fix(cookie): update cookie settings based on environment

WalletConnect · Jul 13, 2023 · c1c8317 · c1c8317
1 parent f10c708
commit c1c8317
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 9 deletions.
diff --git a/src/handlers/verify.ts b/src/handlers/verify.ts
@@ -13,11 +13,6 @@ export const verifyAndSignIn = async (req: Request, res: Response) => {
 
     const message = new SiweMessage(req.body.message);
     const fields = await message.validate(req.body.signature);
-    console.log({
-      isProd: process.env.NODE_ENV === "production",
-      fieldsNonce: fields.nonce,
-      sessionNonce: req.session.nonce,
-    });
     if (fields.nonce !== req.session.nonce) {
       res.status(422).json({
         message: `Invalid nonce.`,

diff --git a/src/index.ts b/src/index.ts
@@ -45,7 +45,7 @@ if (!REDIS_PASSWORD) {
 
 // Initialize redis client
 const redisClient = new Redis({
-  host: REDIS_HOST ?? "redis",
+  host: "localhost" ?? "redis",
   port: REDIS_PORT ? parseInt(REDIS_PORT, 10) : 6379,
   password: REDIS_PASSWORD,
 });
@@ -62,6 +62,7 @@ app.disable("x-powered-by");
 // Enable body parser
 app.use(express.json());
 app.use(cookieParser(COOKIE_SECRET));
+app.set("trust proxy", 1);
 
 const isProd = process.env.NODE_ENV === "production";
 const isDev = process.env.NODE_ENV === "development";
@@ -97,11 +98,12 @@ app.use(
   Session({
     name: COOKIE_NAME,
     secret: COOKIE_SECRET,
-    resave: true,
-    saveUninitialized: true,
+    resave: false,
+    saveUninitialized: false,
     cookie: {
       secure: isDev ? false : true,
-      sameSite: isProd || "none",
+      sameSite: isProd ? "strict" : "none",
+      maxAge: 144 * 60 * 60 * 1000,
       httpOnly: true,
     },
   })