adolforeyna/EMI-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden local/prod cookie policy and Mongo connection settings

Browse Source
This commit is contained in:
Adolfo Reyna
2026-02-20 19:25:21 -05:00
parent c136d25974
commit ea864b27d4
3 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/cookiesOptions.js
View File

@@ -1,8 +1,12 @@
const isProduction = process.env.NODE_ENV === "production";
const forceSecureCookie = process.env.COOKIE_SECURE === "true";
const secure = forceSecureCookie || isProduction;
const cookiesOptions = { const cookiesOptions = {
maxAge: 1000 * 60 * 60 * 24 * 90, // would expire after 30 days maxAge: 1000 * 60 * 60 * 24 * 90, // would expire after 90 days
httpOnly: true, // The cookie only accessible by the web server httpOnly: true, // The cookie only accessible by the web server
sameSite: 'none', // This and secure are required for properly sameSite: secure ? 'none' : 'lax',
secure: true, // manage cockies in cros-domain secure,
}; };
module.exports = { cookiesOptions }; module.exports = { cookiesOptions };

4
config/corsOptions.js
View File

@@ -1,6 +1,10 @@
var corsOptions = { var corsOptions = {
origin: [ origin: [
'http://localhost:8080', 'http://localhost:8080',
'http://localhost:8081',
'http://127.0.0.1:3000',
'http://127.0.0.1:8080',
'http://127.0.0.1:8081',
'http://localhost:3000', 'http://localhost:3000',
"https://social.emmint.com", "https://social.emmint.com",
"https://fellowship.emmint.com", "https://fellowship.emmint.com",

21
mongoDB.js
View File

@@ -11,16 +11,33 @@ const paymentDB = require("./dbTools/payments.js");
const songsDB = require("./dbTools/songs.js"); const songsDB = require("./dbTools/songs.js");
console.log("Connecting to MongoDB..."); console.log("Connecting to MongoDB...");
const nodeMajorVersion = parseInt((process.versions.node || "0").split(".")[0], 10);
if (nodeMajorVersion >= 22) {
console.warn("Warning: mongodb@3.x is not fully tested on Node.js 22+. Prefer Node.js 20 LTS for local stability.");
}
const mongoConnectOptions = {
useNewUrlParser: true,
useUnifiedTopology: true,
serverSelectionTimeoutMS: 10000,
connectTimeoutMS: 10000,
socketTimeoutMS: 45000,
keepAlive: true,
};
const getDB = new Promise((resolve, reject) => { const getDB = new Promise((resolve, reject) => {
const DB = {ObjectID: mongo.ObjectID}; const DB = {ObjectID: mongo.ObjectID};
MongoClient.connect(mongoUrl, function(err, db) { MongoClient.connect(mongoUrl, mongoConnectOptions, function(err, db) {
if (err) return reject(err); if (err) return reject(err);
console.log("Connected to DB!"); console.log("Connected to DB!");
DB.db = db; DB.db = db;
DB.ObjectID = ObjectID; DB.ObjectID = ObjectID;
DB.db.on("close", () => console.error("MongoDB connection closed"));
DB.db.on("reconnect", () => console.log("MongoDB reconnected"));
DB.db.on("error", (error) => console.error("MongoDB connection error", error));
DB.usersCol = db.db(DBName).collection("users"); DB.usersCol = db.db(DBName).collection("users");
DB.tokensCol = db.db(DBName).collection("tokens"); DB.tokensCol = db.db(DBName).collection("tokens");
DB.invitationCol = db.db(DBName).collection("invitation"); DB.invitationCol = db.db(DBName).collection("invitation");
@@ -31,7 +48,7 @@ const getDB = new Promise((resolve, reject) => {
const doc = await DB.tokensCol.findOne({"_id":temp_id}); const doc = await DB.tokensCol.findOne({"_id":temp_id});
if(doc && doc.uid == user_sid){ if(doc && doc.uid == user_sid){
const userMongoId = new mongo.ObjectID(user_sid); const userMongoId = new mongo.ObjectID(user_sid);
const userInfo = await DB.usersCol.findOne({"_id": userMongoId}, {fields: {password: 0}}); const userInfo = await DB.usersCol.findOne({"_id": userMongoId}, {projection: {password: 0}});
return userInfo; return userInfo;
} }
return false; return false;