i am using connect-mongo for storing sessions in the database and locals for sending flash to the frontend, but this is causing an error with connect-flash: sometimes when i flash a message in the backend the popup won't show up.
// sessions
const session = require('express-session');
var MongoDBStore = require('connect-mongo');
var store = MongoDBStore.create({
mongoUrl: MONGO_URI,
ttl: 7 * 24 * 60 * 60,
touchAfter: 24 * 60 * 60,
});
store.on('error', function(error) {
console.log(error);
});
const sessionConfig = {
store: store,
name: "sid",
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: {
httpOnly: true,
expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
maxAge: 1000 * 60 * 60 * 24 * 7,
},
};
app.use(session(sessionConfig))
when i remove store: store; the code works fine
Related
I'm using Express Session along with Mongo Store. My session is configured so that it stores it's sessions in a Mongo Database. When I visit the app, a new session is being created. I want it so that a session is created ONLY when a user signs up and a session is resumed when the user logs in. I also want to remove a session after 24 days.
This is my configuration code: (I put an actually mongo url when I was testing)
app.use(session({
secret: "secretakey",
resave: false,
saveUninitialized: true,
store: MongoStore.create({ mongoUrl: "mongourlwenthereintesting", autoRemove: "native", touchAfter: 24 * 24 * 3600 }),
cookie: { secure: false, maxAge: 1000 * 60 * 60 * 24 * 20 },
rolling: true
}));
i have tried using express-mysql-session
const MySQLStore = require('express-mysql-session')(session);
app.use(cookieParser())
const sessionStore = new MySQLStore(db);
const sessionConfig = {
name: 'session',
// store: sessionStore,
secret: '25658595',
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: true,
expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
maxAge: 1000 * 60 * 60 * 24 * 7
},
};
const mysql = require('mysql');
require('dotenv').config();
const connection = mysql.createConnection({
socketPath:'',
host: '',
user: '',
password: '',
database: '',
multipleStatements: true
})
connection.connect((err) => {
if (err) throw err;
console.log('Database Connected')
})
module.exports = connection;
When i able session store property the server respond with an error 502 and when i disable session store property all things work fine
Warning: connect.session() MemoryStore is not
designed for a production environment, as it will leak
memory, and will not scale past a single process.
on port 8081
Because of this message i have used express-mysql-session
Is there a way by which I can store user cookies (jwt) in my mongodb database with express-rate-limit and rate-limit-mongo packages?
Code that I am currently using :
var limiter = new RateLimit({
store: new MongoStore({
uri: process.env.MONGO_URI,
expireTimeMs: 60 * 1000 * 60,
}),
max: 150,
windowMs: 10 * 60 * 1000,
message: "Too many requests in a short duration, IP Banned for an hour.",
});
I want to know the jwt cookie (if it exists) associated with the request too somehow so that I can know who the culprit was.
Basically, how can I access the request object and store it in the rate limiting database
I was able to do this with the onLimitReached function available in express-rate-limit like so:
var queslimiter = new RateLimit({
store: new MongoStore({
uri: process.env.MONGO_URI,
expireTimeMs: 60 * 1000 * 60,
collectionName: "ansForce",
}),
max: 30,
message: "Too many requests in a short duration, IP Banned for an hour.",
onLimitReached: async function (req, res) {
try {
const blacklist = new Blacklist({
team: req.cookies.team,
});
try {
const bad = await blacklist.save();
} catch (e) {
console.log(e);
}
} catch (e) {}
},
});
I am currently having an issue when uploading files bigger then 10mb. I am uploading them to an s3 bucket.
I have tried to set the limit within the skipper that gets built in the middleware with the bodyparser.
order: [
'cookieParser',
'session',
'myRequestLogger',
'bodyParser',
'compress',
'poweredBy',
'router',
'www',
'favicon',
],
myRequestLogger: function (req, res, next) {
sails.log("Requested :: ", req.method, req.url);
return next();
},
/***************************************************************************
* *
* The body parser that will handle incoming multipart HTTP requests. *
* *
* https://sailsjs.com/config/http#?customizing-the-body-parser *
* *
***************************************************************************/
bodyParser: (function _configureBodyParser() {
var skipper = require('skipper');
var middlewareFn = skipper({
strict: true,
limit: '50mb'
});
return middlewareFn;
})(),
This doesn't seem to be using the limit property being set at all.
Any advice on this would help.
I'm not entirely sure where you found the limit option for Skipper, but limiting the file size of an upload is kinda documented between skipper-s3 the skipper.
Specifying the maxBytes option when receiving the upload in your action/controller should work.
If you're going to be uploading files to multiple actions/controllers then I'd keep the max file size somewhere like sails.config.custom.maxUploadFilesize so there's a single place to configure it - couldn't find any global Skipper options but I could have missed it.
const MAX_UPLOAD_BYTES = 10 * 1024 * 1024;
req.file('avatar')
.upload({
// Required
adapter: require('skipper-s3'),
key: 'thekyehthethaeiaghadkthtekey',
secret: 'AB2g1939eaGAdesoccertournament',
bucket: 'my_stuff',
maxBytes: MAX_UPLOAD_BYTES
}, function whenDone(err, uploadedFiles) {
if (err) {
return res.serverError(err);
}
return res.ok({
files: uploadedFiles,
textParams: req.params.all()
});
});
I have the following code to set up a session store with connect-mong
var express = require('express');
var MongoStore = require('connect-mongo')(express);
var app = express();
app.use(express.cookieParser());
app.use(express.session({
secret: '1234567890QWERTY',
maxAge: new Date(Date.now() + 3600000),
store: new MongoStore({
db: 'mydb',
host: '127.0.0.1'
}),
cookie: { maxAge: 24 * 60 * 60 * 1000 }
}));
In the requests and responses from the server I can see the sessionIDs, but the database is not created or if I create it the session collection does not gets filled. I do not receive any errors on the console.
I cannot find what am I missing ( using express 3).
It happens because nobody connected yet to your express server. So there's no session to store.
Add
app.listen(3000, function() {
console.log('now listening on http://localhost:3000/');
});
At the end and connect to the server in your browser. Immediately you will get sessions collections in your Mongo db.
I had multiple use of the session and cookieParser. This caused the problem.