add session auth

docker-compose.yml

@@ -22,6 +22,24 @@ services:
         ports:
             - ${PGADMIN_PORT}:80
 
+    redis:
+        image: redis:7.2.4
+        restart: always
+        ports:
+            - ${REDIS_PORT}:6379
+        command: redis-server --save 20 1 --loglevel warning --requirepass ${REDIS_PASSWORD}
+        volumes:
+            - redis-cache:/data
+
+    redisInsight:
+        container_name: redis-insight
+        image: redislabs/redisinsight
+        restart: always
+        ports:
+            - ${REDIS_INSIGHT_PORT}:8001
+
 volumes:
     postgres-data-volume:
-        external: true
+        external: true
+    redis-cache:
+        external: true

server/@types/session.d.ts

@@ -0,0 +1,7 @@
+import "express-session";
+
+declare module "express-session" {
+    interface SessionData {
+        userId: string | undefined;
+    }
+}

server/package.json

@@ -12,6 +12,7 @@
   "license": "ISC",
   "devDependencies": {
     "@types/express": "^4.17.21",
+    "@types/express-session": "^1.17.10",
     "@types/http-errors": "^2.0.4",
     "@types/morgan": "^1.9.9",
     "@types/node": "^20.11.16",
@@ -26,11 +27,14 @@
   "dependencies": {
     "@prisma/client": "^5.9.1",
     "argon2": "^0.31.2",
+    "connect-redis": "^7.1.1",
     "dotenv": "^16.4.1",
     "envalid": "^8.0.0",
     "express": "^4.18.2",
+    "express-session": "^1.18.0",
     "http-errors": "^2.0.0",
     "morgan": "^1.10.0",
+    "redis": "^4.6.12",
     "zod": "^3.22.4"
   }
 }

server/src/app.ts

@@ -3,15 +3,49 @@ import "dotenv/config";
 import createHttpError, { isHttpError } from "http-errors";
 import express, { NextFunction, Request, Response } from "express";
 
+import RedisStore from "connect-redis";
 import { ZodError } from "zod";
+import { createClient } from "redis";
+import env from "./utils/validateEnv";
 import morgan from "morgan";
+import session from "express-session";
 import usersRouter from "./routes/users";
 
 const app = express();
 
+// Redis
+const redisClient = createClient({
+    url: env.REDIS_URL,
+});
+redisClient.connect().catch(console.error);
+
+// Initialize redis store
+const redisStore = new RedisStore({
+    client: redisClient,
+    prefix: "lanten:",
+});
+
+// Middlewares
 app.use(morgan("dev"));
 app.use(express.json());
 
+// Session middleware with redis
+app.use(
+    session({
+        store: redisStore,
+        resave: false,
+        saveUninitialized: false,
+        secret: env.SESSION_SECRET,
+        rolling: true,
+        cookie: {
+            maxAge: 1000 * 60 * 60 * 24 * 5, // 15 days
+            httpOnly: true,
+            secure: false,
+            sameSite: "lax",
+        },
+    })
+);
+
 // Endpoints
 app.get("/", (req, res) => {
     res.send("Hello World");
@@ -20,6 +54,7 @@ app.get("/", (req, res) => {
 // Routers
 app.use("/users", usersRouter);
 
+// Error handling
 app.use((req, res, next) => {
     next(createHttpError(404, "Endpoint not found"));
 });