Created
June 13, 2020 19:43
-
-
Save chrdek/3d71a5fe98c9f302ca6f42aa1bc78090 to your computer and use it in GitHub Desktop.
Login server with secure cookie handling via https
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var https = require('https'); | |
| var fs = require('fs'); | |
| var auth = require('basic-auth'); | |
| var cookie = require('cookie'); | |
| var signed = require('cookie-signature'); | |
| const express = require('express'); | |
| const routing = express(); | |
| const error = '<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title><head><body><pre>Cannot load page: [GET]</pre></body></html>'; | |
| const initialpage = '<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Data Loaded</title><head><body><hr/><i>User Data Loaded</i><hr/></body></html>'; | |
| routing.get('/', (req,res) => res.status(200).end(error)); | |
| routing.get('/loginOK', (req,res) => res.status(200).end(initialpage)); | |
| routing.get('/loginconfig', (req, res) => { | |
| console.log("Retrieved headers:"+JSON.stringify(req.headers)); | |
| var auth_pair = auth(req) || {"error":"No info"}; //error on undefined.. | |
| if (auth_pair.error) {res.status(400).end(`Login failed, invalid request - ${auth_pair.error} sent.`);} | |
| if (auth_pair.name && auth_pair.pass) { | |
| if (typeof req.headers.cookie == 'undefined') { | |
| // sign & set cookie info per session. | |
| var securetoken = "default921p4ss"; | |
| var signedcookie = signed.sign(auth_pair.name, securetoken); | |
| res.setHeader("Set-Cookie", cookie.serialize(auth_pair.name, signedcookie.split('.')[1]), { | |
| secure: true, | |
| sameSite: 'lax', | |
| maxAge: (3600) * 24 * 7 | |
| }); | |
| res.setHeader('Location', req.headers.referer || '/loginOK'); | |
| return res.status(302).end(); | |
| } // set cookie info. | |
| else { | |
| // Reload response with cookie details. | |
| let cookieInfo = cookie.parse(req.headers.cookie || ''); | |
| var loginname = cookieInfo.name; | |
| let setStatus = (typeof loginname != 'undefined') ? 200 | |
| : 400; | |
| if (loginname) { | |
| return res.status(setStatus).end(`Logged in user: ${auth_pair.name} with pass ${auth_pair.pass}`); | |
| } else { | |
| return res.status(setStatus).end(error); | |
| } | |
| } // handle response with cookie.. | |
| } | |
| }); | |
| var options = { | |
| key: fs.readFileSync('./server_key.pem'), | |
| cert: fs.readFileSync('./server_certificate.pem') | |
| }; | |
| https.createServer(options,routing).listen(443); | |
| console.log("Secure HTTP server running at https://localhost:443/"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment