|
|
|
@ -202,6 +202,7 @@ module.exports.startPlatform = async (dtp) => {
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports.startWebServer = async (dtp) => {
|
|
|
|
|
const IS_PRODUCTION = (process.env.NODE_ENV === 'production');
|
|
|
|
|
dtp.app = module.app = express();
|
|
|
|
|
|
|
|
|
|
module.app.set('views', path.join(dtp.config.root, 'app', 'views'));
|
|
|
|
@ -288,6 +289,7 @@ module.exports.startWebServer = async (dtp) => {
|
|
|
|
|
/*
|
|
|
|
|
* Express sessions
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
module.log.info('initializing redis session store');
|
|
|
|
|
var sessionStore = new RedisSessionStore({ client: module.redis });
|
|
|
|
|
|
|
|
|
@ -296,19 +298,28 @@ module.exports.startWebServer = async (dtp) => {
|
|
|
|
|
name: `dtp:${process.env.DTP_SITE_DOMAIN_KEY}.${process.env.NODE_ENV}`,
|
|
|
|
|
secret: process.env.HTTP_SESSION_SECRET,
|
|
|
|
|
resave: true,
|
|
|
|
|
proxy: IS_PRODUCTION,
|
|
|
|
|
saveUninitialized: true,
|
|
|
|
|
cookie: {
|
|
|
|
|
domain: process.env.DTP_SITE_DOMAIN,
|
|
|
|
|
domain: process.env.DTP_SITE_DOMAIN_KEY,
|
|
|
|
|
path: '/',
|
|
|
|
|
httpOnly: true,
|
|
|
|
|
secure: process.env.HTTP_COOKIE_SECURE === 'enabled',
|
|
|
|
|
secure: true,
|
|
|
|
|
sameSite: process.env.HTTP_COOKIE_SAMESITE || false,
|
|
|
|
|
expires: SESSION_DURATION,
|
|
|
|
|
},
|
|
|
|
|
store: null,
|
|
|
|
|
};
|
|
|
|
|
module.log.info('configuring session handler', {
|
|
|
|
|
domain: module.sessionConfig.cookie.domain,
|
|
|
|
|
httpOnly: module.sessionConfig.cookie.httpOnly,
|
|
|
|
|
secure: module.sessionConfig.cookie.secure,
|
|
|
|
|
sameSite: module.sessionConfig.cookie.sameSite,
|
|
|
|
|
expires: module.sessionConfig.cookie.expires,
|
|
|
|
|
});
|
|
|
|
|
module.sessionConfig.store = sessionStore;
|
|
|
|
|
if (process.env.NODE_ENV === 'production') {
|
|
|
|
|
if (IS_PRODUCTION && module.sessionConfig.cookie.secure) {
|
|
|
|
|
module.log.info('session will be trusting first proxy');
|
|
|
|
|
module.app.set('trust proxy', 1);
|
|
|
|
|
}
|
|
|
|
|
module.app.use(session(module.sessionConfig));
|
|
|
|
|