diff --git a/app/services/user.js b/app/services/user.js index d697f0f..9dbed90 100644 --- a/app/services/user.js +++ b/app/services/user.js @@ -368,7 +368,7 @@ class UserService extends SiteService { async handleLocalLogin (username, password, done) { const now = new Date(); - this.log.info('handleLocalLogin', { username, password }); + this.log.info('handleLocalLogin', { username }); try { const user = await this.authenticate({ username, password }, { adminRequired: false }); await this.startUserSession(user, now); diff --git a/app/views/layouts/main.pug b/app/views/layouts/main.pug index a41430a..b344cac 100644 --- a/app/views/layouts/main.pug +++ b/app/views/layouts/main.pug @@ -89,6 +89,9 @@ html(lang='en') script(src=`/numeral/numeral.min.js?v=${pkg.version}`) script(src=`/socket.io/socket.io.js?v=${pkg.version}`) + if process.env.NODE_ENV !== 'production' + script(src="https://localhost:3310/browser-sync/browser-sync-client.js?v=2.27.7") + block vendorjs script. diff --git a/gulpfile.js b/gulpfile.js index be82b33..77fec65 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -31,7 +31,7 @@ function util_start_browsersync ( ) { key: path.join(__dirname, 'ssl', 'dtp-sites.key'), cert: path.join(__dirname, 'ssl', 'dtp-sites.crt'), }, - port: 3320, + port: 3420, cors: true, ui: { port: 3620, diff --git a/lib/site-platform.js b/lib/site-platform.js index d0e4ff8..63e0a9b 100644 --- a/lib/site-platform.js +++ b/lib/site-platform.js @@ -203,6 +203,7 @@ module.exports.startPlatform = async (dtp) => { module.exports.startWebServer = async (dtp) => { const { page: pageService } = module.services; + const IS_PRODUCTION = (process.env.NODE_ENV === 'production'); dtp.app = module.app = express(); @@ -290,6 +291,7 @@ module.exports.startWebServer = async (dtp) => { /* * Express sessions */ + module.log.info('initializing redis session store'); var sessionStore = new RedisSessionStore({ client: module.redis }); @@ -298,19 +300,28 @@ module.exports.startWebServer = async (dtp) => { name: `dtp:${process.env.DTP_SITE_DOMAIN_KEY}.${process.env.NODE_ENV}`, secret: process.env.HTTP_SESSION_SECRET, resave: true, + proxy: IS_PRODUCTION, saveUninitialized: true, cookie: { - domain: process.env.DTP_SITE_DOMAIN, + domain: process.env.DTP_SITE_DOMAIN_KEY, path: '/', httpOnly: true, - secure: process.env.HTTP_COOKIE_SECURE === 'enabled', + secure: true, sameSite: process.env.HTTP_COOKIE_SAMESITE || false, expires: SESSION_DURATION, }, store: null, }; + module.log.info('configuring session handler', { + domain: module.sessionConfig.cookie.domain, + httpOnly: module.sessionConfig.cookie.httpOnly, + secure: module.sessionConfig.cookie.secure, + sameSite: module.sessionConfig.cookie.sameSite, + expires: module.sessionConfig.cookie.expires, + }); module.sessionConfig.store = sessionStore; - if (process.env.NODE_ENV === 'production') { + if (IS_PRODUCTION && module.sessionConfig.cookie.secure) { + module.log.info('session will be trusting first proxy'); module.app.set('trust proxy', 1); } module.app.use(session(module.sessionConfig)); diff --git a/ssl/mkcert b/ssl/mkcert index ebab78a..f02294c 100755 --- a/ssl/mkcert +++ b/ssl/mkcert @@ -1,7 +1,9 @@ #!/bin/bash +rm -f *crt *key + openssl genrsa -out dtp-sites.key openssl req -new -out dtp-sites.csr -key dtp-sites.key -config openssl.cnf openssl x509 -req -days 3650 -in dtp-sites.csr -signkey dtp-sites.key -out dtp-sites.crt -extensions v3_req -extfile openssl.cnf -rm dtp-sites.csr +rm dtp-sites.csr \ No newline at end of file diff --git a/ssl/openssl.cnf b/ssl/openssl.cnf index 0b1f29d..d45f2ae 100644 --- a/ssl/openssl.cnf +++ b/ssl/openssl.cnf @@ -14,7 +14,7 @@ organizationalUnitName_default = DTP Technologies, LLC commonName = dev.sites.digitaltelepresence.com commonName_max = 64 -[ v3_req ] +[v3_req] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment