Add SQLite session store and configure session middleware

docker-compose.yml

@@ -13,6 +13,8 @@ services:
       - DEBUG=app
       - AUTH_USERNAME=fredrik
       - AUTH_PASSWORD=apa
+      - SESSION_SECRET=superheimlich # Add your session secret key
+      - NODE_ENV=production # Ensure the environment is set to production
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:3044"]
       interval: 5m

package.json

@@ -12,6 +12,7 @@
   "dependencies": {
     "basic-auth": "^2.0.1",
     "body-parser": "^1.20.3",
+    "connect-sqlite3": "^0.9.15",
     "cookie-parser": "^1.4.7",
     "debug": "^4.4.0",
     "dotenv": "^16.4.7",

server.js

@@ -3,6 +3,7 @@ const express = require('express');
 const bodyParser = require('body-parser');
 const session = require('express-session');
 const cookieParser = require('cookie-parser');
+const SQLiteStore = require('connect-sqlite3')(session);
 const debug = require('debug')('app');
 const tasksRouter = require('./routes/tasks');
 const authRouter = require('./routes/auth');
@@ -15,12 +16,21 @@ app.use(bodyParser.json());
 app.use(cookieParser());
 app.use(express.static('public'));
 
-// Configure session middleware
+// Configure session middleware with SQLite store
 app.use(session({
     secret: process.env.SESSION_SECRET || 'default_secret', // Use a strong secret in production
     resave: false,
     saveUninitialized: false,
-    cookie: { secure: false, maxAge: 30 * 24 * 60 * 60 * 1000 } // 1 month
+    store: new SQLiteStore({
+        db: 'sessions.sqlite',
+        dir: '/data',
+        ttl: 30 * 24 * 60 * 60 // 1 month
+    }),
+    cookie: {
+        //secure: process.env.NODE_ENV === 'production', // Ensure cookies are only sent over HTTPS in production
+        secure: false,
+        maxAge: 30 * 24 * 60 * 60 * 1000 // 1 month
+    }
 }));
 
 app.use('/', authRouter);