@ladjs/web
Advanced tools
Comparing version 0.1.1 to 0.1.3
28
index.js
@@ -7,3 +7,2 @@ const http = require('http'); | ||
const _ = require('lodash'); | ||
const Boom = require('boom'); | ||
const Koa = require('koa'); | ||
@@ -35,3 +34,2 @@ const Cabin = require('cabin'); | ||
const flash = require('koa-better-flash'); | ||
const CSRF = require('koa-csrf'); | ||
const StoreIPAddress = require('@ladjs/store-ip-address'); | ||
@@ -45,2 +43,4 @@ const isajax = require('koa-isajax'); | ||
const StateHelper = require('@ladjs/state-helper'); | ||
const Boom = require('boom'); | ||
const CSRF = require('koa-csrf'); | ||
@@ -91,2 +91,15 @@ class Server { | ||
cookiesKey: process.env.COOKIES_KEY || 'lad.sid', | ||
// <https://github.com/pillarjs/cookies#cookiesset-name--value---options--> | ||
// <https://github.com/koajs/generic-session/blob/master/src/session.js#L32-L38> | ||
cookies: { | ||
httpOnly: true, | ||
path: '/', | ||
overwrite: true, | ||
signed: true, | ||
maxAge: 24 * 60 * 60 * 1000, | ||
secure: process.env.WEB_PROTOCOL === 'https', | ||
// we use SameSite cookie support as an alternative to CSRF | ||
// <https://scotthelme.co.uk/csrf-is-dead/> | ||
sameSite: 'lax' | ||
}, | ||
livereload: { | ||
@@ -219,3 +232,9 @@ port: process.env.LIVERELOAD_PORT || 35729 | ||
app.keys = this.config.sessionKeys; | ||
app.use(session({ store: redisStore, key: this.config.cookiesKey })); | ||
app.use( | ||
session({ | ||
store: redisStore, | ||
key: this.config.cookiesKey, | ||
cookie: this.config.cookies | ||
}) | ||
); | ||
@@ -244,3 +263,2 @@ // flash messages | ||
// csrf (with added localization support) | ||
app.use((ctx, next) => { | ||
@@ -252,2 +270,4 @@ // TODO: add cookies key until koa-better-error-handler issue is resolved | ||
}); | ||
// csrf (with added localization support) | ||
app.use(async (ctx, next) => { | ||
@@ -254,0 +274,0 @@ if (process.env.NODE_ENV === 'test') { |
{ | ||
"name": "@ladjs/web", | ||
"description": "Web server for Lad", | ||
"version": "0.1.1", | ||
"version": "0.1.3", | ||
"author": "Nick Baugh <niftylettuce@gmail.com> (http://niftylettuce.com/)", | ||
@@ -49,3 +49,3 @@ "bugs": { | ||
"koa-simple-ratelimit": "^2.3.3", | ||
"koa-views": "https://github.com/niftylettuce/koa-views", | ||
"koa-views": "^6.1.3", | ||
"lodash": "^4.17.4", | ||
@@ -62,3 +62,3 @@ "redis": "^2.8.0" | ||
"cross-env": "^5.1.1", | ||
"eslint": "^4.13.0", | ||
"eslint": "^4.13.1", | ||
"eslint-config-prettier": "^2.9.0", | ||
@@ -69,3 +69,3 @@ "eslint-plugin-prettier": "^2.3.1", | ||
"nyc": "^11.3.0", | ||
"prettier": "^1.9.1", | ||
"prettier": "^1.9.2", | ||
"remark-cli": "^4.0.0", | ||
@@ -72,0 +72,0 @@ "remark-preset-github": "^0.0.7", |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
HTTP dependency
Supply chain riskContains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
256328
314
0
2
23
+ Added@isaacs/cliui@8.0.2(transitive)
+ Added@one-ini/wasm@0.1.1(transitive)
+ Added@pkgjs/parseargs@0.11.0(transitive)
+ Addedabbrev@2.0.0(transitive)
+ Addedansi-regex@5.0.16.1.0(transitive)
+ Addedansi-styles@4.3.06.2.1(transitive)
+ Addedbalanced-match@1.0.2(transitive)
+ Addedbluebird@3.7.2(transitive)
+ Addedbrace-expansion@2.0.1(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedcommander@10.0.1(transitive)
+ Addedcondense-newlines@0.2.1(transitive)
+ Addedconfig-chain@1.1.13(transitive)
+ Addedconsolidate@0.15.1(transitive)
+ Addedcross-spawn@7.0.3(transitive)
+ Addedeastasianwidth@0.2.0(transitive)
+ Addededitorconfig@1.0.4(transitive)
+ Addedemoji-regex@8.0.09.2.2(transitive)
+ Addedextend-shallow@2.0.1(transitive)
+ Addedforeground-child@3.3.0(transitive)
+ Addedget-paths@0.0.7(transitive)
+ Addedglob@10.4.5(transitive)
+ Addedini@1.3.8(transitive)
+ Addedis-buffer@1.1.6(transitive)
+ Addedis-extendable@0.1.1(transitive)
+ Addedis-fullwidth-code-point@3.0.0(transitive)
+ Addedis-whitespace@0.3.0(transitive)
+ Addedisexe@2.0.0(transitive)
+ Addedjackspeak@3.4.3(transitive)
+ Addedjs-beautify@1.15.1(transitive)
+ Addedjs-cookie@3.0.5(transitive)
+ Addedkind-of@3.2.2(transitive)
+ Addedkoa-send@5.0.1(transitive)
+ Addedkoa-views@6.3.1(transitive)
+ Addedlru-cache@10.4.3(transitive)
+ Addedminimatch@9.0.19.0.5(transitive)
+ Addedminipass@7.1.2(transitive)
+ Addednopt@7.2.1(transitive)
+ Addedpackage-json-from-dist@1.0.0(transitive)
+ Addedpath-key@3.1.1(transitive)
+ Addedpath-scurry@1.11.1(transitive)
+ Addedpify@4.0.1(transitive)
+ Addedpretty@2.0.0(transitive)
+ Addedproto-list@1.2.4(transitive)
+ Addedsemver@7.6.3(transitive)
+ Addedshebang-command@2.0.0(transitive)
+ Addedshebang-regex@3.0.0(transitive)
+ Addedsignal-exit@4.1.0(transitive)
+ Addedstring-width@4.2.35.1.2(transitive)
+ Addedstrip-ansi@6.0.17.1.0(transitive)
+ Addedwhich@2.0.2(transitive)
+ Addedwrap-ansi@7.0.08.1.0(transitive)
Updatedkoa-views@^6.1.3