Harden local/prod cookie policy and Mongo connection settings

2026-02-20 19:25:21 -05:00
parent c136d25974
commit ea864b27d4
3 changed files with 33 additions and 8 deletions
--- a/config/cookiesOptions.js
+++ b/config/cookiesOptions.js
@@ -1,8 +1,12 @@
+const isProduction = process.env.NODE_ENV === "production";
+const forceSecureCookie = process.env.COOKIE_SECURE === "true";
+const secure = forceSecureCookie || isProduction;
+
 const cookiesOptions = {
-    maxAge: 1000 * 60 * 60 * 24 * 90, // would expire after 30 days
+    maxAge: 1000 * 60 * 60 * 24 * 90, // would expire after 90 days
    httpOnly: true, // The cookie only accessible by the web server
-    sameSite: 'none', // This and secure are required for properly 
-    secure: true,     // manage cockies in cros-domain
+    sameSite: secure ? 'none' : 'lax',
+    secure,
 };

-module.exports = { cookiesOptions };
+module.exports = { cookiesOptions };
--- a/config/corsOptions.js
+++ b/config/corsOptions.js
@@ -1,6 +1,10 @@
 var corsOptions = {
    origin: [
        'http://localhost:8080', 
+        'http://localhost:8081',
+        'http://127.0.0.1:3000',
+        'http://127.0.0.1:8080',
+        'http://127.0.0.1:8081',
        'http://localhost:3000', 
        "https://social.emmint.com",  
        "https://fellowship.emmint.com",
@@ -9,4 +13,4 @@ var corsOptions = {
    credentials: true
 };

-module.exports = { corsOptions };
+module.exports = { corsOptions };
--- a/mongoDB.js
+++ b/mongoDB.js
@@ -11,15 +11,32 @@ const paymentDB = require("./dbTools/payments.js");
 const songsDB = require("./dbTools/songs.js");

 console.log("Connecting to MongoDB...");
+const nodeMajorVersion = parseInt((process.versions.node || "0").split(".")[0], 10);
+if (nodeMajorVersion >= 22) {
+    console.warn("Warning: mongodb@3.x is not fully tested on Node.js 22+. Prefer Node.js 20 LTS for local stability.");
+}
+
+const mongoConnectOptions = {
+    useNewUrlParser: true,
+    useUnifiedTopology: true,
+    serverSelectionTimeoutMS: 10000,
+    connectTimeoutMS: 10000,
+    socketTimeoutMS: 45000,
+    keepAlive: true,
+};

 const getDB = new Promise((resolve, reject) => {
    const DB = {ObjectID: mongo.ObjectID};
-    MongoClient.connect(mongoUrl, function(err, db) {
+    MongoClient.connect(mongoUrl, mongoConnectOptions, function(err, db) {
        if (err) return reject(err);
    
        console.log("Connected to DB!");
        DB.db = db;
        DB.ObjectID = ObjectID;
+
+        DB.db.on("close", () => console.error("MongoDB connection closed"));
+        DB.db.on("reconnect", () => console.log("MongoDB reconnected"));
+        DB.db.on("error", (error) => console.error("MongoDB connection error", error));
        
        DB.usersCol = db.db(DBName).collection("users");
        DB.tokensCol = db.db(DBName).collection("tokens");
@@ -31,7 +48,7 @@ const getDB = new Promise((resolve, reject) => {
            const doc = await DB.tokensCol.findOne({"_id":temp_id});
            if(doc && doc.uid == user_sid){
                const userMongoId = new mongo.ObjectID(user_sid);
-                const userInfo = await DB.usersCol.findOne({"_id": userMongoId}, {fields: {password: 0}});
+                const userInfo = await DB.usersCol.findOne({"_id": userMongoId}, {projection: {password: 0}});
                return userInfo;
            }
            return false;
@@ -126,4 +143,4 @@ const getDB = new Promise((resolve, reject) => {
    });
 });

-exports.getDB = getDB;
+exports.getDB = getDB;