Did a lot. Tested SSE & started on socket.io, should prob kill s.io replace w/ ws

2021-11-26 20:05:42 +01:00
parent 2f88516326
commit b8a61d1a0e
25 changed files with 1200 additions and 47 deletions
--- a/api/middleware/addIdToRequest.js
+++ b/api/middleware/addIdToRequest.js
@@ -0,0 +1,23 @@
+const crypto = require("crypto");
+const httpContext = require("express-http-context");
+
+const addIdToRequest = (req, res, next) => {
+  try {
+    crypto.randomBytes(16, (err, buf) => {
+      if (err) {
+        // log err
+        id = null;
+      }
+      id = buf.toString("hex");
+
+      httpContext.set("sessionId", id);
+      next();
+    });
+  } catch (err) {
+    // log err
+    httpContext.set("sessionId", null);
+    next();
+  }
+};
+
+module.exports = addIdToRequest;
--- a/api/middleware/setupHeaders.js
+++ b/api/middleware/setupHeaders.js
@@ -12,7 +12,7 @@ const setupHeaders = (req, res, next) => {
  res.set("Access-Control-Allow-Headers", "Content-Type")

  // Security
-  res.set("X-Content-Type-Options", "nosniff");
+  // res.set("X-Content-Type-Options", "nosniff");
  res.set("X-XSS-Protection", "1; mode=block");
  res.set("X-Frame-Options", "SAMEORIGIN");
  res.set("X-DNS-Prefetch-Control", "off");