Session: secret généré auto

Geoffrey PREUD'HOMME
1 parent c726d602
Showing 3 changed files with 11 additions and 6 deletions Show diff stats
Makefile
app/routes/ApiRtes.js
server.js
+all: config/ci_com_pub.pem config/session_secret
+
 config/ci_com_pub.pem: config/ci_com.pem
 	openssl rsa -pubout -in $< -out $@
 	chmod 777 $@
@@ -5,3 +7,6 @@ config/ci_com_pub.pem: config/ci_com.pem
 config/ci_com.pem:
 	openssl genrsa -out $@ 1024
 	chmod 700 $@
+
+config/session_secret:
+	cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 > $@
@@ -3,8 +3,10 @@ var PolyUserServ = require(&#39;../services/PolyUserServ&#39;);
 var DecryptServ = require('../services/DecryptServ');
 var ConvsServ = require('../services/ConvsServ');
 var MessServ = require('../services/MessServ');
+var fs = require('fs');
 var express = require('express');
-session = require('express-session');
+var session = require('express-session');
+var MongoStore = require('connect-mongo')(session);
  
 var api = express();
  
@@ -98,7 +100,9 @@ api.use(session({
     name: 'membreCool',
     resave: false,
     saveUninitialized: true,
-    secret: "Le Club Info c'est cool" // TODO Vrai secret https://gist.github.com/earthgecko/3089509
+    secret: fs.readFileSync('config/session_secret', {
+        encoding: 'UTF8'
+    })
 }));
  
 api.get('/session', function (req, res) { // Informations sur la session
@@ -2,7 +2,6 @@
 var express = require('express');
 var mongoose = require('mongoose');
 var bodyParser = require('body-parser');
-var cookieParser = require('cookie-parser');
  
 // Application ================================================================
  
@@ -20,9 +19,6 @@ app.use(bodyParser.urlencoded({
     extended: true
 }));
  
-// Cookie-parser
-app.use(cookieParser());
-
 // Routes
 require('./app/routes')(app);