[SERVER] Refactor Middlewares (#39)

* Move redis to session middleware.
 * Rename appSession export to session.
 * Use Client's URL instead of port in cors.

server/.env.example

@@ -1,5 +1,6 @@
 PORT=
-CLIENT_PORT=
+CLIENT_URL=
+SESSION_SECRET=
 DB_NAME=
 DB_USER=
 DB_PASS=

server/src/middlewares/cors.ts

@@ -1,6 +1,6 @@
 import corsInit from "cors";
 
 export const cors = corsInit({
-  origin: `http://localhost:${process.env.CLIENT_PORT}`,
+  origin: process.env.CLIENT_URL,
   credentials: true,
 });

server/src/middlewares/session.ts

@@ -1,21 +1,26 @@
-import { redisClient, RedisStore } from "./redis";
+import connectRedis from "connect-redis";
+import sessionInit from "express-session";
+import redis from "redis";
 
-import session from "express-session";
+import { IS_PROD, SESSION_COOKIE_NAME } from "../utils/constants";
 
-export const appSession = session({
-  name: "qid",
+export const RedisStore = connectRedis(sessionInit);
+export const redisClient = redis.createClient();
+
+export const session = sessionInit({
+  name: SESSION_COOKIE_NAME,
   store: new RedisStore({
     client: redisClient,
     disableTouch: true,
     disableTTL: true,
   }),
-  saveUninitialized: false,
   cookie: {
     maxAge: 1000 * 60 * 60 * 24 * 365 * 10,
     httpOnly: true,
-    secure: process.env.NODE_ENV === "production",
+    secure: IS_PROD,
     sameSite: "lax",
   },
-  secret: "keyboard cat",
+  saveUninitialized: false,
+  secret: process.env.SESSION_SECRET as string,
   resave: false,
 });

server/src/resolvers/user.ts

@@ -8,6 +8,7 @@ import { UserInput } from "../types/inputs/UserInput";
 import { UserResponse } from "../types/responses/UserResponse";
 import { UserRole } from "../types/UserRole";
 import { mapToFieldError } from "../utils/mapToFieldError";
+import { SESSION_COOKIE_NAME } from "../utils/constants";
 
 @Resolver()
 export class UserResolver {
@@ -68,7 +69,7 @@ export class UserResolver {
   logout(@Ctx() { req, res }: AppContext): Promise<boolean> {
     return new Promise((resolve) =>
       req.session!.destroy((err) => {
-        res.clearCookie("qid");
+        res.clearCookie(SESSION_COOKIE_NAME);
         if (err) {
           resolve(false);
           return;

server/src/server.ts

@@ -9,9 +9,10 @@ import { createConnection } from "typeorm";
 
 import { authChecker } from "./middlewares/authChecker";
 import { cors } from "./middlewares/cors";
-import { appSession } from "./middlewares/session";
+import { session } from "./middlewares/session";
 import { AppContext } from "./types";
 import { registerTypes } from "./utils/registerTypes";
+import { IS_PROD } from "./utils/constants";
 
 const main = async () => {
   await createConnection({
@@ -20,15 +21,15 @@ const main = async () => {
     username: process.env.DB_USER,
     password: process.env.DB_PASS,
     host: process.env.DB_HOST,
-    logging: true,
-    debug: true,
+    logging: !IS_PROD,
+    debug: !IS_PROD,
     entities: [path.join(__dirname, "./entities/*.[jt]s")],
   });
 
   const app = express();
 
   app.use(cors);
-  app.use(appSession);
+  app.use(session);
 
   registerTypes();
 
@@ -43,8 +44,9 @@ const main = async () => {
 
   server.applyMiddleware({ app, cors: false });
 
-  app.listen(process.env.PORT, () => {
-    const url = `http://localhost:${process.env.PORT}`;
+  const port = process.env.PORT;
+  app.listen(port, () => {
+    const url = `http://localhost:${port}`;
     console.log(`server started on ${url}`);
     console.log(`playground ready on ${url}${server.graphqlPath}`);
   });

server/src/utils/constants.ts

@@ -0,0 +1,2 @@
+export const IS_PROD = process.env.NODE_ENV === "production";
+export const SESSION_COOKIE_NAME = "session";