4

I am trying to implement simple authentication with Node, Express, Express-Session and Passport.js. As a storage middleware I'm using connect-pg-simple as I am using pg-promise in my project.

I managed to configure passport to work with my routers but for some reason sessions won't be saved to my database. None of the plugins return any errors, everything seems to be running smoothly but my sessions table is empty.

What could I be doing wrong? connect-pg-simple connects to the server, passport.js is holding sessions and express-session assigns configured maxAge to cookies.

server.js

const express = require('express');
const db = require('./database.js');
const cors = require('cors');
const helmet = require('helmet');
const session = require('express-session');
const passport = require('passport');

const port = process.env.PORT || 3000;
const app = express();

const pgSession = require('connect-pg-simple')(session);
const pgStoreConfig = {
  pgPromise: db.conn
};

app.set('trust proxy', 1);

app.use(express.json());
app.use(express.urlencoded({ extended: true }));

app.use(
  session({
    secret: REDACTED, // need to change it later to some proper hash
    store: new pgSession(pgStoreConfig),
    resave: true,
    cookie: {
      maxAge: 30 * 24 * 60 * 60 * 1000, // 30 days ;)
      secure: app.get('env') === 'production'
    },
    saveUninitialized: false
  })
);

app.use(passport.initialize());
app.use(passport.session());

app.use(cors());
app.use(helmet());

app.get('/', (req, res) => {
  if (req.session.views) {
    req.session.views++;
  } else {
    req.session.views = 1;
  }
  //res.send(`Views: ${req.session.views}`);
  res.json(req.session);
});

const userRouter = require('./routes/user.js');

app.use(userRouter);

config/passport.js

const passport = require('passport');
const local = require('passport-local');
const db = require('../database.js');
const statements = require('../routes/statements/user.js');
const cryptoUtils = require('../utils/crypto.js');

passport.serializeUser((user, done) => {
  done(null, user.id);
});

passport.deserializeUser(async (id, done) => {
  try {
    let result = await db.conn.one(statements.getUserByIdStatement, [id]);
    done(null, result);
  } catch (error) {
    console.log(`Error while deserializing user: ${error}`);
    return done(error);
  }
});

passport.use(
  new local.Strategy(
    { usernameField: 'email', passwordField: 'password' },
    async (username, password, done) => {
      try {
        let user = await db.conn.one(statements.loginUserStatement, [username]);

        if (user == null) {
          console.log(`Couldn't find user!`);
          return done(null, false);
        } else {
          let passwordCheck = cryptoUtils.comparePasswords(
            password,
            user.password,
            user.salt
          );

          if (passwordCheck) {
            delete user.password;
            delete user.salt;
            console.log(`Successfuly logged in!`);
            return done(null, user);
          } else {
            console.log(`Wrong password!`);
            return done(null, false);
          }
        }
      } catch (error) {
        console.log(`Error during local strategy authentication: ${error}`);
        return done(null, false);
      }
    }
  )
);

module.exports = passport;

routes/user.js

router.post('/user/login', (req, res, next) => {
  console.log('Authenticating');
  passport.authenticate('local', (err, user, info) => {
    if (err) {
      res.status(500).json({ status: err });
    }
    if (!user) {
      res.status(404).json({ status: 'User not found' });
    }
    if (user) {
      req.logIn(user, function(err) {
        if (err) {
          res.status(500).json({ status: 'Error while logging in' });
        }
        res.redirect('/');
      });
    }
  })(req, res, next);
});

router.get('/user/logout', userUtils.loginRequired, (req, res, next) => {
  req.logout();
  res.status(200).json({ status: 'Logged out' });
});

database.js

const pgp = require('pg-promise')(initOptions);
const conn = pgp(connectionConfig);

module.exports = {
  pgp,
  conn
};

Any help would be much appreciated.

Fiffe
  • 1,196
  • 2
  • 13
  • 23
  • 1
    Can you provide it as a git repo? will be easier to debug? – Tarun Lalwani Jul 17 '19 at 13:12
  • For someone looking for an answer: my problem was with async. Instead of `app.use(session({}))`, try this: `app.use(async (req, res, next) => { await session(req, res)({}); next() })`. This way you ensure that you wait for middleware's response and only then you continue. Note: I used `next-session`, not `express-session` – iamkirill Dec 09 '22 at 14:44

0 Answers0