Im trying to initialize an express session to a Mongo store in my MERN application for passing a user's ID to my passport authentication flow, however it acts unaccordingly to how it should by my understanding.
For each request i make to my auth.routes.cjs, the app makes a completely new session disregarding the currently already initialized one, then makes ANOTHER one, and only the last one gets passed to the router/controller.
I've currently attached a console.log(req.session) to both my index.cjs and auth.routes.cjs for every function called, to get an overview of how and which data is being created and passed between the components.
Index.cjs passes a value of req.session.test='test', then logs session id and session
auth.routes.cjs changes req.session.test to 'test2', then logs session, but only for the second initialization, making it useless
this is what my terminal logs after a request
index.cjs
var FfmpegCommand = require('fluent-ffmpeg');
var command = new FfmpegCommand();
const rateLimit = require('express-rate-limit');
const fs = require('fs');
const passport = require('./middleware/passportInitialization.cjs');
const express = require('express');
const cors = require('cors');
const bodyParser = require('body-parser');
const morgan = require('morgan');
const fileUpload = require('express-fileupload');
const session = require('express-session');
const { v4: uuidv4 } = require('uuid');
const MongoDBStore = require('connect-mongodb-session')(session)
const store = new MongoDBStore({
uri: process.env.MONGODB_URI,
databaseName: 'test',
collection: 'sessions'
});
store.on('error', function (error) {
console.log(error);
});
const app = express()
const port = 4000;
const db = require("./models/index.cjs");
const Role = db.Role;
const uri = process.env.MONGODB_URI;
app.use(passport.initialize());
app.use(express.urlencoded({ extended: true }));
db.mongoose
.connect(uri, {
useNewUrlParser: true,
useUnifiedTopology: true
})
.then(() => {
console.log("Successfully connect to MongoDB.");
initial();
})
.catch(err => {
console.error("Connection error", err);
process.exit();
});
app.use(session({
genid: () => {
return uuidv4() // use UUIDs for session IDs
},
secret: 'wdaoijiuwaheh23n4n23irfu9sujn398fhfmIUQHIG4bhyh9h',// TODO: change this to a random env string
store: store,
resave: false,
saveUninitialized: false,
cookie: {
secure: false,
maxAge: 1000 * 60 * 60 * 24,
sameSite: 'none'
}
}));
app.use(function (req, res, next) {
req.session.test = "test";
console.log('req.session', req.session.id);
console.log(req.session)
next();
});
var filter = require('content-filter');
app.use(filter());
app.use(fileUpload({
createParentPath: true
}));
const corsOptions ={
origin:'http://localhost:4001',
credentials:true, //access-control-allow-credentials:true
optionSuccessStatus:200
}
app.use(cors(corsOptions));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(morgan('dev'));
app.use(express.json());
app.use('/uploads', express.static('uploads'));
require('./routes/auth.routes.cjs')(app)
require('./routes/user.routes.cjs')(app)
require('./routes/upload.routes.cjs')(app)
app.use(function (req, res, next) {
req.session.test = "test";
next();
});
auth.routes.cjs
const verifySignUp = require("../middleware/verifySignUp.cjs");
const controller = require("../controllers/auth.controller.cjs")
const passport = require('../middleware/passportInitialization.cjs');
const authJwt = require("../middleware/authJwt.cjs");
module.exports = function(app) {
app.use(function(req, res, next) {
req.session.test = "test2";
console.log(req.session.id)
console.log (req.session)
res.setHeader('Access-Control-Allow-Origin', 'http://localhost:4001');
//res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
//res.setHeader('Access-Control-Allow-Credentials', true);
res.setHeader(
"Access-Control-Allow-Headers",
"x-access-token, Content-Type, Accept"
);
next();
});
app.post("/api/auth/refreshtoken", controller.refreshToken);
app.post(
"/api/auth/signup",
[
verifySignUp.checkDuplicateUsernameOrEmail,
verifySignUp.checkRolesExisted
],
controller.signup
);
//endpoint named /api/auth/signin calls the controller.signin function and then saves the user id to the session
app.post("/api/auth/signin", controller.signin);
app.get("/api/auth/google",[authJwt.verifyIfUserIsLoggedIn], passport.authenticate('youtube', {display: 'popup', failureMessage: true, failureRedirect: '/login'}
));
//endpoint with access-control-allow-origin: *
app.get("/api/auth/google/callback", passport.authenticate('youtube', {failureMessage: true, failureRedirect: '/login'}), function(req, res) {
// Successful authentication, redirect home.
const userYoutubeData = req.userYoutubeData;
console.log('userYoutubeData', userYoutubeData);
console.log('shall be linked to user id ' + req.session);
res.header(
"Access-Control-Allow-Origin", "*"
);
res.redirect('http://localhost:4001/upload');
//res.json({message:"Success", username: req.user.username});
});
}
I've been stuck on this for the past two weeks with no luck whatsoever. Hoping that someone could give me insight on my possibly misinterpreted logic behind this flow.
