in modules/backend/app/configure.js [40:104]
module.exports.factory = function(settings, mongo, apis) {
const _sessionStore = new (MongoDBStore(session))({uri: settings.mongoUrl});
return {
express: (app) => {
app.use(logger('dev', {
skip: (req, res) => res.statusCode < 400
}));
_.forEach(apis, (api) => app.use(api));
app.use(bodyParser.json({limit: '50mb'}));
app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
app.use(mongoSanitize({replaceWith: '_'}));
app.use(session({
secret: settings.sessionSecret,
resave: false,
saveUninitialized: true,
unset: 'destroy',
cookie: {
expires: new Date(Date.now() + settings.cookieTTL),
maxAge: settings.cookieTTL
},
store: _sessionStore
}));
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser((user, done) => done(null, user._id));
passport.deserializeUser((id, done) => {
if (mongo.ObjectId.isValid(id))
return mongo.Account.findById(id, done);
// Invalidates the existing login session.
done(null, false);
});
passport.use(mongo.Account.createStrategy());
},
socketio: (io) => {
const _onAuthorizeSuccess = (data, accept) => accept();
const _onAuthorizeFail = (data, message, error, accept) => {
if (error)
accept(new Error(message));
return accept(new Error(message));
};
io.use(passportSocketIo.authorize({
cookieParser,
key: 'connect.sid', // the name of the cookie where express/connect stores its session_id
secret: settings.sessionSecret, // the session_secret to parse the cookie
store: _sessionStore, // we NEED to use a sessionstore. no memorystore please
success: _onAuthorizeSuccess, // *optional* callback on success - read more below
fail: _onAuthorizeFail // *optional* callback on fail/error - read more below
}));
}
};
};