Register, Login, and Logout

index.js

@@ -4,6 +4,12 @@ const app = express();
 const exphbs = require ('express-handlebars');
 const { SetupEnvironment } = require('./environ');
 const SetupRouter = require('./router');
+const bodyParser = require("body-parser");
+const sessionMw = require('./session');
+const csrf = require("./csrf");
+
+// Setup the environment
+SetupEnvironment();
 
 // Database
 const database = require('./database');
@@ -22,9 +28,6 @@ const { HBSHelpers } = require('./helpers');
 // Security
 const helmet = require('helmet');
 
-// First things first, setup the environment
-SetupEnvironment();
-
 // Get what we need for starting the server
 const serverPort = process.env.SRV_PORT;
 
@@ -32,21 +35,25 @@ const serverPort = process.env.SRV_PORT;
 const db = database.db;
 const sessionStore = new SequelizeStore({
     db: db,
-    table: 'Session'
+    tableName: 'Session'
 })
 
+// Body parsing
+app.use(bodyParser.urlencoded({ extended: true }));
+app.use(bodyParser.json());
+
 // Helmet setup
 app.use(
     helmet.contentSecurityPolicy({
-        directives: {
+        directives: (req, res) => ({
             defaultSrc: ["'self'"],
-            scriptSrc: ["'self'"],
+            scriptSrc: ["'strict-dynamic'", `'nonce-${res.locals.nonce}'`],
             objectSrc: ["'none'"],
             styleSrc: ["'self'", "'unsafe-inline'"],
             imgSrc: ["'self'", 'data:', '*'],
             mediaSrc: ["'self'", 'data:', '*'],
             connectSrc: ["'self'", 'data:', '*']
-        }
+        }),
     })
 );
 
@@ -76,14 +83,21 @@ app.use(session({
     store: sessionStore,
     cookie: {
         httpOnly: true,
-        secure: process.env.NODE_ENV === 'prod',
-        sameSite: 'strict'
+        secure: false,
+        sameSite: 'lax',
+        path: '/'
     },
 }));
 
 // Setup Assets
 app.use(express.static('assets'));
 
+// Session middlware
+app.use(sessionMw.PersistSession);
+
+// CSRF protection
+app.use(csrf.csrfSynchronisedProtection);
+
 // Setup Router
 SetupRouter(app);