From f2d23ff87842916d6174522c51786ce266cac375 Mon Sep 17 00:00:00 2001
From: Youssef Raafat <youssefraafatnasry@gmail.com>
Date: Mon, 28 Sep 2020 02:40:44 +0200
Subject: [PATCH] [SERVER] Refactor Middlewares (#39)

* Move redis to session middleware.
 * Rename appSession export to session.
 * Use Client's URL instead of port in cors.
---
 server/.env.example               |  3 ++-
 server/src/middlewares/cors.ts    |  2 +-
 server/src/middlewares/redis.ts   |  6 ------
 server/src/middlewares/session.ts | 19 ++++++++++++-------
 server/src/resolvers/user.ts      |  3 ++-
 server/src/server.ts              | 14 ++++++++------
 server/src/utils/constants.ts     |  2 ++
 7 files changed, 27 insertions(+), 22 deletions(-)
 delete mode 100644 server/src/middlewares/redis.ts
 create mode 100644 server/src/utils/constants.ts

diff --git a/server/.env.example b/server/.env.example
index e320ae7..8eef766 100644
--- a/server/.env.example
+++ b/server/.env.example
@@ -1,5 +1,6 @@
 PORT=
-CLIENT_PORT=
+CLIENT_URL=
+SESSION_SECRET=
 DB_NAME=
 DB_USER=
 DB_PASS=
diff --git a/server/src/middlewares/cors.ts b/server/src/middlewares/cors.ts
index 57723e7..a596dad 100644
--- a/server/src/middlewares/cors.ts
+++ b/server/src/middlewares/cors.ts
@@ -1,6 +1,6 @@
 import corsInit from "cors";
 
 export const cors = corsInit({
-  origin: `http://localhost:${process.env.CLIENT_PORT}`,
+  origin: process.env.CLIENT_URL,
   credentials: true,
 });
diff --git a/server/src/middlewares/redis.ts b/server/src/middlewares/redis.ts
deleted file mode 100644
index 54140f4..0000000
--- a/server/src/middlewares/redis.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-import connectRedis from "connect-redis";
-import redis from "redis";
-import session from "express-session";
-
-export const RedisStore = connectRedis(session);
-export const redisClient = redis.createClient();
diff --git a/server/src/middlewares/session.ts b/server/src/middlewares/session.ts
index 218869e..15062f3 100644
--- a/server/src/middlewares/session.ts
+++ b/server/src/middlewares/session.ts
@@ -1,21 +1,26 @@
-import { redisClient, RedisStore } from "./redis";
+import connectRedis from "connect-redis";
+import sessionInit from "express-session";
+import redis from "redis";
 
-import session from "express-session";
+import { IS_PROD, SESSION_COOKIE_NAME } from "../utils/constants";
 
-export const appSession = session({
-  name: "qid",
+export const RedisStore = connectRedis(sessionInit);
+export const redisClient = redis.createClient();
+
+export const session = sessionInit({
+  name: SESSION_COOKIE_NAME,
   store: new RedisStore({
     client: redisClient,
     disableTouch: true,
     disableTTL: true,
   }),
-  saveUninitialized: false,
   cookie: {
     maxAge: 1000 * 60 * 60 * 24 * 365 * 10,
     httpOnly: true,
-    secure: process.env.NODE_ENV === "production",
+    secure: IS_PROD,
     sameSite: "lax",
   },
-  secret: "keyboard cat",
+  saveUninitialized: false,
+  secret: process.env.SESSION_SECRET as string,
   resave: false,
 });
diff --git a/server/src/resolvers/user.ts b/server/src/resolvers/user.ts
index 034bad2..ba91150 100644
--- a/server/src/resolvers/user.ts
+++ b/server/src/resolvers/user.ts
@@ -8,6 +8,7 @@ import { UserInput } from "../types/inputs/UserInput";
 import { UserResponse } from "../types/responses/UserResponse";
 import { UserRole } from "../types/UserRole";
 import { mapToFieldError } from "../utils/mapToFieldError";
+import { SESSION_COOKIE_NAME } from "../utils/constants";
 
 @Resolver()
 export class UserResolver {
@@ -68,7 +69,7 @@ export class UserResolver {
   logout(@Ctx() { req, res }: AppContext): Promise<boolean> {
     return new Promise((resolve) =>
       req.session!.destroy((err) => {
-        res.clearCookie("qid");
+        res.clearCookie(SESSION_COOKIE_NAME);
         if (err) {
           resolve(false);
           return;
diff --git a/server/src/server.ts b/server/src/server.ts
index 8766a0c..9677c05 100644
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -9,9 +9,10 @@ import { createConnection } from "typeorm";
 
 import { authChecker } from "./middlewares/authChecker";
 import { cors } from "./middlewares/cors";
-import { appSession } from "./middlewares/session";
+import { session } from "./middlewares/session";
 import { AppContext } from "./types";
 import { registerTypes } from "./utils/registerTypes";
+import { IS_PROD } from "./utils/constants";
 
 const main = async () => {
   await createConnection({
@@ -20,15 +21,15 @@ const main = async () => {
     username: process.env.DB_USER,
     password: process.env.DB_PASS,
     host: process.env.DB_HOST,
-    logging: true,
-    debug: true,
+    logging: !IS_PROD,
+    debug: !IS_PROD,
     entities: [path.join(__dirname, "./entities/*.[jt]s")],
   });
 
   const app = express();
 
   app.use(cors);
-  app.use(appSession);
+  app.use(session);
 
   registerTypes();
 
@@ -43,8 +44,9 @@ const main = async () => {
 
   server.applyMiddleware({ app, cors: false });
 
-  app.listen(process.env.PORT, () => {
-    const url = `http://localhost:${process.env.PORT}`;
+  const port = process.env.PORT;
+  app.listen(port, () => {
+    const url = `http://localhost:${port}`;
     console.log(`server started on ${url}`);
     console.log(`playground ready on ${url}${server.graphqlPath}`);
   });
diff --git a/server/src/utils/constants.ts b/server/src/utils/constants.ts
new file mode 100644
index 0000000..031856b
--- /dev/null
+++ b/server/src/utils/constants.ts
@@ -0,0 +1,2 @@
+export const IS_PROD = process.env.NODE_ENV === "production";
+export const SESSION_COOKIE_NAME = "session";