Index: ckend/.env.example =================================================================== --- backend/.env.example (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,8 +1,0 @@ -# Database Configuration -# Copy this file to .env and fill in your actual database credentials - -DB_USER=your_database_user -DB_HOST=localhost -DB_NAME=your_database_name -DB_PASSWORD=your_database_password -DB_PORT=9999 Index: ckend/README_ENV.md =================================================================== --- backend/README_ENV.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,51 +1,0 @@ -# Environment Variables Setup - -This project uses environment variables to store sensitive database credentials securely. - -## Setup Instructions - -1. **Copy the example environment file:** - ```bash - cp .env.example .env - ``` - -2. **Edit the `.env` file with your actual database credentials:** - ```bash - nano .env - ``` - -3. **Fill in your database information:** - ``` - DB_USER=your_database_user - DB_HOST=localhost - DB_NAME=your_database_name - DB_PASSWORD=your_database_password - DB_PORT=9999 - ``` - -## Security Notes - -- ✅ The `.env` file is included in `.gitignore` and will NOT be committed to git -- ✅ The `.env.example` file shows the required variables without sensitive data -- ✅ Database credentials are no longer hardcoded in the source code - -## Available Environment Variables - -| Variable | Description | Example | -|----------|-------------|---------| -| `DB_USER` | Database username | `db_202425z_va_prj_carzone_owner` | -| `DB_HOST` | Database host | `localhost` | -| `DB_NAME` | Database name | `db_202425z_va_prj_carzone` | -| `DB_PASSWORD` | Database password | `your_secure_password` | -| `DB_PORT` | Database port | `9999` | - -## Running the Application - -After setting up your `.env` file, start the application as usual: - -```bash -npm install -node index.js -``` - -The application will automatically load the environment variables from the `.env` file. Index: backend/connectionModel.js =================================================================== --- backend/connectionModel.js (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ backend/connectionModel.js (revision 777b34dd0a3a984ac4252a7fea43c817042047b5) @@ -1,11 +1,19 @@ -require('dotenv').config(); const Pool = require("pg").Pool; +const pool = new Pool({ + // Connect to local postgre server -const pool = new Pool({ - user: process.env.DB_USER, - host: process.env.DB_HOST, - database: process.env.DB_NAME, - password: process.env.DB_PASSWORD, - port: process.env.DB_PORT, + /* user: "postgres", + host: "localhost", + database: "postgres", + password: "3533", + port: 5432, */ + + //Connect to live finki postgre server + + user: "db_202324z_va_prj_carzone_owner", + host: "localhost", + database: "db_202324z_va_prj_carzone", + password: "673f77a552e6", + port: 9999, }); @@ -15,5 +23,5 @@ return await new Promise(function (resolve, reject) { pool.query( - "SELECT vin, make, model, p_year, color, price, tax_nr, capacity, power, body FROM vehicle WHERE status = true ORDER BY p_year DESC, make, model", + "SELECT * from vehicle as v where v.status=true", (error, results) => { if (error) { @@ -22,7 +30,7 @@ if (results && results.rows) { resolve(results.rows); - console.log(`Retrieved ${results.rows.length} available vehicles`); + console.log(results.rows) } else { - resolve([]); + reject(new Error("No results found")); } } @@ -33,13 +41,14 @@ throw new Error("Internal server error"); } + }; // Get My vehicles -const getMyVehicles = async (taxNr) => { +const getMyVehicles = async () => { try { return await new Promise(function (resolve, reject) { pool.query( - "SELECT vin, make, model, p_year, color, price, capacity, power, body, status FROM vehicle WHERE tax_nr = $1 ORDER BY status DESC, p_year DESC, make, model", - [taxNr], + "SELECT * from vehicle where tax_nr=$1", + ["BM15153"], (error, results) => { if (error) { @@ -48,7 +57,6 @@ if (results && results.rows) { resolve(results.rows); - console.log(`Retrieved ${results.rows.length} vehicles for dealership ${taxNr}`); } else { - resolve([]); + reject(new Error("No results found")); } } @@ -128,197 +136,5 @@ }; -// Register new dealership -const registerDealership = async (body) => { - return new Promise(function (resolve, reject) { - const { tax_nr, d_name, brands, email, pass, director, telephones, addres } = body; - - console.log('Registering dealership with data:', { tax_nr, d_name, brands, telephones }); - - // Use a client for transaction - pool.connect((err, client, done) => { - if (err) { - console.error('Error getting client from pool:', err); - reject(err); - return; - } - - client.query('BEGIN', (beginError) => { - if (beginError) { - console.error('Begin transaction error:', beginError); - done(); - reject(beginError); - return; - } - - // Insert dealership without brands and telephones - client.query( - "INSERT INTO dealership (Tax_Nr, D_Name, Email, Pass, Director, Addres) values ($1, $2, $3, $4, $5, $6) RETURNING *", - [tax_nr, d_name, email, pass, director, addres], - (error, results) => { - if (error) { - console.error('Dealership insert error:', error); - client.query('ROLLBACK', () => { - done(); - }); - reject(error); - return; - } - - if (results && results.rows) { - console.log('Dealership inserted successfully'); - - // Insert brands if provided - if (brands && brands.length > 0) { - console.log('Inserting brands:', brands); - const brandInserts = brands.map(brand => { - return new Promise((resolveBrand, rejectBrand) => { - client.query( - "INSERT INTO dealership_brands (dealership_tax_nr, brand_name) VALUES ($1, $2)", - [tax_nr, brand.trim()], - (brandError) => { - if (brandError) { - console.error('Brand insert error:', brandError); - rejectBrand(brandError); - } else { - resolveBrand(); - } - } - ); - }); - }); - - Promise.all(brandInserts) - .then(() => { - console.log('All brands inserted successfully'); - // Insert telephones if provided - if (telephones && telephones.length > 0) { - console.log('Inserting telephones:', telephones); - const phoneInserts = telephones.map(phone => { - return new Promise((resolvePhone, rejectPhone) => { - client.query( - "INSERT INTO dealership_telephones (dealership_tax_nr, phone_number) VALUES ($1, $2)", - [tax_nr, phone.trim()], - (phoneError) => { - if (phoneError) { - console.error('Phone insert error:', phoneError); - rejectPhone(phoneError); - } else { - resolvePhone(); - } - } - ); - }); - }); - - Promise.all(phoneInserts) - .then(() => { - console.log('All telephones inserted successfully'); - client.query('COMMIT', (commitError) => { - done(); - if (commitError) { - console.error('Commit error:', commitError); - reject(commitError); - } else { - console.log('Transaction committed successfully'); - resolve(`Dealership account was created.`); - } - }); - }) - .catch((phoneError) => { - console.error('Phone insertion failed:', phoneError); - client.query('ROLLBACK', () => { - done(); - }); - reject(phoneError); - }); - } else { - client.query('COMMIT', (commitError) => { - done(); - if (commitError) { - console.error('Commit error:', commitError); - reject(commitError); - } else { - console.log('Transaction committed successfully (no phones)'); - resolve(`Dealership account was created.`); - } - }); - } - }) - .catch((brandError) => { - console.error('Brand insertion failed:', brandError); - client.query('ROLLBACK', () => { - done(); - }); - reject(brandError); - }); - } else { - // No brands, just insert telephones if provided - if (telephones && telephones.length > 0) { - console.log('Inserting telephones (no brands):', telephones); - const phoneInserts = telephones.map(phone => { - return new Promise((resolvePhone, rejectPhone) => { - client.query( - "INSERT INTO dealership_telephones (dealership_tax_nr, phone_number) VALUES ($1, $2)", - [tax_nr, phone.trim()], - (phoneError) => { - if (phoneError) { - console.error('Phone insert error:', phoneError); - rejectPhone(phoneError); - } else { - resolvePhone(); - } - } - ); - }); - }); - - Promise.all(phoneInserts) - .then(() => { - console.log('All telephones inserted successfully (no brands)'); - client.query('COMMIT', (commitError) => { - done(); - if (commitError) { - console.error('Commit error:', commitError); - reject(commitError); - } else { - console.log('Transaction committed successfully (no brands)'); - resolve(`Dealership account was created.`); - } - }); - }) - .catch((phoneError) => { - console.error('Phone insertion failed (no brands):', phoneError); - client.query('ROLLBACK', () => { - done(); - }); - reject(phoneError); - }); - } else { - client.query('COMMIT', (commitError) => { - done(); - if (commitError) { - console.error('Commit error:', commitError); - reject(commitError); - } else { - console.log('Transaction committed successfully (no brands or phones)'); - resolve(`Dealership account was created.`); - } - }); - } - } - } else { - client.query('ROLLBACK', () => { - done(); - }); - reject(new Error("Not able to make new dealership account.")); - } - } - ); - }); - }); - }); -}; - -// Get single agreement by VIN +// Get single agreement const getAgreement = async (slug) => { console.log(slug); @@ -326,660 +142,7 @@ return await new Promise(function (resolve, reject) { pool.query( - `SELECT a.*, v.make, v.model, v.p_year, v.color, - c.c_name, c.embg, d.d_name - FROM agreement a - JOIN vehicle v ON a.vin = v.vin - JOIN client c ON a.embg = c.embg - JOIN dealership d ON a.tax_nr = d.tax_nr - WHERE a.vin = $1`, + "SELECT * from agreement as a where a.vin=$1", [slug], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows); - } else { - reject(new Error("No results found")); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; -// Get single agreement by agreement ID -const getAgreementById = async (agreementId) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT a.*, v.make, v.model, v.p_year, v.color, - c.c_name, c.embg, d.d_name - FROM agreement a - JOIN vehicle v ON a.vin = v.vin - JOIN client c ON a.embg = c.embg - JOIN dealership d ON a.tax_nr = d.tax_nr - WHERE a.a_id = $1`, - [agreementId], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows && results.rows.length > 0) { - resolve(results.rows[0]); - } else { - resolve(null); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get all agreements with payment status for a dealership -const getDealershipAgreementsWithPaymentStatus = async (taxNr) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT a.a_id, a.price, a.status, a.datum, a.vin, a.embg, a.tax_nr, - v.make, v.model, v.p_year, v.color, - c.c_name, c.embg, d.d_name, - CASE WHEN p.p_id IS NOT NULL THEN true ELSE false END as payment_exists, - p.p_id, p.amount as payment_amount, p.bank, p.iban - FROM agreement a - JOIN vehicle v ON a.vin = v.vin - JOIN client c ON a.embg = c.embg - JOIN dealership d ON a.tax_nr = d.tax_nr - LEFT JOIN payment p ON a.a_id = p.a_id - WHERE a.tax_nr = $1 - ORDER BY a.datum DESC`, - [taxNr], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows); - console.log(`Retrieved ${results.rows.length} agreements for dealership ${taxNr}`); - } else { - resolve([]); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Delete a vehicle -const deleteVehicle = async (vin, taxNr) => { - try { - return await new Promise(function (resolve, reject) { - // First check if the vehicle belongs to the dealership and is not sold - pool.query( - `SELECT vin, status FROM vehicle WHERE vin = $1 AND tax_nr = $2`, - [vin, taxNr], - (error, results) => { - if (error) { - reject(error); - return; - } - - if (!results.rows || results.rows.length === 0) { - reject(new Error("Vehicle not found or you don't have permission to delete it")); - return; - } - - const vehicle = results.rows[0]; - if (vehicle.status === false) { - reject(new Error("Cannot delete sold vehicles")); - return; - } - - // Delete the vehicle - pool.query( - `DELETE FROM vehicle WHERE vin = $1 AND tax_nr = $2`, - [vin, taxNr], - (deleteError, deleteResults) => { - if (deleteError) { - reject(deleteError); - } else { - resolve({ success: true, message: "Vehicle deleted successfully" }); - } - } - ); - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Login dealership -const loginDealership = async (email, password) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT * FROM dealership WHERE email = $1 AND pass = $2", - [email, password], - (error, results) => { - if (error) { - reject(error); - return; - } - if (results && results.rows && results.rows.length > 0) { - const dealership = results.rows[0]; - resolve(dealership); - } else { - resolve(null); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Login client -const loginClient = async (email, password) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT embg, c_name, email, pass, telephone FROM client WHERE email = $1 AND pass = $2", - [email, password], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows && results.rows.length > 0) { - resolve(results.rows[0]); - } else { - resolve(null); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Create agreement -const createAgreement = async (body) => { - return new Promise(function (resolve, reject) { - const { - A_Id, - Price, - Status, - Datum, - VIN, - EMBG, - Tax_Nr - } = body; - - pool.query( - "INSERT INTO agreement (A_Id, Price, Status, Datum, Tax_Nr, VIN, EMBG) VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING *", - [A_Id, Price, Status, Datum, Tax_Nr, VIN, EMBG], - (error, results) => { - if (error) { - reject(new Error("Not able to create agreement.")); - } - if (results && results.rows) { - // Update vehicle status to sold - pool.query( - "UPDATE vehicle SET status = false WHERE vin = $1", - [VIN], - (updateError, updateResults) => { - if (updateError) { - console.error("Error updating vehicle status:", updateError); - } - } - ); - resolve(`Agreement created successfully.`); - } else { - reject(new Error("Not able to create agreement.")); - } - } - ); - }); -}; - -// Get client agreements -const getClientAgreements = async (embg) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT a.a_id, a.price, a.status, a.datum, a.vin, a.embg, a.tax_nr, - v.make, v.model, v.p_year, v.color, v.price as vehicle_price, - d.d_name as dealership_name, - CASE WHEN p.p_id IS NOT NULL THEN true ELSE false END as payment_exists - FROM agreement a - JOIN vehicle v ON a.vin = v.vin - JOIN dealership d ON a.tax_nr = d.tax_nr - LEFT JOIN payment p ON a.a_id = p.a_id - WHERE a.embg = $1 - ORDER BY a.datum DESC`, - [embg], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows); - console.log(`Retrieved ${results.rows.length} agreements for client ${embg}`); - } else { - resolve([]); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Create payment -const createPayment = async (body) => { - return new Promise(function (resolve, reject) { - const { - Bank, - IBAN, - Amount, - A_Id, - EMBG - } = body; - - pool.query( - "INSERT INTO payment (Bank, IBAN, Amount, EMBG, A_Id) VALUES ($1, $2, $3, $4, $5) RETURNING *", - [Bank, IBAN, Amount, EMBG, A_Id], - (error, results) => { - if (error) { - reject(new Error("Not able to create payment.")); - } - if (results && results.rows) { - resolve(`Payment created successfully.`); - } else { - reject(new Error("Not able to create payment.")); - } - } - ); - }); -}; - -// Check if agreement has payment -const checkAgreementPayment = async (aId) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT * FROM payment WHERE a_id = $1", - [aId], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows && results.rows.length > 0) { - resolve(true); - } else { - resolve(false); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get payment details for an agreement -const getPaymentDetails = async (aId) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT p.*, a.price as agreement_price, a.datum as agreement_date, - v.vin, v.make, v.model, v.p_year, v.color, - d.d_name as dealership_name, - c.c_name as client_name - FROM payment p - JOIN agreement a ON p.a_id = a.a_id - JOIN vehicle v ON a.vin = v.vin - JOIN dealership d ON a.tax_nr = d.tax_nr - JOIN client c ON a.embg = c.embg - WHERE p.a_id = $1`, - [aId], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows && results.rows.length > 0) { - resolve(results.rows[0]); - } else { - resolve(null); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get payment details by VIN -const getPaymentDetailsByVin = async (vin) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT p.*, a.price as agreement_price, a.datum as agreement_date, - v.vin, v.make, v.model, v.p_year, v.color, - d.d_name as dealership_name, - c.c_name as client_name - FROM payment p - JOIN agreement a ON p.a_id = a.a_id - JOIN vehicle v ON a.vin = v.vin - JOIN dealership d ON a.tax_nr = d.tax_nr - JOIN client c ON a.embg = c.embg - WHERE v.vin = $1`, - [vin], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows && results.rows.length > 0) { - resolve(results.rows[0]); - } else { - resolve(null); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get payments for a dealership (all payments for their agreements) -const getDealershipPayments = async (taxNr) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT p.*, a.price as agreement_price, a.datum as agreement_date, - v.make, v.model, v.p_year, v.color, - c.c_name as client_name, c.embg as client_embg - FROM payment p - JOIN agreement a ON p.a_id = a.a_id - JOIN vehicle v ON a.vin = v.vin - JOIN client c ON a.embg = c.embg - WHERE a.tax_nr = $1 - ORDER BY p.p_id DESC`, - [taxNr], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows); - } else { - reject(new Error("No results found")); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get all agreements for a dealership -const getDealershipAgreements = async (taxNr) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - `SELECT a.*, v.make, v.model, v.p_year, v.color, - c.c_name, c.embg, d.d_name - FROM agreement a - JOIN vehicle v ON a.vin = v.vin - JOIN client c ON a.embg = c.embg - JOIN dealership d ON a.tax_nr = d.tax_nr - WHERE a.tax_nr = $1 - ORDER BY a.datum DESC`, - [taxNr], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows); - } else { - reject(new Error("No results found")); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get dealership brands -const getDealershipBrands = async (taxNr) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT brand_name FROM dealership_brands WHERE dealership_tax_nr = $1", - [taxNr], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows.map(row => row.brand_name)); - } else { - resolve([]); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get dealership telephones -const getDealershipTelephones = async (taxNr) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT phone_number FROM dealership_telephones WHERE dealership_tax_nr = $1", - [taxNr], - (error, results) => { - if (error) { - reject(error); - } - if (results && results.rows) { - resolve(results.rows.map(row => row.phone_number)); - } else { - resolve([]); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get dealership with brands and telephones -const getDealershipWithDetails = async (taxNr) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT * FROM dealership WHERE tax_nr = $1", - [taxNr], - async (error, results) => { - if (error) { - reject(error); - return; - } - if (results && results.rows && results.rows.length > 0) { - const dealership = results.rows[0]; - try { - const brands = await getDealershipBrands(taxNr); - const telephones = await getDealershipTelephones(taxNr); - resolve({ - ...dealership, - brands: brands, - telephones: telephones - }); - } catch (detailError) { - reject(detailError); - } - } else { - resolve(null); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Search vehicles by make, model, year, price range -const searchVehicles = async (searchParams) => { - try { - return await new Promise(function (resolve, reject) { - const { make, model, minYear, maxYear, minPrice, maxPrice, limit = 50 } = searchParams; - - let query = "SELECT vin, make, model, p_year, color, price, tax_nr, capacity, power, body FROM vehicle WHERE status = true"; - const params = []; - let paramCount = 0; - - if (make) { - paramCount++; - query += ` AND make ILIKE $${paramCount}`; - params.push(`%${make}%`); - } - - if (model) { - paramCount++; - query += ` AND model ILIKE $${paramCount}`; - params.push(`%${model}%`); - } - - if (minYear) { - paramCount++; - query += ` AND p_year >= $${paramCount}`; - params.push(minYear); - } - - if (maxYear) { - paramCount++; - query += ` AND p_year <= $${paramCount}`; - params.push(maxYear); - } - - if (minPrice) { - paramCount++; - query += ` AND price >= $${paramCount}`; - params.push(minPrice); - } - - if (maxPrice) { - paramCount++; - query += ` AND price <= $${paramCount}`; - params.push(maxPrice); - } - - query += ` ORDER BY p_year DESC, make, model LIMIT $${paramCount + 1}`; - params.push(limit); - - pool.query(query, params, (error, results) => { - if (error) { - reject(error); - } else { - resolve(results.rows); - console.log(`Search returned ${results.rows.length} vehicles`); - } - }); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get vehicles by price range -const getVehiclesByPriceRange = async (minPrice, maxPrice) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT vin, make, model, p_year, color, price, tax_nr, capacity, power, body FROM vehicle WHERE status = true AND price BETWEEN $1 AND $2 ORDER BY price ASC, p_year DESC", - [minPrice, maxPrice], - (error, results) => { - if (error) { - reject(error); - } else { - resolve(results.rows); - console.log(`Found ${results.rows.length} vehicles in price range ${minPrice}-${maxPrice}`); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get vehicles by year range -const getVehiclesByYearRange = async (minYear, maxYear) => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT vin, make, model, p_year, color, price, tax_nr, capacity, power, body FROM vehicle WHERE status = true AND p_year BETWEEN $1 AND $2 ORDER BY p_year DESC, make, model", - [minYear, maxYear], - (error, results) => { - if (error) { - reject(error); - } else { - resolve(results.rows); - console.log(`Found ${results.rows.length} vehicles in year range ${minYear}-${maxYear}`); - } - } - ); - }); - } catch (error_1) { - console.error(error_1); - throw new Error("Internal server error"); - } -}; - -// Get all dealerships (for debugging) -const getAllDealerships = async () => { - try { - return await new Promise(function (resolve, reject) { - pool.query( - "SELECT tax_nr, d_name, email, pass FROM dealership", (error, results) => { if (error) { @@ -1004,26 +167,5 @@ getMyVehicles, createVehicle, - deleteVehicle, registerUser, - registerDealership, getAgreement, - getAgreementById, - getDealershipAgreementsWithPaymentStatus, - loginDealership, - loginClient, - createAgreement, - getClientAgreements, - createPayment, - checkAgreementPayment, - getPaymentDetails, - getPaymentDetailsByVin, - getDealershipPayments, - getDealershipAgreements, - getAllDealerships, - getDealershipBrands, - getDealershipTelephones, - getDealershipWithDetails, - searchVehicles, - getVehiclesByPriceRange, - getVehiclesByYearRange, }; Index: ckend/cookies.txt =================================================================== --- backend/cookies.txt (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,5 +1,0 @@ -# Netscape HTTP Cookie File -# https://curl.se/docs/http-cookies.html -# This file was generated by libcurl! Edit at your own risk. - -#HttpOnly_localhost FALSE / FALSE 1757646832 connect.sid s%3AifbN6LIWp_gdrmHxv94OSHTPPCVMSEaw.8r0ttx3N4MPd6XhAPCseaMgJzi2UxFx6586yMv22yQU Index: backend/index.js =================================================================== --- backend/index.js (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ backend/index.js (revision 777b34dd0a3a984ac4252a7fea43c817042047b5) @@ -1,21 +1,11 @@ const express = require("express"); var cors = require("cors"); -const session = require("express-session"); const app = express(); const port = 3001; -// Simple in-memory store for sessions -const sessions = {}; - app.use(express.json()); -app.use(session({ - secret: 'carzone-secret-key', - resave: true, - saveUninitialized: true, - cookie: { secure: false, maxAge: 24 * 60 * 60 * 1000 } // 24 hours -})); app.use(function (req, res, next) { - res.setHeader("Access-Control-Allow-Origin", "http://localhost:3000"); + res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader( "Access-Control-Allow-Methods", @@ -26,5 +16,4 @@ "Content-Type, Access-Control-Allow-Headers" ); - res.setHeader("Access-Control-Allow-Credentials", "true"); next(); }); @@ -32,41 +21,4 @@ //connection functions const connection_model = require("./connectionModel"); - -// Simple authentication middleware -const requireAuth = (req, res, next) => { - const sessionId = req.sessionID; - const userSession = sessions[sessionId]; - - if (userSession && userSession.userId && userSession.userType) { - req.user = userSession; - next(); - } else { - res.status(401).json({ error: 'Unauthorized' }); - } -}; - -const requireDealership = (req, res, next) => { - const sessionId = req.sessionID; - const userSession = sessions[sessionId]; - - if (userSession && userSession.userType === 'dealership') { - req.user = userSession; - next(); - } else { - res.status(401).json({ error: 'Unauthorized - Dealership access required' }); - } -}; - -const requireClient = (req, res, next) => { - const sessionId = req.sessionID; - const userSession = sessions[sessionId]; - - if (userSession && userSession.userType === 'client') { - req.user = userSession; - next(); - } else { - res.status(401).json({ error: 'Unauthorized - Client access required' }); - } -}; //Server requests start here @@ -84,89 +36,8 @@ }); -// Authentication endpoints -app.post("/login/dealership", (req, res) => { - const { email, pass } = req.body; - +// For My list +app.get("/mylist", (req, res) => { connection_model - .loginDealership(email, pass) - .then((response) => { - if (response) { - // Store session data in our in-memory store - const sessionId = req.sessionID; - sessions[sessionId] = { - userId: response.tax_nr, - userType: 'dealership', - userName: response.d_name - }; - - res.status(200).json({ success: true, user: response }); - } else { - - res.status(401).json({ success: false, message: 'Invalid credentials' }); - } - }) - .catch((error) => { - res.status(500).json({ success: false, message: 'Server error' }); - }); -}); - -app.post("/login/client", (req, res) => { - const { email, pass } = req.body; - connection_model - .loginClient(email, pass) - .then((response) => { - if (response) { - // Store session data in our in-memory store - const sessionId = req.sessionID; - sessions[sessionId] = { - userId: response.embg, - userType: 'client', - userName: response.c_name - }; - - res.status(200).json({ success: true, user: response }); - } else { - res.status(401).json({ success: false, message: 'Invalid credentials' }); - } - }) - .catch((error) => { - res.status(500).json({ success: false, message: 'Server error' }); - }); -}); - -app.post("/logout", (req, res) => { - const sessionId = req.sessionID; - delete sessions[sessionId]; - req.session.destroy((err) => { - if (err) { - res.status(500).json({ success: false, message: 'Could not log out' }); - } else { - res.status(200).json({ success: true, message: 'Logged out successfully' }); - } - }); -}); - -app.get("/auth/status", (req, res) => { - const sessionId = req.sessionID; - const userSession = sessions[sessionId]; - - if (userSession && userSession.userId && userSession.userType) { - res.status(200).json({ - loggedIn: true, - userId: userSession.userId, - userType: userSession.userType, - userName: userSession.userName - }); - } else { - res.status(200).json({ loggedIn: false }); - } -}); - - - -// For My list - now requires dealership authentication -app.get("/mylist", requireDealership, (req, res) => { - connection_model - .getMyVehicles(req.user.userId) + .getMyVehicles() .then((response) => { res.status(200).send(response); @@ -177,12 +48,8 @@ }); -// Create agreement - requires dealership authentication -app.post("/agreement", requireDealership, (req, res) => { - const agreementData = { - ...req.body, - Tax_Nr: req.user.userId - }; +// Not implemented +/* app.post("/agreement", (req, res) => { connection_model - .createAgreement(agreementData) + .createAgreement(req.body) .then((response) => { res.status(200).send(response); @@ -191,42 +58,10 @@ res.status(500).send(error); }); -}); +}); */ -// Get client agreements - requires client authentication -app.get("/client/agreements", requireClient, (req, res) => { +// For create vehicle POST method +app.post("/createvehicle", (req, res) => { connection_model - .getClientAgreements(req.user.userId) - .then((response) => { - res.status(200).send(response); - }) - .catch((error) => { - res.status(500).send(error); - }); -}); - -// Create payment - requires client authentication -app.post("/payment", requireClient, (req, res) => { - const paymentData = { - ...req.body, - EMBG: req.user.userId - }; - connection_model - .createPayment(paymentData) - .then((response) => { - res.status(200).send(response); - }) - .catch((error) => { - res.status(500).send(error); - }); -}); - -// For create vehicle POST method - requires dealership authentication -app.post("/createvehicle", requireDealership, (req, res) => { - const vehicleData = { - ...req.body, - tax_nr: req.user.userId - }; - connection_model - .createVehicle(vehicleData) + .createVehicle(req.body) .then((response) => { res.status(200).send(response); @@ -249,101 +84,4 @@ }); -// For register new dealership POST -app.post("/registerdealership", (req, res) => { - connection_model - .registerDealership(req.body) - .then((response) => { - res.status(200).send(response); - }) - .catch((error) => { - res.status(500).send(error); - }); -}); - -// Get payment details for an agreement -app.get("/payment/:agreementId", (req, res) => { - const { agreementId } = req.params; - connection_model - .getPaymentDetails(agreementId) - .then((response) => { - if (response) { - res.status(200).json(response); - } else { - res.status(404).json({ error: 'Payment not found' }); - } - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get payment details by VIN -app.get("/payment/vin/:vin", (req, res) => { - const { vin } = req.params; - connection_model - .getPaymentDetailsByVin(vin) - .then((response) => { - if (response) { - res.status(200).json(response); - } else { - res.status(404).json({ error: 'Payment not found' }); - } - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get all payments for a dealership -app.get("/dealership/payments", requireDealership, (req, res) => { - connection_model - .getDealershipPayments(req.user.userId) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get all agreements for a dealership -app.get("/dealership/agreements", requireDealership, (req, res) => { - connection_model - .getDealershipAgreements(req.user.userId) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get all agreements with payment status for a dealership -app.get("/dealership/agreements-with-payments", requireDealership, (req, res) => { - connection_model - .getDealershipAgreementsWithPaymentStatus(req.user.userId) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Delete a vehicle -app.delete("/vehicle/:vin", requireDealership, (req, res) => { - const { vin } = req.params; - const taxNr = req.user.userId; - - connection_model - .deleteVehicle(vin, taxNr) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(400).json({ error: error.message }); - }); -}); - // To get single agreement based on slug passed app.get("/agreement/:slug", (req, res) => { @@ -358,118 +96,4 @@ }); -// Get agreement by agreement ID -app.get("/agreement/id/:agreementId", (req, res) => { - connection_model - .getAgreementById(req.params.agreementId) - .then((response) => { - if (response) { - res.status(200).json(response); - } else { - res.status(404).json({ error: 'Agreement not found' }); - } - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get dealership brands -app.get("/dealership/brands", requireDealership, (req, res) => { - connection_model - .getDealershipBrands(req.user.userId) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get dealership telephones -app.get("/dealership/telephones", requireDealership, (req, res) => { - connection_model - .getDealershipTelephones(req.user.userId) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get dealership with complete details (brands and telephones) -app.get("/dealership/details", requireDealership, (req, res) => { - connection_model - .getDealershipWithDetails(req.user.userId) - .then((response) => { - if (response) { - res.status(200).json(response); - } else { - res.status(404).json({ error: 'Dealership not found' }); - } - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Search vehicles with filters -app.get("/vehicles/search", (req, res) => { - const searchParams = { - make: req.query.make, - model: req.query.model, - minYear: req.query.minYear ? parseInt(req.query.minYear) : null, - maxYear: req.query.maxYear ? parseInt(req.query.maxYear) : null, - minPrice: req.query.minPrice ? parseFloat(req.query.minPrice) : null, - maxPrice: req.query.maxPrice ? parseFloat(req.query.maxPrice) : null, - limit: req.query.limit ? parseInt(req.query.limit) : 50 - }; - - connection_model - .searchVehicles(searchParams) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get vehicles by price range -app.get("/vehicles/price-range", (req, res) => { - const { minPrice, maxPrice } = req.query; - - if (!minPrice || !maxPrice) { - return res.status(400).json({ error: 'minPrice and maxPrice are required' }); - } - - connection_model - .getVehiclesByPriceRange(parseFloat(minPrice), parseFloat(maxPrice)) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - -// Get vehicles by year range -app.get("/vehicles/year-range", (req, res) => { - const { minYear, maxYear } = req.query; - - if (!minYear || !maxYear) { - return res.status(400).json({ error: 'minYear and maxYear are required' }); - } - - connection_model - .getVehiclesByYearRange(parseInt(minYear), parseInt(maxYear)) - .then((response) => { - res.status(200).json(response); - }) - .catch((error) => { - res.status(500).json({ error: error.message }); - }); -}); - app.listen(port, () => { console.log(`App running on port ${port}.`); Index: backend/node_modules/.package-lock.json =================================================================== --- backend/node_modules/.package-lock.json (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ backend/node_modules/.package-lock.json (revision 777b34dd0a3a984ac4252a7fea43c817042047b5) @@ -245,15 +245,4 @@ "node": ">= 0.8", "npm": "1.2.8000 || >= 1.4.16" - } - }, - "node_modules/dotenv": { - "version": "17.2.2", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.2.tgz", - "integrity": "sha512-Sf2LSQP+bOlhKWWyhFsn0UsfdK/kCWRv1iuA2gXAwt3dyNabr6QSj00I2V10pidqz69soatm9ZwZvpQMTIOd5Q==", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://dotenvx.com" } }, @@ -344,35 +333,4 @@ } }, - "node_modules/express-session": { - "version": "1.18.2", - "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.2.tgz", - "integrity": "sha512-SZjssGQC7TzTs9rpPDuUrR23GNZ9+2+IkA/+IJWmvQilTr5OSliEHGF+D9scbIpdC6yGtTI0/VhaHoVes2AN/A==", - "dependencies": { - "cookie": "0.7.2", - "cookie-signature": "1.0.7", - "debug": "2.6.9", - "depd": "~2.0.0", - "on-headers": "~1.1.0", - "parseurl": "~1.3.3", - "safe-buffer": "5.2.1", - "uid-safe": "~2.1.5" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/express-session/node_modules/cookie": { - "version": "0.7.2", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", - "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/express-session/node_modules/cookie-signature": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", - "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==" - }, "node_modules/fill-range": { "version": "7.1.1", @@ -772,12 +730,4 @@ } }, - "node_modules/on-headers": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", - "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", - "engines": { - "node": ">= 0.8" - } - }, "node_modules/packet-reader": { "version": "1.0.0", @@ -958,12 +908,4 @@ "funding": { "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/random-bytes": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", - "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==", - "engines": { - "node": ">= 0.8" } }, @@ -1199,15 +1141,4 @@ } }, - "node_modules/uid-safe": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz", - "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==", - "dependencies": { - "random-bytes": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, "node_modules/undefsafe": { "version": "2.0.5", Index: ckend/node_modules/express-session/HISTORY.md =================================================================== --- backend/node_modules/express-session/HISTORY.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,476 +1,0 @@ -1.18.2 / 2025-07-17 -========== - * deps: mocha@10.8.2 - * deps: on-headers@~1.1.0 - - Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](https://github.com/expressjs/on-headers/security/advisories/GHSA-76c9-3jph-rj3q)) - -1.18.1 / 2024-10-08 -========== - - * deps: cookie@0.7.2 - - Fix object assignment of `hasOwnProperty` - * deps: cookie@0.7.1 - - Allow leading dot for domain - - Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec - - Add fast path for `serialize` without options, use `obj.hasOwnProperty` when parsing - * deps: cookie@0.7.0 - - perf: parse cookies ~10% faster - - fix: narrow the validation of cookies to match RFC6265 - - fix: add `main` to `package.json` for rspack - -1.18.0 / 2024-01-28 -=================== - - * Add debug log for pathname mismatch - * Add `partitioned` to `cookie` options - * Add `priority` to `cookie` options - * Fix handling errors from setting cookie - * Support any type in `secret` that `crypto.createHmac` supports - * deps: cookie@0.6.0 - - Fix `expires` option to reject invalid dates - - perf: improve default decode speed - - perf: remove slow string split in parse - * deps: cookie-signature@1.0.7 - -1.17.3 / 2022-05-11 -=================== - - * Fix resaving already-saved new session at end of request - * deps: cookie@0.4.2 - -1.17.2 / 2021-05-19 -=================== - - * Fix `res.end` patch to always commit headers - * deps: cookie@0.4.1 - * deps: safe-buffer@5.2.1 - -1.17.1 / 2020-04-16 -=================== - - * Fix internal method wrapping error on failed reloads - -1.17.0 / 2019-10-10 -=================== - - * deps: cookie@0.4.0 - - Add `SameSite=None` support - * deps: safe-buffer@5.2.0 - -1.16.2 / 2019-06-12 -=================== - - * Fix restoring `cookie.originalMaxAge` when store returns `Date` - * deps: parseurl@~1.3.3 - -1.16.1 / 2019-04-11 -=================== - - * Fix error passing `data` option to `Cookie` constructor - * Fix uncaught error from bad session data - -1.16.0 / 2019-04-10 -=================== - - * Catch invalid `cookie.maxAge` value earlier - * Deprecate setting `cookie.maxAge` to a `Date` object - * Fix issue where `resave: false` may not save altered sessions - * Remove `utils-merge` dependency - * Use `safe-buffer` for improved Buffer API - * Use `Set-Cookie` as cookie header name for compatibility - * deps: depd@~2.0.0 - - Replace internal `eval` usage with `Function` constructor - - Use instance methods on `process` to check for listeners - - perf: remove argument reassignment - * deps: on-headers@~1.0.2 - - Fix `res.writeHead` patch missing return value - -1.15.6 / 2017-09-26 -=================== - - * deps: debug@2.6.9 - * deps: parseurl@~1.3.2 - - perf: reduce overhead for full URLs - - perf: unroll the "fast-path" `RegExp` - * deps: uid-safe@~2.1.5 - - perf: remove only trailing `=` - * deps: utils-merge@1.0.1 - -1.15.5 / 2017-08-02 -=================== - - * Fix `TypeError` when `req.url` is an empty string - * deps: depd@~1.1.1 - - Remove unnecessary `Buffer` loading - -1.15.4 / 2017-07-18 -=================== - - * deps: debug@2.6.8 - -1.15.3 / 2017-05-17 -=================== - - * deps: debug@2.6.7 - - deps: ms@2.0.0 - -1.15.2 / 2017-03-26 -=================== - - * deps: debug@2.6.3 - - Fix `DEBUG_MAX_ARRAY_LENGTH` - * deps: uid-safe@~2.1.4 - - Remove `base64-url` dependency - -1.15.1 / 2017-02-10 -=================== - - * deps: debug@2.6.1 - - Fix deprecation messages in WebStorm and other editors - - Undeprecate `DEBUG_FD` set to `1` or `2` - -1.15.0 / 2017-01-22 -=================== - - * Fix detecting modified session when session contains "cookie" property - * Fix resaving already-saved reloaded session at end of request - * deps: crc@3.4.4 - - perf: use `Buffer.from` when available - * deps: debug@2.6.0 - - Allow colors in workers - - Deprecated `DEBUG_FD` environment variable - - Use same color for same namespace - - Fix error when running under React Native - - deps: ms@0.7.2 - * perf: remove unreachable branch in set-cookie method - -1.14.2 / 2016-10-30 -=================== - - * deps: crc@3.4.1 - - Fix deprecation warning in Node.js 7.x - * deps: uid-safe@~2.1.3 - - deps: base64-url@1.3.3 - -1.14.1 / 2016-08-24 -=================== - - * Fix not always resetting session max age before session save - * Fix the cookie `sameSite` option to actually alter the `Set-Cookie` - * deps: uid-safe@~2.1.2 - - deps: base64-url@1.3.2 - -1.14.0 / 2016-07-01 -=================== - - * Correctly inherit from `EventEmitter` class in `Store` base class - * Fix issue where `Set-Cookie` `Expires` was not always updated - * Methods are no longer enumerable on `req.session` object - * deps: cookie@0.3.1 - - Add `sameSite` option - - Improve error message when `encode` is not a function - - Improve error message when `expires` is not a `Date` - - perf: enable strict mode - - perf: use for loop in parse - - perf: use string concatenation for serialization - * deps: parseurl@~1.3.1 - - perf: enable strict mode - * deps: uid-safe@~2.1.1 - - Use `random-bytes` for byte source - - deps: base64-url@1.2.2 - * perf: enable strict mode - * perf: remove argument reassignment - -1.13.0 / 2016-01-10 -=================== - - * Fix `rolling: true` to not set cookie when no session exists - - Better `saveUninitialized: false` + `rolling: true` behavior - * deps: crc@3.4.0 - -1.12.1 / 2015-10-29 -=================== - - * deps: cookie@0.2.3 - - Fix cookie `Max-Age` to never be a floating point number - -1.12.0 / 2015-10-25 -=================== - - * Support the value `'auto'` in the `cookie.secure` option - * deps: cookie@0.2.2 - - Throw on invalid values provided to `serialize` - * deps: depd@~1.1.0 - - Enable strict mode in more places - - Support web browser loading - * deps: on-headers@~1.0.1 - - perf: enable strict mode - -1.11.3 / 2015-05-22 -=================== - - * deps: cookie@0.1.3 - - Slight optimizations - * deps: crc@3.3.0 - -1.11.2 / 2015-05-10 -=================== - - * deps: debug@~2.2.0 - - deps: ms@0.7.1 - * deps: uid-safe@~2.0.0 - -1.11.1 / 2015-04-08 -=================== - - * Fix mutating `options.secret` value - -1.11.0 / 2015-04-07 -=================== - - * Support an array in `secret` option for key rotation - * deps: depd@~1.0.1 - -1.10.4 / 2015-03-15 -=================== - - * deps: debug@~2.1.3 - - Fix high intensity foreground color for bold - - deps: ms@0.7.0 - -1.10.3 / 2015-02-16 -=================== - - * deps: cookie-signature@1.0.6 - * deps: uid-safe@1.1.0 - - Use `crypto.randomBytes`, if available - - deps: base64-url@1.2.1 - -1.10.2 / 2015-01-31 -=================== - - * deps: uid-safe@1.0.3 - - Fix error branch that would throw - - deps: base64-url@1.2.0 - -1.10.1 / 2015-01-08 -=================== - - * deps: uid-safe@1.0.2 - - Remove dependency on `mz` - -1.10.0 / 2015-01-05 -=================== - - * Add `store.touch` interface for session stores - * Fix `MemoryStore` expiration with `resave: false` - * deps: debug@~2.1.1 - -1.9.3 / 2014-12-02 -================== - - * Fix error when `req.sessionID` contains a non-string value - -1.9.2 / 2014-11-22 -================== - - * deps: crc@3.2.1 - - Minor fixes - -1.9.1 / 2014-10-22 -================== - - * Remove unnecessary empty write call - - Fixes Node.js 0.11.14 behavior change - - Helps work-around Node.js 0.10.1 zlib bug - -1.9.0 / 2014-09-16 -================== - - * deps: debug@~2.1.0 - - Implement `DEBUG_FD` env variable support - * deps: depd@~1.0.0 - -1.8.2 / 2014-09-15 -================== - - * Use `crc` instead of `buffer-crc32` for speed - * deps: depd@0.4.5 - -1.8.1 / 2014-09-08 -================== - - * Keep `req.session.save` non-enumerable - * Prevent session prototype methods from being overwritten - -1.8.0 / 2014-09-07 -================== - - * Do not resave already-saved session at end of request - * deps: cookie-signature@1.0.5 - * deps: debug@~2.0.0 - -1.7.6 / 2014-08-18 -================== - - * Fix exception on `res.end(null)` calls - -1.7.5 / 2014-08-10 -================== - - * Fix parsing original URL - * deps: on-headers@~1.0.0 - * deps: parseurl@~1.3.0 - -1.7.4 / 2014-08-05 -================== - - * Fix response end delay for non-chunked responses - -1.7.3 / 2014-08-05 -================== - - * Fix `res.end` patch to call correct upstream `res.write` - -1.7.2 / 2014-07-27 -================== - - * deps: depd@0.4.4 - - Work-around v8 generating empty stack traces - -1.7.1 / 2014-07-26 -================== - - * deps: depd@0.4.3 - - Fix exception when global `Error.stackTraceLimit` is too low - -1.7.0 / 2014-07-22 -================== - - * Improve session-ending error handling - - Errors are passed to `next(err)` instead of `console.error` - * deps: debug@1.0.4 - * deps: depd@0.4.2 - - Add `TRACE_DEPRECATION` environment variable - - Remove non-standard grey color from color output - - Support `--no-deprecation` argument - - Support `--trace-deprecation` argument - -1.6.5 / 2014-07-11 -================== - - * Do not require `req.originalUrl` - * deps: debug@1.0.3 - - Add support for multiple wildcards in namespaces - -1.6.4 / 2014-07-07 -================== - - * Fix blank responses for stores with synchronous operations - -1.6.3 / 2014-07-04 -================== - - * Fix resave deprecation message - -1.6.2 / 2014-07-04 -================== - - * Fix confusing option deprecation messages - -1.6.1 / 2014-06-28 -================== - - * Fix saveUninitialized deprecation message - -1.6.0 / 2014-06-28 -================== - - * Add deprecation message to undefined `resave` option - * Add deprecation message to undefined `saveUninitialized` option - * Fix `res.end` patch to return correct value - * Fix `res.end` patch to handle multiple `res.end` calls - * Reject cookies with missing signatures - -1.5.2 / 2014-06-26 -================== - - * deps: cookie-signature@1.0.4 - - fix for timing attacks - -1.5.1 / 2014-06-21 -================== - - * Move hard-to-track-down `req.secret` deprecation message - -1.5.0 / 2014-06-19 -================== - - * Debug name is now "express-session" - * Deprecate integration with `cookie-parser` middleware - * Deprecate looking for secret in `req.secret` - * Directly read cookies; `cookie-parser` no longer required - * Directly set cookies; `res.cookie` no longer required - * Generate session IDs with `uid-safe`, faster and even less collisions - -1.4.0 / 2014-06-17 -================== - - * Add `genid` option to generate custom session IDs - * Add `saveUninitialized` option to control saving uninitialized sessions - * Add `unset` option to control unsetting `req.session` - * Generate session IDs with `rand-token` by default; reduce collisions - * deps: buffer-crc32@0.2.3 - -1.3.1 / 2014-06-14 -================== - - * Add description in package for npmjs.org listing - -1.3.0 / 2014-06-14 -================== - - * Integrate with express "trust proxy" by default - * deps: debug@1.0.2 - -1.2.1 / 2014-05-27 -================== - - * Fix `resave` such that `resave: true` works - -1.2.0 / 2014-05-19 -================== - - * Add `resave` option to control saving unmodified sessions - -1.1.0 / 2014-05-12 -================== - - * Add `name` option; replacement for `key` option - * Use `setImmediate` in MemoryStore for node.js >= 0.10 - -1.0.4 / 2014-04-27 -================== - - * deps: debug@0.8.1 - -1.0.3 / 2014-04-19 -================== - - * Use `res.cookie()` instead of `res.setHeader()` - * deps: cookie@0.1.2 - -1.0.2 / 2014-02-23 -================== - - * Add missing dependency to `package.json` - -1.0.1 / 2014-02-15 -================== - - * Add missing dependencies to `package.json` - -1.0.0 / 2014-02-15 -================== - - * Genesis from `connect` Index: ckend/node_modules/express-session/LICENSE =================================================================== --- backend/node_modules/express-session/LICENSE (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,24 +1,0 @@ -(The MIT License) - -Copyright (c) 2010 Sencha Inc. -Copyright (c) 2011 TJ Holowaychuk -Copyright (c) 2014-2015 Douglas Christopher Wilson - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Index: ckend/node_modules/express-session/README.md =================================================================== --- backend/node_modules/express-session/README.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,1032 +1,0 @@ -# express-session - -[![NPM Version][npm-version-image]][npm-url] -[![NPM Downloads][npm-downloads-image]][node-url] -[![Build Status][ci-image]][ci-url] -[![Test Coverage][coveralls-image]][coveralls-url] - -## Installation - -This is a [Node.js](https://nodejs.org/en/) module available through the -[npm registry](https://www.npmjs.com/). Installation is done using the -[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): - -```sh -$ npm install express-session -``` - -## API - -```js -var session = require('express-session') -``` - -### session(options) - -Create a session middleware with the given `options`. - -**Note** Session data is _not_ saved in the cookie itself, just the session ID. -Session data is stored server-side. - -**Note** Since version 1.5.0, the [`cookie-parser` middleware](https://www.npmjs.com/package/cookie-parser) -no longer needs to be used for this module to work. This module now directly reads -and writes cookies on `req`/`res`. Using `cookie-parser` may result in issues -if the `secret` is not the same between this module and `cookie-parser`. - -**Warning** The default server-side session storage, `MemoryStore`, is _purposely_ -not designed for a production environment. It will leak memory under most -conditions, does not scale past a single process, and is meant for debugging and -developing. - -For a list of stores, see [compatible session stores](#compatible-session-stores). - -#### Options - -`express-session` accepts these properties in the options object. - -##### cookie - -Settings object for the session ID cookie. The default value is -`{ path: '/', httpOnly: true, secure: false, maxAge: null }`. - -The following are options that can be set in this object. - -##### cookie.domain - -Specifies the value for the `Domain` `Set-Cookie` attribute. By default, no domain -is set, and most clients will consider the cookie to apply to only the current -domain. - -##### cookie.expires - -Specifies the `Date` object to be the value for the `Expires` `Set-Cookie` attribute. -By default, no expiration is set, and most clients will consider this a -"non-persistent cookie" and will delete it on a condition like exiting a web browser -application. - -**Note** If both `expires` and `maxAge` are set in the options, then the last one -defined in the object is what is used. - -**Note** The `expires` option should not be set directly; instead only use the `maxAge` -option. - -##### cookie.httpOnly - -Specifies the `boolean` value for the `HttpOnly` `Set-Cookie` attribute. When truthy, -the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` -attribute is set. - -**Note** be careful when setting this to `true`, as compliant clients will not allow -client-side JavaScript to see the cookie in `document.cookie`. - -##### cookie.maxAge - -Specifies the `number` (in milliseconds) to use when calculating the `Expires` -`Set-Cookie` attribute. This is done by taking the current server time and adding -`maxAge` milliseconds to the value to calculate an `Expires` datetime. By default, -no maximum age is set. - -**Note** If both `expires` and `maxAge` are set in the options, then the last one -defined in the object is what is used. - -##### cookie.partitioned - -Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies) -attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. -By default, the `Partitioned` attribute is not set. - -**Note** This is an attribute that has not yet been fully standardized, and may -change in the future. This also means many clients may ignore this attribute until -they understand it. - -More information about can be found in [the proposal](https://github.com/privacycg/CHIPS). - -##### cookie.path - -Specifies the value for the `Path` `Set-Cookie`. By default, this is set to `'/'`, which -is the root path of the domain. - -##### cookie.priority - -Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1]. - - - `'low'` will set the `Priority` attribute to `Low`. - - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set. - - `'high'` will set the `Priority` attribute to `High`. - -More information about the different priority levels can be found in -[the specification][rfc-west-cookie-priority-00-4.1]. - -**Note** This is an attribute that has not yet been fully standardized, and may change in the future. -This also means many clients may ignore this attribute until they understand it. - -##### cookie.sameSite - -Specifies the `boolean` or `string` to be the value for the `SameSite` `Set-Cookie` attribute. -By default, this is `false`. - - - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. - - `false` will not set the `SameSite` attribute. - - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. - - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. - - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. - -More information about the different enforcement levels can be found in -[the specification][rfc-6265bis-03-4.1.2.7]. - -**Note** This is an attribute that has not yet been fully standardized, and may change in -the future. This also means many clients may ignore this attribute until they understand it. - -**Note** There is a [draft spec](https://tools.ietf.org/html/draft-west-cookie-incrementalism-01) -that requires that the `Secure` attribute be set to `true` when the `SameSite` attribute has been -set to `'none'`. Some web browsers or other clients may be adopting this specification. - -##### cookie.secure - -Specifies the `boolean` value for the `Secure` `Set-Cookie` attribute. When truthy, -the `Secure` attribute is set, otherwise it is not. By default, the `Secure` -attribute is not set. - -**Note** be careful when setting this to `true`, as compliant clients will not send -the cookie back to the server in the future if the browser does not have an HTTPS -connection. - -Please note that `secure: true` is a **recommended** option. However, it requires -an https-enabled website, i.e., HTTPS is necessary for secure cookies. If `secure` -is set, and you access your site over HTTP, the cookie will not be set. If you -have your node.js behind a proxy and are using `secure: true`, you need to set -"trust proxy" in express: - -```js -var app = express() -app.set('trust proxy', 1) // trust first proxy -app.use(session({ - secret: 'keyboard cat', - resave: false, - saveUninitialized: true, - cookie: { secure: true } -})) -``` - -For using secure cookies in production, but allowing for testing in development, -the following is an example of enabling this setup based on `NODE_ENV` in express: - -```js -var app = express() -var sess = { - secret: 'keyboard cat', - cookie: {} -} - -if (app.get('env') === 'production') { - app.set('trust proxy', 1) // trust first proxy - sess.cookie.secure = true // serve secure cookies -} - -app.use(session(sess)) -``` - -The `cookie.secure` option can also be set to the special value `'auto'` to have -this setting automatically match the determined security of the connection. Be -careful when using this setting if the site is available both as HTTP and HTTPS, -as once the cookie is set on HTTPS, it will no longer be visible over HTTP. This -is useful when the Express `"trust proxy"` setting is properly setup to simplify -development vs production configuration. - -##### genid - -Function to call to generate a new session ID. Provide a function that returns -a string that will be used as a session ID. The function is given `req` as the -first argument if you want to use some value attached to `req` when generating -the ID. - -The default value is a function which uses the `uid-safe` library to generate IDs. - -**NOTE** be careful to generate unique IDs so your sessions do not conflict. - -```js -app.use(session({ - genid: function(req) { - return genuuid() // use UUIDs for session IDs - }, - secret: 'keyboard cat' -})) -``` - -##### name - -The name of the session ID cookie to set in the response (and read from in the -request). - -The default value is `'connect.sid'`. - -**Note** if you have multiple apps running on the same hostname (this is just -the name, i.e. `localhost` or `127.0.0.1`; different schemes and ports do not -name a different hostname), then you need to separate the session cookies from -each other. The simplest method is to simply set different `name`s per app. - -##### proxy - -Trust the reverse proxy when setting secure cookies (via the "X-Forwarded-Proto" -header). - -The default value is `undefined`. - - - `true` The "X-Forwarded-Proto" header will be used. - - `false` All headers are ignored and the connection is considered secure only - if there is a direct TLS/SSL connection. - - `undefined` Uses the "trust proxy" setting from express - -##### resave - -Forces the session to be saved back to the session store, even if the session -was never modified during the request. Depending on your store this may be -necessary, but it can also create race conditions where a client makes two -parallel requests to your server and changes made to the session in one -request may get overwritten when the other request ends, even if it made no -changes (this behavior also depends on what store you're using). - -The default value is `true`, but using the default has been deprecated, -as the default will change in the future. Please research into this setting -and choose what is appropriate to your use-case. Typically, you'll want -`false`. - -How do I know if this is necessary for my store? The best way to know is to -check with your store if it implements the `touch` method. If it does, then -you can safely set `resave: false`. If it does not implement the `touch` -method and your store sets an expiration date on stored sessions, then you -likely need `resave: true`. - -##### rolling - -Force the session identifier cookie to be set on every response. The expiration -is reset to the original [`maxAge`](#cookiemaxage), resetting the expiration -countdown. - -The default value is `false`. - -With this enabled, the session identifier cookie will expire in -[`maxAge`](#cookiemaxage) since the last response was sent instead of in -[`maxAge`](#cookiemaxage) since the session was last modified by the server. - -This is typically used in conjunction with short, non-session-length -[`maxAge`](#cookiemaxage) values to provide a quick timeout of the session data -with reduced potential of it occurring during on going server interactions. - -**Note** When this option is set to `true` but the `saveUninitialized` option is -set to `false`, the cookie will not be set on a response with an uninitialized -session. This option only modifies the behavior when an existing session was -loaded for the request. - -##### saveUninitialized - -Forces a session that is "uninitialized" to be saved to the store. A session is -uninitialized when it is new but not modified. Choosing `false` is useful for -implementing login sessions, reducing server storage usage, or complying with -laws that require permission before setting a cookie. Choosing `false` will also -help with race conditions where a client makes multiple parallel requests -without a session. - -The default value is `true`, but using the default has been deprecated, as the -default will change in the future. Please research into this setting and -choose what is appropriate to your use-case. - -**Note** if you are using Session in conjunction with PassportJS, Passport -will add an empty Passport object to the session for use after a user is -authenticated, which will be treated as a modification to the session, causing -it to be saved. *This has been fixed in PassportJS 0.3.0* - -##### secret - -**Required option** - -This is the secret used to sign the session ID cookie. The secret can be any type -of value that is supported by Node.js `crypto.createHmac` (like a string or a -`Buffer`). This can be either a single secret, or an array of multiple secrets. If -an array of secrets is provided, only the first element will be used to sign the -session ID cookie, while all the elements will be considered when verifying the -signature in requests. The secret itself should be not easily parsed by a human and -would best be a random set of characters. A best practice may include: - - - The use of environment variables to store the secret, ensuring the secret itself - does not exist in your repository. - - Periodic updates of the secret, while ensuring the previous secret is in the - array. - -Using a secret that cannot be guessed will reduce the ability to hijack a session to -only guessing the session ID (as determined by the `genid` option). - -Changing the secret value will invalidate all existing sessions. In order to rotate -the secret without invalidating sessions, provide an array of secrets, with the new -secret as first element of the array, and including previous secrets as the later -elements. - -**Note** HMAC-256 is used to sign the session ID. For this reason, the secret should -contain at least 32 bytes of entropy. - -##### store - -The session store instance, defaults to a new `MemoryStore` instance. - -##### unset - -Control the result of unsetting `req.session` (through `delete`, setting to `null`, -etc.). - -The default value is `'keep'`. - - - `'destroy'` The session will be destroyed (deleted) when the response ends. - - `'keep'` The session in the store will be kept, but modifications made during - the request are ignored and not saved. - -### req.session - -To store or access session data, simply use the request property `req.session`, -which is (generally) serialized as JSON by the store, so nested objects -are typically fine. For example below is a user-specific view counter: - -```js -// Use the session middleware -app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }})) - -// Access the session as req.session -app.get('/', function(req, res, next) { - if (req.session.views) { - req.session.views++ - res.setHeader('Content-Type', 'text/html') - res.write('

views: ' + req.session.views + '

') - res.write('

expires in: ' + (req.session.cookie.maxAge / 1000) + 's

') - res.end() - } else { - req.session.views = 1 - res.end('welcome to the session demo. refresh!') - } -}) -``` - -#### Session.regenerate(callback) - -To regenerate the session simply invoke the method. Once complete, -a new SID and `Session` instance will be initialized at `req.session` -and the `callback` will be invoked. - -```js -req.session.regenerate(function(err) { - // will have a new session here -}) -``` - -#### Session.destroy(callback) - -Destroys the session and will unset the `req.session` property. -Once complete, the `callback` will be invoked. - -```js -req.session.destroy(function(err) { - // cannot access session here -}) -``` - -#### Session.reload(callback) - -Reloads the session data from the store and re-populates the -`req.session` object. Once complete, the `callback` will be invoked. - -```js -req.session.reload(function(err) { - // session updated -}) -``` - -#### Session.save(callback) - -Save the session back to the store, replacing the contents on the store with the -contents in memory (though a store may do something else--consult the store's -documentation for exact behavior). - -This method is automatically called at the end of the HTTP response if the -session data has been altered (though this behavior can be altered with various -options in the middleware constructor). Because of this, typically this method -does not need to be called. - -There are some cases where it is useful to call this method, for example, -redirects, long-lived requests or in WebSockets. - -```js -req.session.save(function(err) { - // session saved -}) -``` - -#### Session.touch() - -Updates the `.maxAge` property. Typically this is -not necessary to call, as the session middleware does this for you. - -### req.session.id - -Each session has a unique ID associated with it. This property is an -alias of [`req.sessionID`](#reqsessionid-1) and cannot be modified. -It has been added to make the session ID accessible from the `session` -object. - -### req.session.cookie - -Each session has a unique cookie object accompany it. This allows -you to alter the session cookie per visitor. For example we can -set `req.session.cookie.expires` to `false` to enable the cookie -to remain for only the duration of the user-agent. - -#### Cookie.maxAge - -Alternatively `req.session.cookie.maxAge` will return the time -remaining in milliseconds, which we may also re-assign a new value -to adjust the `.expires` property appropriately. The following -are essentially equivalent - -```js -var hour = 3600000 -req.session.cookie.expires = new Date(Date.now() + hour) -req.session.cookie.maxAge = hour -``` - -For example when `maxAge` is set to `60000` (one minute), and 30 seconds -has elapsed it will return `30000` until the current request has completed, -at which time `req.session.touch()` is called to reset -`req.session.cookie.maxAge` to its original value. - -```js -req.session.cookie.maxAge // => 30000 -``` - -#### Cookie.originalMaxAge - -The `req.session.cookie.originalMaxAge` property returns the original -`maxAge` (time-to-live), in milliseconds, of the session cookie. - -### req.sessionID - -To get the ID of the loaded session, access the request property -`req.sessionID`. This is simply a read-only value set when a session -is loaded/created. - -## Session Store Implementation - -Every session store _must_ be an `EventEmitter` and implement specific -methods. The following methods are the list of **required**, **recommended**, -and **optional**. - - * Required methods are ones that this module will always call on the store. - * Recommended methods are ones that this module will call on the store if - available. - * Optional methods are ones this module does not call at all, but helps - present uniform stores to users. - -For an example implementation view the [connect-redis](http://github.com/visionmedia/connect-redis) repo. - -### store.all(callback) - -**Optional** - -This optional method is used to get all sessions in the store as an array. The -`callback` should be called as `callback(error, sessions)`. - -### store.destroy(sid, callback) - -**Required** - -This required method is used to destroy/delete a session from the store given -a session ID (`sid`). The `callback` should be called as `callback(error)` once -the session is destroyed. - -### store.clear(callback) - -**Optional** - -This optional method is used to delete all sessions from the store. The -`callback` should be called as `callback(error)` once the store is cleared. - -### store.length(callback) - -**Optional** - -This optional method is used to get the count of all sessions in the store. -The `callback` should be called as `callback(error, len)`. - -### store.get(sid, callback) - -**Required** - -This required method is used to get a session from the store given a session -ID (`sid`). The `callback` should be called as `callback(error, session)`. - -The `session` argument should be a session if found, otherwise `null` or -`undefined` if the session was not found (and there was no error). A special -case is made when `error.code === 'ENOENT'` to act like `callback(null, null)`. - -### store.set(sid, session, callback) - -**Required** - -This required method is used to upsert a session into the store given a -session ID (`sid`) and session (`session`) object. The callback should be -called as `callback(error)` once the session has been set in the store. - -### store.touch(sid, session, callback) - -**Recommended** - -This recommended method is used to "touch" a given session given a -session ID (`sid`) and session (`session`) object. The `callback` should be -called as `callback(error)` once the session has been touched. - -This is primarily used when the store will automatically delete idle sessions -and this method is used to signal to the store the given session is active, -potentially resetting the idle timer. - -## Compatible Session Stores - -The following modules implement a session store that is compatible with this -module. Please make a PR to add additional modules :) - -[![★][aerospike-session-store-image] aerospike-session-store][aerospike-session-store-url] A session store using [Aerospike](http://www.aerospike.com/). - -[aerospike-session-store-url]: https://www.npmjs.com/package/aerospike-session-store -[aerospike-session-store-image]: https://badgen.net/github/stars/aerospike/aerospike-session-store-expressjs?label=%E2%98%85 - -[![★][better-sqlite3-session-store-image] better-sqlite3-session-store][better-sqlite3-session-store-url] A session store based on [better-sqlite3](https://github.com/JoshuaWise/better-sqlite3). - -[better-sqlite3-session-store-url]: https://www.npmjs.com/package/better-sqlite3-session-store -[better-sqlite3-session-store-image]: https://badgen.net/github/stars/timdaub/better-sqlite3-session-store?label=%E2%98%85 - -[![★][cassandra-store-image] cassandra-store][cassandra-store-url] An Apache Cassandra-based session store. - -[cassandra-store-url]: https://www.npmjs.com/package/cassandra-store -[cassandra-store-image]: https://badgen.net/github/stars/webcc/cassandra-store?label=%E2%98%85 - -[![★][cluster-store-image] cluster-store][cluster-store-url] A wrapper for using in-process / embedded -stores - such as SQLite (via knex), leveldb, files, or memory - with node cluster (desirable for Raspberry Pi 2 -and other multi-core embedded devices). - -[cluster-store-url]: https://www.npmjs.com/package/cluster-store -[cluster-store-image]: https://badgen.net/github/stars/coolaj86/cluster-store?label=%E2%98%85 - -[![★][connect-arango-image] connect-arango][connect-arango-url] An ArangoDB-based session store. - -[connect-arango-url]: https://www.npmjs.com/package/connect-arango -[connect-arango-image]: https://badgen.net/github/stars/AlexanderArvidsson/connect-arango?label=%E2%98%85 - -[![★][connect-azuretables-image] connect-azuretables][connect-azuretables-url] An [Azure Table Storage](https://azure.microsoft.com/en-gb/services/storage/tables/)-based session store. - -[connect-azuretables-url]: https://www.npmjs.com/package/connect-azuretables -[connect-azuretables-image]: https://badgen.net/github/stars/mike-goodwin/connect-azuretables?label=%E2%98%85 - -[![★][connect-cloudant-store-image] connect-cloudant-store][connect-cloudant-store-url] An [IBM Cloudant](https://cloudant.com/)-based session store. - -[connect-cloudant-store-url]: https://www.npmjs.com/package/connect-cloudant-store -[connect-cloudant-store-image]: https://badgen.net/github/stars/adriantanasa/connect-cloudant-store?label=%E2%98%85 - -[![★][connect-cosmosdb-image] connect-cosmosdb][connect-cosmosdb-url] An Azure [Cosmos DB](https://azure.microsoft.com/en-us/products/cosmos-db/)-based session store. - -[connect-cosmosdb-url]: https://www.npmjs.com/package/connect-cosmosdb -[connect-cosmosdb-image]: https://badgen.net/github/stars/thekillingspree/connect-cosmosdb?label=%E2%98%85 - -[![★][connect-couchbase-image] connect-couchbase][connect-couchbase-url] A [couchbase](http://www.couchbase.com/)-based session store. - -[connect-couchbase-url]: https://www.npmjs.com/package/connect-couchbase -[connect-couchbase-image]: https://badgen.net/github/stars/christophermina/connect-couchbase?label=%E2%98%85 - -[![★][connect-datacache-image] connect-datacache][connect-datacache-url] An [IBM Bluemix Data Cache](http://www.ibm.com/cloud-computing/bluemix/)-based session store. - -[connect-datacache-url]: https://www.npmjs.com/package/connect-datacache -[connect-datacache-image]: https://badgen.net/github/stars/adriantanasa/connect-datacache?label=%E2%98%85 - -[![★][@google-cloud/connect-datastore-image] @google-cloud/connect-datastore][@google-cloud/connect-datastore-url] A [Google Cloud Datastore](https://cloud.google.com/datastore/docs/concepts/overview)-based session store. - -[@google-cloud/connect-datastore-url]: https://www.npmjs.com/package/@google-cloud/connect-datastore -[@google-cloud/connect-datastore-image]: https://badgen.net/github/stars/GoogleCloudPlatform/cloud-datastore-session-node?label=%E2%98%85 - -[![★][connect-db2-image] connect-db2][connect-db2-url] An IBM DB2-based session store built using [ibm_db](https://www.npmjs.com/package/ibm_db) module. - -[connect-db2-url]: https://www.npmjs.com/package/connect-db2 -[connect-db2-image]: https://badgen.net/github/stars/wallali/connect-db2?label=%E2%98%85 - -[![★][connect-dynamodb-image] connect-dynamodb][connect-dynamodb-url] A DynamoDB-based session store. - -[connect-dynamodb-url]: https://www.npmjs.com/package/connect-dynamodb -[connect-dynamodb-image]: https://badgen.net/github/stars/ca98am79/connect-dynamodb?label=%E2%98%85 - -[![★][@google-cloud/connect-firestore-image] @google-cloud/connect-firestore][@google-cloud/connect-firestore-url] A [Google Cloud Firestore](https://cloud.google.com/firestore/docs/overview)-based session store. - -[@google-cloud/connect-firestore-url]: https://www.npmjs.com/package/@google-cloud/connect-firestore -[@google-cloud/connect-firestore-image]: https://badgen.net/github/stars/googleapis/nodejs-firestore-session?label=%E2%98%85 - -[![★][connect-hazelcast-image] connect-hazelcast][connect-hazelcast-url] Hazelcast session store for Connect and Express. - -[connect-hazelcast-url]: https://www.npmjs.com/package/connect-hazelcast -[connect-hazelcast-image]: https://badgen.net/github/stars/huseyinbabal/connect-hazelcast?label=%E2%98%85 - -[![★][connect-loki-image] connect-loki][connect-loki-url] A Loki.js-based session store. - -[connect-loki-url]: https://www.npmjs.com/package/connect-loki -[connect-loki-image]: https://badgen.net/github/stars/Requarks/connect-loki?label=%E2%98%85 - -[![★][connect-lowdb-image] connect-lowdb][connect-lowdb-url] A lowdb-based session store. - -[connect-lowdb-url]: https://www.npmjs.com/package/connect-lowdb -[connect-lowdb-image]: https://badgen.net/github/stars/travishorn/connect-lowdb?label=%E2%98%85 - -[![★][connect-memcached-image] connect-memcached][connect-memcached-url] A memcached-based session store. - -[connect-memcached-url]: https://www.npmjs.com/package/connect-memcached -[connect-memcached-image]: https://badgen.net/github/stars/balor/connect-memcached?label=%E2%98%85 - -[![★][connect-memjs-image] connect-memjs][connect-memjs-url] A memcached-based session store using -[memjs](https://www.npmjs.com/package/memjs) as the memcached client. - -[connect-memjs-url]: https://www.npmjs.com/package/connect-memjs -[connect-memjs-image]: https://badgen.net/github/stars/liamdon/connect-memjs?label=%E2%98%85 - -[![★][connect-ml-image] connect-ml][connect-ml-url] A MarkLogic Server-based session store. - -[connect-ml-url]: https://www.npmjs.com/package/connect-ml -[connect-ml-image]: https://badgen.net/github/stars/bluetorch/connect-ml?label=%E2%98%85 - -[![★][connect-monetdb-image] connect-monetdb][connect-monetdb-url] A MonetDB-based session store. - -[connect-monetdb-url]: https://www.npmjs.com/package/connect-monetdb -[connect-monetdb-image]: https://badgen.net/github/stars/MonetDB/npm-connect-monetdb?label=%E2%98%85 - -[![★][connect-mongo-image] connect-mongo][connect-mongo-url] A MongoDB-based session store. - -[connect-mongo-url]: https://www.npmjs.com/package/connect-mongo -[connect-mongo-image]: https://badgen.net/github/stars/kcbanner/connect-mongo?label=%E2%98%85 - -[![★][connect-mongodb-session-image] connect-mongodb-session][connect-mongodb-session-url] Lightweight MongoDB-based session store built and maintained by MongoDB. - -[connect-mongodb-session-url]: https://www.npmjs.com/package/connect-mongodb-session -[connect-mongodb-session-image]: https://badgen.net/github/stars/mongodb-js/connect-mongodb-session?label=%E2%98%85 - -[![★][connect-mssql-v2-image] connect-mssql-v2][connect-mssql-v2-url] A Microsoft SQL Server-based session store based on [connect-mssql](https://www.npmjs.com/package/connect-mssql). - -[connect-mssql-v2-url]: https://www.npmjs.com/package/connect-mssql-v2 -[connect-mssql-v2-image]: https://badgen.net/github/stars/jluboff/connect-mssql-v2?label=%E2%98%85 - -[![★][connect-neo4j-image] connect-neo4j][connect-neo4j-url] A [Neo4j](https://neo4j.com)-based session store. - -[connect-neo4j-url]: https://www.npmjs.com/package/connect-neo4j -[connect-neo4j-image]: https://badgen.net/github/stars/MaxAndersson/connect-neo4j?label=%E2%98%85 - -[![★][connect-ottoman-image] connect-ottoman][connect-ottoman-url] A [couchbase ottoman](http://www.couchbase.com/)-based session store. - -[connect-ottoman-url]: https://www.npmjs.com/package/connect-ottoman -[connect-ottoman-image]: https://badgen.net/github/stars/noiissyboy/connect-ottoman?label=%E2%98%85 - -[![★][connect-pg-simple-image] connect-pg-simple][connect-pg-simple-url] A PostgreSQL-based session store. - -[connect-pg-simple-url]: https://www.npmjs.com/package/connect-pg-simple -[connect-pg-simple-image]: https://badgen.net/github/stars/voxpelli/node-connect-pg-simple?label=%E2%98%85 - -[![★][connect-redis-image] connect-redis][connect-redis-url] A Redis-based session store. - -[connect-redis-url]: https://www.npmjs.com/package/connect-redis -[connect-redis-image]: https://badgen.net/github/stars/tj/connect-redis?label=%E2%98%85 - -[![★][connect-session-firebase-image] connect-session-firebase][connect-session-firebase-url] A session store based on the [Firebase Realtime Database](https://firebase.google.com/docs/database/) - -[connect-session-firebase-url]: https://www.npmjs.com/package/connect-session-firebase -[connect-session-firebase-image]: https://badgen.net/github/stars/benweier/connect-session-firebase?label=%E2%98%85 - -[![★][connect-session-knex-image] connect-session-knex][connect-session-knex-url] A session store using -[Knex.js](http://knexjs.org/), which is a SQL query builder for PostgreSQL, MySQL, MariaDB, SQLite3, and Oracle. - -[connect-session-knex-url]: https://www.npmjs.com/package/connect-session-knex -[connect-session-knex-image]: https://badgen.net/github/stars/llambda/connect-session-knex?label=%E2%98%85 - -[![★][connect-session-sequelize-image] connect-session-sequelize][connect-session-sequelize-url] A session store using -[Sequelize.js](http://sequelizejs.com/), which is a Node.js / io.js ORM for PostgreSQL, MySQL, SQLite and MSSQL. - -[connect-session-sequelize-url]: https://www.npmjs.com/package/connect-session-sequelize -[connect-session-sequelize-image]: https://badgen.net/github/stars/mweibel/connect-session-sequelize?label=%E2%98%85 - -[![★][connect-sqlite3-image] connect-sqlite3][connect-sqlite3-url] A [SQLite3](https://github.com/mapbox/node-sqlite3) session store modeled after the TJ's `connect-redis` store. - -[connect-sqlite3-url]: https://www.npmjs.com/package/connect-sqlite3 -[connect-sqlite3-image]: https://badgen.net/github/stars/rawberg/connect-sqlite3?label=%E2%98%85 - -[![★][connect-typeorm-image] connect-typeorm][connect-typeorm-url] A [TypeORM](https://github.com/typeorm/typeorm)-based session store. - -[connect-typeorm-url]: https://www.npmjs.com/package/connect-typeorm -[connect-typeorm-image]: https://badgen.net/github/stars/makepost/connect-typeorm?label=%E2%98%85 - -[![★][couchdb-expression-image] couchdb-expression][couchdb-expression-url] A [CouchDB](https://couchdb.apache.org/)-based session store. - -[couchdb-expression-url]: https://www.npmjs.com/package/couchdb-expression -[couchdb-expression-image]: https://badgen.net/github/stars/tkshnwesper/couchdb-expression?label=%E2%98%85 - -[![★][dynamodb-store-image] dynamodb-store][dynamodb-store-url] A DynamoDB-based session store. - -[dynamodb-store-url]: https://www.npmjs.com/package/dynamodb-store -[dynamodb-store-image]: https://badgen.net/github/stars/rafaelrpinto/dynamodb-store?label=%E2%98%85 - -[![★][dynamodb-store-v3-image] dynamodb-store-v3][dynamodb-store-v3-url] Implementation of a session store using DynamoDB backed by the [AWS SDK for JavaScript v3](https://github.com/aws/aws-sdk-js-v3). - -[dynamodb-store-v3-url]: https://www.npmjs.com/package/dynamodb-store-v3 -[dynamodb-store-v3-image]: https://badgen.net/github/stars/FryDay/dynamodb-store-v3?label=%E2%98%85 - -[![★][express-etcd-image] express-etcd][express-etcd-url] An [etcd](https://github.com/stianeikeland/node-etcd) based session store. - -[express-etcd-url]: https://www.npmjs.com/package/express-etcd -[express-etcd-image]: https://badgen.net/github/stars/gildean/express-etcd?label=%E2%98%85 - -[![★][express-mysql-session-image] express-mysql-session][express-mysql-session-url] A session store using native -[MySQL](https://www.mysql.com/) via the [node-mysql](https://github.com/felixge/node-mysql) module. - -[express-mysql-session-url]: https://www.npmjs.com/package/express-mysql-session -[express-mysql-session-image]: https://badgen.net/github/stars/chill117/express-mysql-session?label=%E2%98%85 - -[![★][express-nedb-session-image] express-nedb-session][express-nedb-session-url] A NeDB-based session store. - -[express-nedb-session-url]: https://www.npmjs.com/package/express-nedb-session -[express-nedb-session-image]: https://badgen.net/github/stars/louischatriot/express-nedb-session?label=%E2%98%85 - -[![★][express-oracle-session-image] express-oracle-session][express-oracle-session-url] A session store using native -[oracle](https://www.oracle.com/) via the [node-oracledb](https://www.npmjs.com/package/oracledb) module. - -[express-oracle-session-url]: https://www.npmjs.com/package/express-oracle-session -[express-oracle-session-image]: https://badgen.net/github/stars/slumber86/express-oracle-session?label=%E2%98%85 - -[![★][express-session-cache-manager-image] express-session-cache-manager][express-session-cache-manager-url] -A store that implements [cache-manager](https://www.npmjs.com/package/cache-manager), which supports -a [variety of storage types](https://www.npmjs.com/package/cache-manager#store-engines). - -[express-session-cache-manager-url]: https://www.npmjs.com/package/express-session-cache-manager -[express-session-cache-manager-image]: https://badgen.net/github/stars/theogravity/express-session-cache-manager?label=%E2%98%85 - -[![★][express-session-etcd3-image] express-session-etcd3][express-session-etcd3-url] An [etcd3](https://github.com/mixer/etcd3) based session store. - -[express-session-etcd3-url]: https://www.npmjs.com/package/express-session-etcd3 -[express-session-etcd3-image]: https://badgen.net/github/stars/willgm/express-session-etcd3?label=%E2%98%85 - -[![★][express-session-level-image] express-session-level][express-session-level-url] A [LevelDB](https://github.com/Level/levelup) based session store. - -[express-session-level-url]: https://www.npmjs.com/package/express-session-level -[express-session-level-image]: https://badgen.net/github/stars/tgohn/express-session-level?label=%E2%98%85 - -[![★][express-session-rsdb-image] express-session-rsdb][express-session-rsdb-url] Session store based on Rocket-Store: A very simple, super fast and yet powerful, flat file database. - -[express-session-rsdb-url]: https://www.npmjs.com/package/express-session-rsdb -[express-session-rsdb-image]: https://badgen.net/github/stars/paragi/express-session-rsdb?label=%E2%98%85 - -[![★][express-sessions-image] express-sessions][express-sessions-url] A session store supporting both MongoDB and Redis. - -[express-sessions-url]: https://www.npmjs.com/package/express-sessions -[express-sessions-image]: https://badgen.net/github/stars/konteck/express-sessions?label=%E2%98%85 - -[![★][firestore-store-image] firestore-store][firestore-store-url] A [Firestore](https://github.com/hendrysadrak/firestore-store)-based session store. - -[firestore-store-url]: https://www.npmjs.com/package/firestore-store -[firestore-store-image]: https://badgen.net/github/stars/hendrysadrak/firestore-store?label=%E2%98%85 - -[![★][fortune-session-image] fortune-session][fortune-session-url] A [Fortune.js](https://github.com/fortunejs/fortune) -based session store. Supports all backends supported by Fortune (MongoDB, Redis, Postgres, NeDB). - -[fortune-session-url]: https://www.npmjs.com/package/fortune-session -[fortune-session-image]: https://badgen.net/github/stars/aliceklipper/fortune-session?label=%E2%98%85 - -[![★][hazelcast-store-image] hazelcast-store][hazelcast-store-url] A Hazelcast-based session store built on the [Hazelcast Node Client](https://www.npmjs.com/package/hazelcast-client). - -[hazelcast-store-url]: https://www.npmjs.com/package/hazelcast-store -[hazelcast-store-image]: https://badgen.net/github/stars/jackspaniel/hazelcast-store?label=%E2%98%85 - -[![★][level-session-store-image] level-session-store][level-session-store-url] A LevelDB-based session store. - -[level-session-store-url]: https://www.npmjs.com/package/level-session-store -[level-session-store-image]: https://badgen.net/github/stars/toddself/level-session-store?label=%E2%98%85 - -[![★][lowdb-session-store-image] lowdb-session-store][lowdb-session-store-url] A [lowdb](https://www.npmjs.com/package/lowdb)-based session store. - -[lowdb-session-store-url]: https://www.npmjs.com/package/lowdb-session-store -[lowdb-session-store-image]: https://badgen.net/github/stars/fhellwig/lowdb-session-store?label=%E2%98%85 - -[![★][medea-session-store-image] medea-session-store][medea-session-store-url] A Medea-based session store. - -[medea-session-store-url]: https://www.npmjs.com/package/medea-session-store -[medea-session-store-image]: https://badgen.net/github/stars/BenjaminVadant/medea-session-store?label=%E2%98%85 - -[![★][memorystore-image] memorystore][memorystore-url] A memory session store made for production. - -[memorystore-url]: https://www.npmjs.com/package/memorystore -[memorystore-image]: https://badgen.net/github/stars/roccomuso/memorystore?label=%E2%98%85 - -[![★][mssql-session-store-image] mssql-session-store][mssql-session-store-url] A SQL Server-based session store. - -[mssql-session-store-url]: https://www.npmjs.com/package/mssql-session-store -[mssql-session-store-image]: https://badgen.net/github/stars/jwathen/mssql-session-store?label=%E2%98%85 - -[![★][nedb-session-store-image] nedb-session-store][nedb-session-store-url] An alternate NeDB-based (either in-memory or file-persisted) session store. - -[nedb-session-store-url]: https://www.npmjs.com/package/nedb-session-store -[nedb-session-store-image]: https://badgen.net/github/stars/JamesMGreene/nedb-session-store?label=%E2%98%85 - -[![★][@quixo3/prisma-session-store-image] @quixo3/prisma-session-store][@quixo3/prisma-session-store-url] A session store for the [Prisma Framework](https://www.prisma.io). - -[@quixo3/prisma-session-store-url]: https://www.npmjs.com/package/@quixo3/prisma-session-store -[@quixo3/prisma-session-store-image]: https://badgen.net/github/stars/kleydon/prisma-session-store?label=%E2%98%85 - -[![★][restsession-image] restsession][restsession-url] Store sessions utilizing a RESTful API - -[restsession-url]: https://www.npmjs.com/package/restsession -[restsession-image]: https://badgen.net/github/stars/jankal/restsession?label=%E2%98%85 - -[![★][sequelstore-connect-image] sequelstore-connect][sequelstore-connect-url] A session store using [Sequelize.js](http://sequelizejs.com/). - -[sequelstore-connect-url]: https://www.npmjs.com/package/sequelstore-connect -[sequelstore-connect-image]: https://badgen.net/github/stars/MattMcFarland/sequelstore-connect?label=%E2%98%85 - -[![★][session-file-store-image] session-file-store][session-file-store-url] A file system-based session store. - -[session-file-store-url]: https://www.npmjs.com/package/session-file-store -[session-file-store-image]: https://badgen.net/github/stars/valery-barysok/session-file-store?label=%E2%98%85 - -[![★][session-pouchdb-store-image] session-pouchdb-store][session-pouchdb-store-url] Session store for PouchDB / CouchDB. Accepts embedded, custom, or remote PouchDB instance and realtime synchronization. - -[session-pouchdb-store-url]: https://www.npmjs.com/package/session-pouchdb-store -[session-pouchdb-store-image]: https://badgen.net/github/stars/solzimer/session-pouchdb-store?label=%E2%98%85 - -[![★][@cyclic.sh/session-store-image] @cyclic.sh/session-store][@cyclic.sh/session-store-url] A DynamoDB-based session store for [Cyclic.sh](https://www.cyclic.sh/) apps. - -[@cyclic.sh/session-store-url]: https://www.npmjs.com/package/@cyclic.sh/session-store -[@cyclic.sh/session-store-image]: https://badgen.net/github/stars/cyclic-software/session-store?label=%E2%98%85 - -[![★][@databunker/session-store-image] @databunker/session-store][@databunker/session-store-url] A [Databunker](https://databunker.org/)-based encrypted session store. - -[@databunker/session-store-url]: https://www.npmjs.com/package/@databunker/session-store -[@databunker/session-store-image]: https://badgen.net/github/stars/securitybunker/databunker-session-store?label=%E2%98%85 - -[![★][sessionstore-image] sessionstore][sessionstore-url] A session store that works with various databases. - -[sessionstore-url]: https://www.npmjs.com/package/sessionstore -[sessionstore-image]: https://badgen.net/github/stars/adrai/sessionstore?label=%E2%98%85 - -[![★][tch-nedb-session-image] tch-nedb-session][tch-nedb-session-url] A file system session store based on NeDB. - -[tch-nedb-session-url]: https://www.npmjs.com/package/tch-nedb-session -[tch-nedb-session-image]: https://badgen.net/github/stars/tomaschyly/NeDBSession?label=%E2%98%85 - -## Examples - -### View counter - -A simple example using `express-session` to store page views for a user. - -```js -var express = require('express') -var parseurl = require('parseurl') -var session = require('express-session') - -var app = express() - -app.use(session({ - secret: 'keyboard cat', - resave: false, - saveUninitialized: true -})) - -app.use(function (req, res, next) { - if (!req.session.views) { - req.session.views = {} - } - - // get the url pathname - var pathname = parseurl(req).pathname - - // count the views - req.session.views[pathname] = (req.session.views[pathname] || 0) + 1 - - next() -}) - -app.get('/foo', function (req, res, next) { - res.send('you viewed this page ' + req.session.views['/foo'] + ' times') -}) - -app.get('/bar', function (req, res, next) { - res.send('you viewed this page ' + req.session.views['/bar'] + ' times') -}) - -app.listen(3000) -``` - -### User login - -A simple example using `express-session` to keep a user log in session. - -```js -var escapeHtml = require('escape-html') -var express = require('express') -var session = require('express-session') - -var app = express() - -app.use(session({ - secret: 'keyboard cat', - resave: false, - saveUninitialized: true -})) - -// middleware to test if authenticated -function isAuthenticated (req, res, next) { - if (req.session.user) next() - else next('route') -} - -app.get('/', isAuthenticated, function (req, res) { - // this is only called when there is an authentication user due to isAuthenticated - res.send('hello, ' + escapeHtml(req.session.user) + '!' + - ' Logout') -}) - -app.get('/', function (req, res) { - res.send('
' + - 'Username:
' + - 'Password:
' + - '
') -}) - -app.post('/login', express.urlencoded({ extended: false }), function (req, res) { - // login logic to validate req.body.user and req.body.pass - // would be implemented here. for this example any combo works - - // regenerate the session, which is good practice to help - // guard against forms of session fixation - req.session.regenerate(function (err) { - if (err) next(err) - - // store user information in session, typically a user id - req.session.user = req.body.user - - // save the session before redirection to ensure page - // load does not happen before session is saved - req.session.save(function (err) { - if (err) return next(err) - res.redirect('/') - }) - }) -}) - -app.get('/logout', function (req, res, next) { - // logout logic - - // clear the user from the session object and save. - // this will ensure that re-using the old session id - // does not have a logged in user - req.session.user = null - req.session.save(function (err) { - if (err) next(err) - - // regenerate the session, which is good practice to help - // guard against forms of session fixation - req.session.regenerate(function (err) { - if (err) next(err) - res.redirect('/') - }) - }) -}) - -app.listen(3000) -``` - -## Debugging - -This module uses the [debug](https://www.npmjs.com/package/debug) module -internally to log information about session operations. - -To see all the internal logs, set the `DEBUG` environment variable to -`express-session` when launching your app (`npm start`, in this example): - -```sh -$ DEBUG=express-session npm start -``` - -On Windows, use the corresponding command; - -```sh -> set DEBUG=express-session & npm start -``` - -## License - -[MIT](LICENSE) - -[rfc-6265bis-03-4.1.2.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7 -[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/ -[rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1 -[ci-image]: https://badgen.net/github/checks/expressjs/session/master?label=ci -[ci-url]: https://github.com/expressjs/session/actions?query=workflow%3Aci -[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/session/master -[coveralls-url]: https://coveralls.io/r/expressjs/session?branch=master -[node-url]: https://nodejs.org/en/download -[npm-downloads-image]: https://badgen.net/npm/dm/express-session -[npm-url]: https://npmjs.org/package/express-session -[npm-version-image]: https://badgen.net/npm/v/express-session Index: ckend/node_modules/express-session/index.js =================================================================== --- backend/node_modules/express-session/index.js (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,693 +1,0 @@ -/*! - * express-session - * Copyright(c) 2010 Sencha Inc. - * Copyright(c) 2011 TJ Holowaychuk - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var Buffer = require('safe-buffer').Buffer -var cookie = require('cookie'); -var crypto = require('crypto') -var debug = require('debug')('express-session'); -var deprecate = require('depd')('express-session'); -var onHeaders = require('on-headers') -var parseUrl = require('parseurl'); -var signature = require('cookie-signature') -var uid = require('uid-safe').sync - -var Cookie = require('./session/cookie') -var MemoryStore = require('./session/memory') -var Session = require('./session/session') -var Store = require('./session/store') - -// environment - -var env = process.env.NODE_ENV; - -/** - * Expose the middleware. - */ - -exports = module.exports = session; - -/** - * Expose constructors. - */ - -exports.Store = Store; -exports.Cookie = Cookie; -exports.Session = Session; -exports.MemoryStore = MemoryStore; - -/** - * Warning message for `MemoryStore` usage in production. - * @private - */ - -var warning = 'Warning: connect.session() MemoryStore is not\n' - + 'designed for a production environment, as it will leak\n' - + 'memory, and will not scale past a single process.'; - -/** - * Node.js 0.8+ async implementation. - * @private - */ - -/* istanbul ignore next */ -var defer = typeof setImmediate === 'function' - ? setImmediate - : function(fn){ process.nextTick(fn.bind.apply(fn, arguments)) } - -/** - * Setup session store with the given `options`. - * - * @param {Object} [options] - * @param {Object} [options.cookie] Options for cookie - * @param {Function} [options.genid] - * @param {String} [options.name=connect.sid] Session ID cookie name - * @param {Boolean} [options.proxy] - * @param {Boolean} [options.resave] Resave unmodified sessions back to the store - * @param {Boolean} [options.rolling] Enable/disable rolling session expiration - * @param {Boolean} [options.saveUninitialized] Save uninitialized sessions to the store - * @param {String|Array} [options.secret] Secret for signing session ID - * @param {Object} [options.store=MemoryStore] Session store - * @param {String} [options.unset] - * @return {Function} middleware - * @public - */ - -function session(options) { - var opts = options || {} - - // get the cookie options - var cookieOptions = opts.cookie || {} - - // get the session id generate function - var generateId = opts.genid || generateSessionId - - // get the session cookie name - var name = opts.name || opts.key || 'connect.sid' - - // get the session store - var store = opts.store || new MemoryStore() - - // get the trust proxy setting - var trustProxy = opts.proxy - - // get the resave session option - var resaveSession = opts.resave; - - // get the rolling session option - var rollingSessions = Boolean(opts.rolling) - - // get the save uninitialized session option - var saveUninitializedSession = opts.saveUninitialized - - // get the cookie signing secret - var secret = opts.secret - - if (typeof generateId !== 'function') { - throw new TypeError('genid option must be a function'); - } - - if (resaveSession === undefined) { - deprecate('undefined resave option; provide resave option'); - resaveSession = true; - } - - if (saveUninitializedSession === undefined) { - deprecate('undefined saveUninitialized option; provide saveUninitialized option'); - saveUninitializedSession = true; - } - - if (opts.unset && opts.unset !== 'destroy' && opts.unset !== 'keep') { - throw new TypeError('unset option must be "destroy" or "keep"'); - } - - // TODO: switch to "destroy" on next major - var unsetDestroy = opts.unset === 'destroy' - - if (Array.isArray(secret) && secret.length === 0) { - throw new TypeError('secret option array must contain one or more strings'); - } - - if (secret && !Array.isArray(secret)) { - secret = [secret]; - } - - if (!secret) { - deprecate('req.secret; provide secret option'); - } - - // notify user that this store is not - // meant for a production environment - /* istanbul ignore next: not tested */ - if (env === 'production' && store instanceof MemoryStore) { - console.warn(warning); - } - - // generates the new session - store.generate = function(req){ - req.sessionID = generateId(req); - req.session = new Session(req); - req.session.cookie = new Cookie(cookieOptions); - - if (cookieOptions.secure === 'auto') { - req.session.cookie.secure = issecure(req, trustProxy); - } - }; - - var storeImplementsTouch = typeof store.touch === 'function'; - - // register event listeners for the store to track readiness - var storeReady = true - store.on('disconnect', function ondisconnect() { - storeReady = false - }) - store.on('connect', function onconnect() { - storeReady = true - }) - - return function session(req, res, next) { - // self-awareness - if (req.session) { - next() - return - } - - // Handle connection as if there is no session if - // the store has temporarily disconnected etc - if (!storeReady) { - debug('store is disconnected') - next() - return - } - - // pathname mismatch - var originalPath = parseUrl.original(req).pathname || '/' - if (originalPath.indexOf(cookieOptions.path || '/') !== 0) { - debug('pathname mismatch') - next() - return - } - - // ensure a secret is available or bail - if (!secret && !req.secret) { - next(new Error('secret option required for sessions')); - return; - } - - // backwards compatibility for signed cookies - // req.secret is passed from the cookie parser middleware - var secrets = secret || [req.secret]; - - var originalHash; - var originalId; - var savedHash; - var touched = false - - // expose store - req.sessionStore = store; - - // get the session ID from the cookie - var cookieId = req.sessionID = getcookie(req, name, secrets); - - // set-cookie - onHeaders(res, function(){ - if (!req.session) { - debug('no session'); - return; - } - - if (!shouldSetCookie(req)) { - return; - } - - // only send secure cookies via https - if (req.session.cookie.secure && !issecure(req, trustProxy)) { - debug('not secured'); - return; - } - - if (!touched) { - // touch session - req.session.touch() - touched = true - } - - // set cookie - try { - setcookie(res, name, req.sessionID, secrets[0], req.session.cookie.data) - } catch (err) { - defer(next, err) - } - }); - - // proxy end() to commit the session - var _end = res.end; - var _write = res.write; - var ended = false; - res.end = function end(chunk, encoding) { - if (ended) { - return false; - } - - ended = true; - - var ret; - var sync = true; - - function writeend() { - if (sync) { - ret = _end.call(res, chunk, encoding); - sync = false; - return; - } - - _end.call(res); - } - - function writetop() { - if (!sync) { - return ret; - } - - if (!res._header) { - res._implicitHeader() - } - - if (chunk == null) { - ret = true; - return ret; - } - - var contentLength = Number(res.getHeader('Content-Length')); - - if (!isNaN(contentLength) && contentLength > 0) { - // measure chunk - chunk = !Buffer.isBuffer(chunk) - ? Buffer.from(chunk, encoding) - : chunk; - encoding = undefined; - - if (chunk.length !== 0) { - debug('split response'); - ret = _write.call(res, chunk.slice(0, chunk.length - 1)); - chunk = chunk.slice(chunk.length - 1, chunk.length); - return ret; - } - } - - ret = _write.call(res, chunk, encoding); - sync = false; - - return ret; - } - - if (shouldDestroy(req)) { - // destroy session - debug('destroying'); - store.destroy(req.sessionID, function ondestroy(err) { - if (err) { - defer(next, err); - } - - debug('destroyed'); - writeend(); - }); - - return writetop(); - } - - // no session to save - if (!req.session) { - debug('no session'); - return _end.call(res, chunk, encoding); - } - - if (!touched) { - // touch session - req.session.touch() - touched = true - } - - if (shouldSave(req)) { - req.session.save(function onsave(err) { - if (err) { - defer(next, err); - } - - writeend(); - }); - - return writetop(); - } else if (storeImplementsTouch && shouldTouch(req)) { - // store implements touch method - debug('touching'); - store.touch(req.sessionID, req.session, function ontouch(err) { - if (err) { - defer(next, err); - } - - debug('touched'); - writeend(); - }); - - return writetop(); - } - - return _end.call(res, chunk, encoding); - }; - - // generate the session - function generate() { - store.generate(req); - originalId = req.sessionID; - originalHash = hash(req.session); - wrapmethods(req.session); - } - - // inflate the session - function inflate (req, sess) { - store.createSession(req, sess) - originalId = req.sessionID - originalHash = hash(sess) - - if (!resaveSession) { - savedHash = originalHash - } - - wrapmethods(req.session) - } - - function rewrapmethods (sess, callback) { - return function () { - if (req.session !== sess) { - wrapmethods(req.session) - } - - callback.apply(this, arguments) - } - } - - // wrap session methods - function wrapmethods(sess) { - var _reload = sess.reload - var _save = sess.save; - - function reload(callback) { - debug('reloading %s', this.id) - _reload.call(this, rewrapmethods(this, callback)) - } - - function save() { - debug('saving %s', this.id); - savedHash = hash(this); - _save.apply(this, arguments); - } - - Object.defineProperty(sess, 'reload', { - configurable: true, - enumerable: false, - value: reload, - writable: true - }) - - Object.defineProperty(sess, 'save', { - configurable: true, - enumerable: false, - value: save, - writable: true - }); - } - - // check if session has been modified - function isModified(sess) { - return originalId !== sess.id || originalHash !== hash(sess); - } - - // check if session has been saved - function isSaved(sess) { - return originalId === sess.id && savedHash === hash(sess); - } - - // determine if session should be destroyed - function shouldDestroy(req) { - return req.sessionID && unsetDestroy && req.session == null; - } - - // determine if session should be saved to store - function shouldSave(req) { - // cannot set cookie without a session ID - if (typeof req.sessionID !== 'string') { - debug('session ignored because of bogus req.sessionID %o', req.sessionID); - return false; - } - - return !saveUninitializedSession && !savedHash && cookieId !== req.sessionID - ? isModified(req.session) - : !isSaved(req.session) - } - - // determine if session should be touched - function shouldTouch(req) { - // cannot set cookie without a session ID - if (typeof req.sessionID !== 'string') { - debug('session ignored because of bogus req.sessionID %o', req.sessionID); - return false; - } - - return cookieId === req.sessionID && !shouldSave(req); - } - - // determine if cookie should be set on response - function shouldSetCookie(req) { - // cannot set cookie without a session ID - if (typeof req.sessionID !== 'string') { - return false; - } - - return cookieId !== req.sessionID - ? saveUninitializedSession || isModified(req.session) - : rollingSessions || req.session.cookie.expires != null && isModified(req.session); - } - - // generate a session if the browser doesn't send a sessionID - if (!req.sessionID) { - debug('no SID sent, generating session'); - generate(); - next(); - return; - } - - // generate the session object - debug('fetching %s', req.sessionID); - store.get(req.sessionID, function(err, sess){ - // error handling - if (err && err.code !== 'ENOENT') { - debug('error %j', err); - next(err) - return - } - - try { - if (err || !sess) { - debug('no session found') - generate() - } else { - debug('session found') - inflate(req, sess) - } - } catch (e) { - next(e) - return - } - - next() - }); - }; -}; - -/** - * Generate a session ID for a new session. - * - * @return {String} - * @private - */ - -function generateSessionId(sess) { - return uid(24); -} - -/** - * Get the session ID cookie from request. - * - * @return {string} - * @private - */ - -function getcookie(req, name, secrets) { - var header = req.headers.cookie; - var raw; - var val; - - // read from cookie header - if (header) { - var cookies = cookie.parse(header); - - raw = cookies[name]; - - if (raw) { - if (raw.substr(0, 2) === 's:') { - val = unsigncookie(raw.slice(2), secrets); - - if (val === false) { - debug('cookie signature invalid'); - val = undefined; - } - } else { - debug('cookie unsigned') - } - } - } - - // back-compat read from cookieParser() signedCookies data - if (!val && req.signedCookies) { - val = req.signedCookies[name]; - - if (val) { - deprecate('cookie should be available in req.headers.cookie'); - } - } - - // back-compat read from cookieParser() cookies data - if (!val && req.cookies) { - raw = req.cookies[name]; - - if (raw) { - if (raw.substr(0, 2) === 's:') { - val = unsigncookie(raw.slice(2), secrets); - - if (val) { - deprecate('cookie should be available in req.headers.cookie'); - } - - if (val === false) { - debug('cookie signature invalid'); - val = undefined; - } - } else { - debug('cookie unsigned') - } - } - } - - return val; -} - -/** - * Hash the given `sess` object omitting changes to `.cookie`. - * - * @param {Object} sess - * @return {String} - * @private - */ - -function hash(sess) { - // serialize - var str = JSON.stringify(sess, function (key, val) { - // ignore sess.cookie property - if (this === sess && key === 'cookie') { - return - } - - return val - }) - - // hash - return crypto - .createHash('sha1') - .update(str, 'utf8') - .digest('hex') -} - -/** - * Determine if request is secure. - * - * @param {Object} req - * @param {Boolean} [trustProxy] - * @return {Boolean} - * @private - */ - -function issecure(req, trustProxy) { - // socket is https server - if (req.connection && req.connection.encrypted) { - return true; - } - - // do not trust proxy - if (trustProxy === false) { - return false; - } - - // no explicit trust; try req.secure from express - if (trustProxy !== true) { - return req.secure === true - } - - // read the proto from x-forwarded-proto header - var header = req.headers['x-forwarded-proto'] || ''; - var index = header.indexOf(','); - var proto = index !== -1 - ? header.substr(0, index).toLowerCase().trim() - : header.toLowerCase().trim() - - return proto === 'https'; -} - -/** - * Set cookie on response. - * - * @private - */ - -function setcookie(res, name, val, secret, options) { - var signed = 's:' + signature.sign(val, secret); - var data = cookie.serialize(name, signed, options); - - debug('set-cookie %s', data); - - var prev = res.getHeader('Set-Cookie') || [] - var header = Array.isArray(prev) ? prev.concat(data) : [prev, data]; - - res.setHeader('Set-Cookie', header) -} - -/** - * Verify and decode the given `val` with `secrets`. - * - * @param {String} val - * @param {Array} secrets - * @returns {String|Boolean} - * @private - */ -function unsigncookie(val, secrets) { - for (var i = 0; i < secrets.length; i++) { - var result = signature.unsign(val, secrets[i]); - - if (result !== false) { - return result; - } - } - - return false; -} Index: ckend/node_modules/express-session/node_modules/cookie-signature/History.md =================================================================== --- backend/node_modules/express-session/node_modules/cookie-signature/History.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,42 +1,0 @@ -1.0.7 / 2023-04-12 -================== - -* backport the buffer support from the 1.2.x release branch (thanks @FadhiliNjagi!) - -1.0.6 / 2015-02-03 -================== - -* use `npm test` instead of `make test` to run tests -* clearer assertion messages when checking input - -1.0.5 / 2014-09-05 -================== - -* add license to package.json - -1.0.4 / 2014-06-25 -================== - - * corrected avoidance of timing attacks (thanks @tenbits!) - -1.0.3 / 2014-01-28 -================== - - * [incorrect] fix for timing attacks - -1.0.2 / 2014-01-28 -================== - - * fix missing repository warning - * fix typo in test - -1.0.1 / 2013-04-15 -================== - - * Revert "Changed underlying HMAC algo. to sha512." - * Revert "Fix for timing attacks on MAC verification." - -0.0.1 / 2010-01-03 -================== - - * Initial release Index: ckend/node_modules/express-session/node_modules/cookie-signature/Readme.md =================================================================== --- backend/node_modules/express-session/node_modules/cookie-signature/Readme.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,42 +1,0 @@ - -# cookie-signature - - Sign and unsign cookies. - -## Example - -```js -var cookie = require('cookie-signature'); - -var val = cookie.sign('hello', 'tobiiscool'); -val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI'); - -var val = cookie.sign('hello', 'tobiiscool'); -cookie.unsign(val, 'tobiiscool').should.equal('hello'); -cookie.unsign(val, 'luna').should.be.false; -``` - -## License - -(The MIT License) - -Copyright (c) 2012 LearnBoost <tj@learnboost.com> - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Index: ckend/node_modules/express-session/node_modules/cookie-signature/index.js =================================================================== --- backend/node_modules/express-session/node_modules/cookie-signature/index.js (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,51 +1,0 @@ -/** - * Module dependencies. - */ - -var crypto = require('crypto'); - -/** - * Sign the given `val` with `secret`. - * - * @param {String} val - * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret - * @return {String} - * @api private - */ - -exports.sign = function(val, secret){ - if ('string' !== typeof val) throw new TypeError("Cookie value must be provided as a string."); - if (null == secret) throw new TypeError("Secret key must be provided."); - return val + '.' + crypto - .createHmac('sha256', secret) - .update(val) - .digest('base64') - .replace(/\=+$/, ''); -}; - -/** - * Unsign and decode the given `val` with `secret`, - * returning `false` if the signature is invalid. - * - * @param {String} val - * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret - * @return {String|Boolean} - * @api private - */ - -exports.unsign = function(val, secret){ - if ('string' !== typeof val) throw new TypeError("Signed cookie string must be provided."); - if (null == secret) throw new TypeError("Secret key must be provided."); - var str = val.slice(0, val.lastIndexOf('.')) - , mac = exports.sign(str, secret); - - return sha1(mac) == sha1(val) ? str : false; -}; - -/** - * Private - */ - -function sha1(str){ - return crypto.createHash('sha1').update(str).digest('hex'); -} Index: ckend/node_modules/express-session/node_modules/cookie-signature/package.json =================================================================== --- backend/node_modules/express-session/node_modules/cookie-signature/package.json (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,18 +1,0 @@ -{ - "name": "cookie-signature", - "version": "1.0.7", - "description": "Sign and unsign cookies", - "keywords": ["cookie", "sign", "unsign"], - "author": "TJ Holowaychuk ", - "license": "MIT", - "repository": { "type": "git", "url": "https://github.com/visionmedia/node-cookie-signature.git"}, - "dependencies": {}, - "devDependencies": { - "mocha": "*", - "should": "*" - }, - "scripts": { - "test": "mocha --require should --reporter spec" - }, - "main": "index" -} Index: ckend/node_modules/express-session/node_modules/cookie/LICENSE =================================================================== --- backend/node_modules/express-session/node_modules/cookie/LICENSE (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,24 +1,0 @@ -(The MIT License) - -Copyright (c) 2012-2014 Roman Shtylman -Copyright (c) 2015 Douglas Christopher Wilson - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - Index: ckend/node_modules/express-session/node_modules/cookie/README.md =================================================================== --- backend/node_modules/express-session/node_modules/cookie/README.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,317 +1,0 @@ -# cookie - -[![NPM Version][npm-version-image]][npm-url] -[![NPM Downloads][npm-downloads-image]][npm-url] -[![Node.js Version][node-image]][node-url] -[![Build Status][ci-image]][ci-url] -[![Coverage Status][coveralls-image]][coveralls-url] - -Basic HTTP cookie parser and serializer for HTTP servers. - -## Installation - -This is a [Node.js](https://nodejs.org/en/) module available through the -[npm registry](https://www.npmjs.com/). Installation is done using the -[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): - -```sh -$ npm install cookie -``` - -## API - -```js -var cookie = require('cookie'); -``` - -### cookie.parse(str, options) - -Parse an HTTP `Cookie` header string and returning an object of all cookie name-value pairs. -The `str` argument is the string representing a `Cookie` header value and `options` is an -optional object containing additional parsing options. - -```js -var cookies = cookie.parse('foo=bar; equation=E%3Dmc%5E2'); -// { foo: 'bar', equation: 'E=mc^2' } -``` - -#### Options - -`cookie.parse` accepts these properties in the options object. - -##### decode - -Specifies a function that will be used to decode a cookie's value. Since the value of a cookie -has a limited character set (and must be a simple string), this function can be used to decode -a previously-encoded cookie value into a JavaScript string or other object. - -The default function is the global `decodeURIComponent`, which will decode any URL-encoded -sequences into their byte representations. - -**note** if an error is thrown from this function, the original, non-decoded cookie value will -be returned as the cookie's value. - -### cookie.serialize(name, value, options) - -Serialize a cookie name-value pair into a `Set-Cookie` header string. The `name` argument is the -name for the cookie, the `value` argument is the value to set the cookie to, and the `options` -argument is an optional object containing additional serialization options. - -```js -var setCookie = cookie.serialize('foo', 'bar'); -// foo=bar -``` - -#### Options - -`cookie.serialize` accepts these properties in the options object. - -##### domain - -Specifies the value for the [`Domain` `Set-Cookie` attribute][rfc-6265-5.2.3]. By default, no -domain is set, and most clients will consider the cookie to apply to only the current domain. - -##### encode - -Specifies a function that will be used to encode a cookie's value. Since value of a cookie -has a limited character set (and must be a simple string), this function can be used to encode -a value into a string suited for a cookie's value. - -The default function is the global `encodeURIComponent`, which will encode a JavaScript string -into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range. - -##### expires - -Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute][rfc-6265-5.2.1]. -By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and -will delete it on a condition like exiting a web browser application. - -**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and -`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, -so if both are set, they should point to the same date and time. - -##### httpOnly - -Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute][rfc-6265-5.2.6]. When truthy, -the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set. - -**note** be careful when setting this to `true`, as compliant clients will not allow client-side -JavaScript to see the cookie in `document.cookie`. - -##### maxAge - -Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute][rfc-6265-5.2.2]. -The given number will be converted to an integer by rounding down. By default, no maximum age is set. - -**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and -`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, -so if both are set, they should point to the same date and time. - -##### partitioned - -Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies) -attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the -`Partitioned` attribute is not set. - -**note** This is an attribute that has not yet been fully standardized, and may change in the future. -This also means many clients may ignore this attribute until they understand it. - -More information about can be found in [the proposal](https://github.com/privacycg/CHIPS). - -##### path - -Specifies the value for the [`Path` `Set-Cookie` attribute][rfc-6265-5.2.4]. By default, the path -is considered the ["default path"][rfc-6265-5.1.4]. - -##### priority - -Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1]. - - - `'low'` will set the `Priority` attribute to `Low`. - - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set. - - `'high'` will set the `Priority` attribute to `High`. - -More information about the different priority levels can be found in -[the specification][rfc-west-cookie-priority-00-4.1]. - -**note** This is an attribute that has not yet been fully standardized, and may change in the future. -This also means many clients may ignore this attribute until they understand it. - -##### sameSite - -Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][rfc-6265bis-09-5.4.7]. - - - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. - - `false` will not set the `SameSite` attribute. - - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. - - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. - - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. - -More information about the different enforcement levels can be found in -[the specification][rfc-6265bis-09-5.4.7]. - -**note** This is an attribute that has not yet been fully standardized, and may change in the future. -This also means many clients may ignore this attribute until they understand it. - -##### secure - -Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute][rfc-6265-5.2.5]. When truthy, -the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set. - -**note** be careful when setting this to `true`, as compliant clients will not send the cookie back to -the server in the future if the browser does not have an HTTPS connection. - -## Example - -The following example uses this module in conjunction with the Node.js core HTTP server -to prompt a user for their name and display it back on future visits. - -```js -var cookie = require('cookie'); -var escapeHtml = require('escape-html'); -var http = require('http'); -var url = require('url'); - -function onRequest(req, res) { - // Parse the query string - var query = url.parse(req.url, true, true).query; - - if (query && query.name) { - // Set a new cookie with the name - res.setHeader('Set-Cookie', cookie.serialize('name', String(query.name), { - httpOnly: true, - maxAge: 60 * 60 * 24 * 7 // 1 week - })); - - // Redirect back after setting cookie - res.statusCode = 302; - res.setHeader('Location', req.headers.referer || '/'); - res.end(); - return; - } - - // Parse the cookies on the request - var cookies = cookie.parse(req.headers.cookie || ''); - - // Get the visitor name set in the cookie - var name = cookies.name; - - res.setHeader('Content-Type', 'text/html; charset=UTF-8'); - - if (name) { - res.write('

Welcome back, ' + escapeHtml(name) + '!

'); - } else { - res.write('

Hello, new visitor!

'); - } - - res.write('
'); - res.write(' '); - res.end('
'); -} - -http.createServer(onRequest).listen(3000); -``` - -## Testing - -```sh -$ npm test -``` - -## Benchmark - -``` -$ npm run bench - -> cookie@0.5.0 bench -> node benchmark/index.js - - node@18.18.2 - acorn@8.10.0 - ada@2.6.0 - ares@1.19.1 - brotli@1.0.9 - cldr@43.1 - icu@73.2 - llhttp@6.0.11 - modules@108 - napi@9 - nghttp2@1.57.0 - nghttp3@0.7.0 - ngtcp2@0.8.1 - openssl@3.0.10+quic - simdutf@3.2.14 - tz@2023c - undici@5.26.3 - unicode@15.0 - uv@1.44.2 - uvwasi@0.0.18 - v8@10.2.154.26-node.26 - zlib@1.2.13.1-motley - -> node benchmark/parse-top.js - - cookie.parse - top sites - - 14 tests completed. - - parse accounts.google.com x 2,588,913 ops/sec ±0.74% (186 runs sampled) - parse apple.com x 2,370,002 ops/sec ±0.69% (186 runs sampled) - parse cloudflare.com x 2,213,102 ops/sec ±0.88% (188 runs sampled) - parse docs.google.com x 2,194,157 ops/sec ±1.03% (184 runs sampled) - parse drive.google.com x 2,265,084 ops/sec ±0.79% (187 runs sampled) - parse en.wikipedia.org x 457,099 ops/sec ±0.81% (186 runs sampled) - parse linkedin.com x 504,407 ops/sec ±0.89% (186 runs sampled) - parse maps.google.com x 1,230,959 ops/sec ±0.98% (186 runs sampled) - parse microsoft.com x 926,294 ops/sec ±0.88% (184 runs sampled) - parse play.google.com x 2,311,338 ops/sec ±0.83% (185 runs sampled) - parse support.google.com x 1,508,850 ops/sec ±0.86% (186 runs sampled) - parse www.google.com x 1,022,582 ops/sec ±1.32% (182 runs sampled) - parse youtu.be x 332,136 ops/sec ±1.02% (185 runs sampled) - parse youtube.com x 323,833 ops/sec ±0.77% (183 runs sampled) - -> node benchmark/parse.js - - cookie.parse - generic - - 6 tests completed. - - simple x 3,214,032 ops/sec ±1.61% (183 runs sampled) - decode x 587,237 ops/sec ±1.16% (187 runs sampled) - unquote x 2,954,618 ops/sec ±1.35% (183 runs sampled) - duplicates x 857,008 ops/sec ±0.89% (187 runs sampled) - 10 cookies x 292,133 ops/sec ±0.89% (187 runs sampled) - 100 cookies x 22,610 ops/sec ±0.68% (187 runs sampled) -``` - -## References - -- [RFC 6265: HTTP State Management Mechanism][rfc-6265] -- [Same-site Cookies][rfc-6265bis-09-5.4.7] - -[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/ -[rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1 -[rfc-6265bis-09-5.4.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7 -[rfc-6265]: https://tools.ietf.org/html/rfc6265 -[rfc-6265-5.1.4]: https://tools.ietf.org/html/rfc6265#section-5.1.4 -[rfc-6265-5.2.1]: https://tools.ietf.org/html/rfc6265#section-5.2.1 -[rfc-6265-5.2.2]: https://tools.ietf.org/html/rfc6265#section-5.2.2 -[rfc-6265-5.2.3]: https://tools.ietf.org/html/rfc6265#section-5.2.3 -[rfc-6265-5.2.4]: https://tools.ietf.org/html/rfc6265#section-5.2.4 -[rfc-6265-5.2.5]: https://tools.ietf.org/html/rfc6265#section-5.2.5 -[rfc-6265-5.2.6]: https://tools.ietf.org/html/rfc6265#section-5.2.6 -[rfc-6265-5.3]: https://tools.ietf.org/html/rfc6265#section-5.3 - -## License - -[MIT](LICENSE) - -[ci-image]: https://badgen.net/github/checks/jshttp/cookie/master?label=ci -[ci-url]: https://github.com/jshttp/cookie/actions/workflows/ci.yml -[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/cookie/master -[coveralls-url]: https://coveralls.io/r/jshttp/cookie?branch=master -[node-image]: https://badgen.net/npm/node/cookie -[node-url]: https://nodejs.org/en/download -[npm-downloads-image]: https://badgen.net/npm/dm/cookie -[npm-url]: https://npmjs.org/package/cookie -[npm-version-image]: https://badgen.net/npm/v/cookie Index: ckend/node_modules/express-session/node_modules/cookie/SECURITY.md =================================================================== --- backend/node_modules/express-session/node_modules/cookie/SECURITY.md (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,25 +1,0 @@ -# Security Policies and Procedures - -## Reporting a Bug - -The `cookie` team and community take all security bugs seriously. Thank -you for improving the security of the project. We appreciate your efforts and -responsible disclosure and will make every effort to acknowledge your -contributions. - -Report security bugs by emailing the current owner(s) of `cookie`. This -information can be found in the npm registry using the command -`npm owner ls cookie`. -If unsure or unable to get the information from the above, open an issue -in the [project issue tracker](https://github.com/jshttp/cookie/issues) -asking for the current contact information. - -To ensure the timely response to your report, please ensure that the entirety -of the report is contained within the email body and not solely behind a web -link or an attachment. - -At least one owner will acknowledge your email within 48 hours, and will send a -more detailed response within 48 hours indicating the next steps in handling -your report. After the initial reply to your report, the owners will -endeavor to keep you informed of the progress towards a fix and full -announcement, and may ask for additional information or guidance. Index: ckend/node_modules/express-session/node_modules/cookie/index.js =================================================================== --- backend/node_modules/express-session/node_modules/cookie/index.js (revision 0f382c8a9e6f71eee97148bfdf563ae1f70860f7) +++ (revision ) @@ -1,335 +1,0 @@ -/*! - * cookie - * Copyright(c) 2012-2014 Roman Shtylman - * Copyright(c) 2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module exports. - * @public - */ - -exports.parse = parse; -exports.serialize = serialize; - -/** - * Module variables. - * @private - */ - -var __toString = Object.prototype.toString -var __hasOwnProperty = Object.prototype.hasOwnProperty - -/** - * RegExp to match cookie-name in RFC 6265 sec 4.1.1 - * This refers out to the obsoleted definition of token in RFC 2616 sec 2.2 - * which has been replaced by the token definition in RFC 7230 appendix B. - * - * cookie-name = token - * token = 1*tchar - * tchar = "!" / "#" / "$" / "%" / "&" / "'" / - * "*" / "+" / "-" / "." / "^" / "_" / - * "`" / "|" / "~" / DIGIT / ALPHA - */ - -var cookieNameRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/; - -/** - * RegExp to match cookie-value in RFC 6265 sec 4.1.1 - * - * cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) - * cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E - * ; US-ASCII characters excluding CTLs, - * ; whitespace DQUOTE, comma, semicolon, - * ; and backslash - */ - -var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/; - -/** - * RegExp to match domain-value in RFC 6265 sec 4.1.1 - * - * domain-value = - * ; defined in [RFC1034], Section 3.5, as - * ; enhanced by [RFC1123], Section 2.1 - * =