
DEFAULT_PROFILE_LAST_NAME=General
REQUEST_SIZE_LIMIT=10mb
SESSION_COOKIE_SECURE=true
# Configuration de l'API
API_PREFIX=api

6
src/main.ts
View File

@@ -14,6 +14,10 @@ async function bootstrap() {
app.use(json({ limit: requestSizeLimit }));
app.use(urlencoded({ limit: requestSizeLimit, extended: true }));
const sessionCookieSecure = process.env.SESSION_COOKIE_SECURE
? process.env.SESSION_COOKIE_SECURE === 'true'
: process.env.NODE_ENV === 'production';
app.use(
session({
secret: process.env.SESSION_SECRET || 'change-me',
@@ -22,7 +26,7 @@ async function bootstrap() {
cookie: {
httpOnly: true,
sameSite: (process.env.SESSION_SAME_SITE as 'strict' | 'lax' | 'none') ?? 'lax',
secure: process.env.NODE_ENV === 'production',
secure: sessionCookieSecure,
maxAge: Number(process.env.SESSION_MAX_AGE ?? 1000 * 60 * 60 * 24 * 7),
},
}),