From 85578611a587c254ac471c01964ca40b5da8cd1f Mon Sep 17 00:00:00 2001 From: Evert Prants Date: Sun, 16 Jun 2019 13:12:40 +0300 Subject: [PATCH] fixes --- src/server.js | 4 +++- src/user.js | 8 ++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/src/server.js b/src/server.js index 86c7a10..57f0cdf 100644 --- a/src/server.js +++ b/src/server.js @@ -33,6 +33,8 @@ if (dev) { app.use(morgan('dev')) } +app.set('trust proxy', 1) + const router = express.Router() const sortfields = ['id', 'track', 'artist', 'title', 'album', 'year', 'file'] @@ -46,7 +48,7 @@ app.use(session({ resave: false, saveUninitialized: true, cookie: { - secure: process.env.NODE_ENV !== 'development', + secure: !dev, maxAge: 2678400000 // 1 month } })) diff --git a/src/user.js b/src/user.js index d8bf369..ec399fa 100644 --- a/src/user.js +++ b/src/user.js @@ -94,12 +94,8 @@ export function user (dbPromise, oauth, registrations) { }) router.get('/login/oauth', async (req, res) => { - let state - if (req.session && req.session.oauthState) { - state = req.session.oauthState - } else { - req.session.oauthState = crypto.randomBytes(16).toString('hex') - } + let state = crypto.randomBytes(16).toString('hex') + req.session.oauthState = state return res.redirect(oauth2.getAuthorizeUrl({ 'redirect_uri': oauth.redirectUri,