mirror of
https://github.com/freeCodeCamp/freeCodeCamp.git
synced 2026-05-28 18:26:54 +00:00
chore(api): remove unused session handling (#55240)
This commit is contained in:
Oliver Eyton-Williams
committed by
GitHub
GitHub
parent
3557bdfee0
commit
4c412bff9a
+1
-3
@@ -8,7 +8,6 @@
|
||||
"@fastify/cookie": "9.3.1",
|
||||
"@fastify/csrf-protection": "6.4.1",
|
||||
"@fastify/express": "^2.3.0",
|
||||
"@fastify/session": "10.7.0",
|
||||
"@fastify/swagger": "8.14.0",
|
||||
"@fastify/swagger-ui": "1.10.2",
|
||||
"@fastify/type-provider-typebox": "3.6.0",
|
||||
@@ -16,7 +15,6 @@
|
||||
"@prisma/client": "5.5.2",
|
||||
"ajv": "8.12.0",
|
||||
"ajv-formats": "2.1.1",
|
||||
"connect-mongo": "4.6.0",
|
||||
"date-fns": "2.30.0",
|
||||
"dotenv": "16.4.5",
|
||||
"express-rate-limit": "^6.7.0",
|
||||
@@ -40,7 +38,7 @@
|
||||
"description": "The freeCodeCamp.org open-source codebase and curriculum",
|
||||
"devDependencies": {
|
||||
"@total-typescript/ts-reset": "0.5.1",
|
||||
"@types/express-session": "1.17.10",
|
||||
"@types/express": "4.17.21",
|
||||
"@types/jsonwebtoken": "9.0.5",
|
||||
"@types/nodemailer": "6.4.14",
|
||||
"@types/supertest": "2.0.16",
|
||||
|
||||
+2
-33
@@ -1,13 +1,11 @@
|
||||
import fastifyCsrfProtection from '@fastify/csrf-protection';
|
||||
import express from '@fastify/express';
|
||||
import fastifySession from '@fastify/session';
|
||||
import fastifySwagger from '@fastify/swagger';
|
||||
import fastifySwaggerUI from '@fastify/swagger-ui';
|
||||
import type { TypeBoxTypeProvider } from '@fastify/type-provider-typebox';
|
||||
import fastifySentry from '@immobiliarelabs/fastify-sentry';
|
||||
import Ajv from 'ajv';
|
||||
import addFormats from 'ajv-formats';
|
||||
import MongoStore from 'connect-mongo';
|
||||
import uriResolver from 'fast-uri';
|
||||
import Fastify, {
|
||||
FastifyBaseLogger,
|
||||
@@ -26,7 +24,6 @@ import { SESProvider } from './plugins/mail-providers/ses';
|
||||
import mailer from './plugins/mailer';
|
||||
import redirectWithMessage from './plugins/redirect-with-message';
|
||||
import security from './plugins/security';
|
||||
import sessionAuth from './plugins/session-auth';
|
||||
import codeFlowAuth from './plugins/code-flow-auth';
|
||||
import { mobileAuth0Routes } from './routes/auth';
|
||||
import { devAuthRoutes } from './routes/auth-dev';
|
||||
@@ -49,9 +46,7 @@ import {
|
||||
FCC_ENABLE_DEV_LOGIN_MODE,
|
||||
FCC_ENABLE_SWAGGER_UI,
|
||||
FREECODECAMP_NODE_ENV,
|
||||
MONGOHQ_URL,
|
||||
SENTRY_DSN,
|
||||
SESSION_SECRET
|
||||
SENTRY_DSN
|
||||
} from './utils/env';
|
||||
import { isObjectID } from './utils/validation';
|
||||
|
||||
@@ -153,21 +148,6 @@ export const build = async (
|
||||
done();
|
||||
});
|
||||
|
||||
// @ts-expect-error - @fastify/session's types are not, yet, compatible with
|
||||
// express-session's types
|
||||
await fastify.register(fastifySession, {
|
||||
secret: SESSION_SECRET,
|
||||
rolling: false,
|
||||
saveUninitialized: false,
|
||||
cookie: {
|
||||
maxAge: 1000 * 60 * 60, // 1 hour
|
||||
secure: FREECODECAMP_NODE_ENV !== 'development'
|
||||
},
|
||||
store: MongoStore.create({
|
||||
mongoUrl: MONGOHQ_URL
|
||||
})
|
||||
});
|
||||
|
||||
const provider =
|
||||
EMAIL_PROVIDER === 'ses' ? new SESProvider() : new NodemailerProvider();
|
||||
void fastify.register(mailer, { provider });
|
||||
@@ -179,17 +159,7 @@ export const build = async (
|
||||
info: {
|
||||
title: 'freeCodeCamp API',
|
||||
version: '1.0.0' // API version
|
||||
},
|
||||
components: {
|
||||
securitySchemes: {
|
||||
session: {
|
||||
type: 'apiKey',
|
||||
name: 'sessionId',
|
||||
in: 'cookie'
|
||||
}
|
||||
}
|
||||
},
|
||||
security: [{ session: [] }]
|
||||
}
|
||||
}
|
||||
});
|
||||
void fastify.register(fastifySwaggerUI, {
|
||||
@@ -210,7 +180,6 @@ export const build = async (
|
||||
fastify.log.info(`Swagger UI available at ${API_LOCATION}/documentation`);
|
||||
}
|
||||
|
||||
void fastify.register(sessionAuth);
|
||||
void fastify.register(codeFlowAuth);
|
||||
void fastify.register(prismaPlugin);
|
||||
void fastify.register(mobileAuth0Routes);
|
||||
|
||||
@@ -1,25 +0,0 @@
|
||||
import { FastifyPluginCallback, onRequestHookHandler } from 'fastify';
|
||||
import fp from 'fastify-plugin';
|
||||
|
||||
const sessionAuth: FastifyPluginCallback = (fastify, _opts, done) => {
|
||||
const authenticateSession: onRequestHookHandler = (req, res, done) => {
|
||||
if (!req.session.user) {
|
||||
res.statusCode = 401;
|
||||
void res.send({ msg: 'Unauthorized' });
|
||||
} else {
|
||||
done();
|
||||
}
|
||||
};
|
||||
|
||||
fastify.decorate('authenticateSession', authenticateSession);
|
||||
|
||||
done();
|
||||
};
|
||||
|
||||
declare module 'fastify' {
|
||||
interface FastifyInstance {
|
||||
authenticateSession: onRequestHookHandler;
|
||||
}
|
||||
}
|
||||
|
||||
export default fp(sessionAuth);
|
||||
+1
-11
@@ -7,14 +7,6 @@ import MongoStoreRL from 'rate-limit-mongo';
|
||||
import { AUTH0_DOMAIN, MONGOHQ_URL } from '../utils/env';
|
||||
import { findOrCreateUser } from './helpers/auth-helpers';
|
||||
|
||||
declare module 'fastify' {
|
||||
interface Session {
|
||||
user: {
|
||||
id: string;
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
const getEmailFromAuth0 = async (req: FastifyRequest) => {
|
||||
const auth0Res = await fetch(`https://${AUTH0_DOMAIN}/userinfo`, {
|
||||
headers: {
|
||||
@@ -66,9 +58,7 @@ export const mobileAuth0Routes: FastifyPluginCallback = (
|
||||
fastify.get('/mobile-login', async req => {
|
||||
const email = await getEmailFromAuth0(req);
|
||||
|
||||
const { id } = await findOrCreateUser(fastify, email);
|
||||
req.session.user = { id };
|
||||
await req.session.save();
|
||||
await findOrCreateUser(fastify, email);
|
||||
});
|
||||
|
||||
done();
|
||||
|
||||
@@ -119,7 +119,6 @@ export const userRoutes: FastifyPluginCallbackTypebox = (
|
||||
await fastify.prisma.user.delete({
|
||||
where: { id: req.user!.id }
|
||||
});
|
||||
await req.session.destroy();
|
||||
void reply.clearCookie('sessionId');
|
||||
|
||||
return {};
|
||||
|
||||
@@ -48,7 +48,6 @@ assert.ok(isAllowedProvider(process.env.EMAIL_PROVIDER));
|
||||
assert.ok(process.env.AUTH0_DOMAIN);
|
||||
assert.ok(process.env.AUTH0_AUDIENCE);
|
||||
assert.ok(process.env.API_LOCATION);
|
||||
assert.ok(process.env.SESSION_SECRET);
|
||||
assert.ok(process.env.FCC_ENABLE_SWAGGER_UI);
|
||||
assert.ok(process.env.FCC_ENABLE_DEV_LOGIN_MODE);
|
||||
assert.ok(process.env.JWT_SECRET);
|
||||
@@ -82,11 +81,6 @@ if (process.env.FREECODECAMP_NODE_ENV !== 'development') {
|
||||
'a_jwt_secret',
|
||||
'The JWT secret should be changed from the default value.'
|
||||
);
|
||||
assert.notEqual(
|
||||
process.env.SESSION_SECRET,
|
||||
'a_thirty_two_plus_character_session_secret',
|
||||
'The session secret should be changed from the default value.'
|
||||
);
|
||||
assert.ok(
|
||||
process.env.FCC_ENABLE_DEV_LOGIN_MODE !== 'true',
|
||||
'Dev login mode MUST be disabled in production.'
|
||||
@@ -118,7 +112,6 @@ export const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN;
|
||||
export const AUTH0_AUDIENCE = process.env.AUTH0_AUDIENCE;
|
||||
export const PORT = process.env.PORT || '3000';
|
||||
export const API_LOCATION = process.env.API_LOCATION;
|
||||
export const SESSION_SECRET = process.env.SESSION_SECRET;
|
||||
export const FCC_ENABLE_SWAGGER_UI =
|
||||
process.env.FCC_ENABLE_SWAGGER_UI === 'true';
|
||||
export const FCC_ENABLE_DEV_LOGIN_MODE =
|
||||
|
||||
Reference in New Issue
Block a user