parse-community · dblythy · May 13, 2025 · coderabbitai · May 13, 2025 · mtrezza
diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -3,7 +3,8 @@ const bcrypt = require('bcryptjs');
 const csrf = require('csurf');
 const passport = require('passport');
 const LocalStrategy = require('passport-local').Strategy;
-const OTPAuth = require('otpauth')
+const OTPAuth = require('otpauth');
+const session = require('express-session');
 
 /**
  * Constructor for Authentication class
@@ -55,34 +56,46 @@ function initialize(app, options) {
 
   const cookieSessionSecret = options.cookieSessionSecret || require('crypto').randomBytes(64).toString('hex');
   const cookieSessionMaxAge = options.cookieSessionMaxAge;
+
   app.use(require('connect-flash')());
   app.use(require('body-parser').urlencoded({ extended: true }));
-  app.use(require('cookie-session')({
-    key    : 'parse_dash',
-    secret : cookieSessionSecret,
-    maxAge : cookieSessionMaxAge
+
+  app.use(session({
+    name: 'parse_dash',
+    secret: cookieSessionSecret,
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+      maxAge: cookieSessionMaxAge,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax'
+    }
   }));
-  app.use(session({
-    name: 'parse_dash',
-    secret: cookieSessionSecret,
-    resave: false,
-    saveUninitialized: false,
-    cookie: {
-      maxAge: cookieSessionMaxAge,
-      httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
-      sameSite: 'lax'
-    }
-  }));
+// at the top of Parse-Dashboard/Authentication.js
+const redis = require('redis');
+const RedisStore = require('connect-redis')(session);
+const redisClient = redis.createClient({
+  // configure host, port, password, etc., if needed
+});
+
+app.use(
+  session({
+    name: 'parse_dash',
+    secret: cookieSessionSecret,
+    resave: false,
+    saveUninitialized: false,
+    store: process.env.NODE_ENV === 'production'
+      ? new RedisStore({
+          client: redisClient,
+          ttl: cookieSessionMaxAge / 1000 // convert ms to seconds
+        })
+      : undefined,
+    cookie: {
+      maxAge: cookieSessionMaxAge,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax'
+    }
+  })
+);
-  app.use(session({
-    name: 'parse_dash',
-    secret: cookieSessionSecret,
-    resave: false,
-    saveUninitialized: false,
-    cookie: {
-      maxAge: cookieSessionMaxAge,
-      httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
-      sameSite: 'lax'
-    }
-  }));
+// at the top of Parse-Dashboard/Authentication.js
+const redis = require('redis');
+const RedisStore = require('connect-redis')(session);
+const redisClient = redis.createClient({
+  // configure host, port, password, etc., if needed
+});
+
+app.use(
+  session({
+    name: 'parse_dash',
+    secret: cookieSessionSecret,
+    resave: false,
+    saveUninitialized: false,
+    store: process.env.NODE_ENV === 'production'
+      ? new RedisStore({
+          client: redisClient,
+          ttl: cookieSessionMaxAge / 1000 // convert ms to seconds
+        })
+      : undefined,
+    cookie: {
+      maxAge: cookieSessionMaxAge,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax'
+    }
+  })
+);
+
   app.use(passport.initialize());
   app.use(passport.session());
 
   app.post('/login',
     csrf(),
-    (req,res,next) => {
+    (req, res, next) => {
       let redirect = 'apps';
       if (req.body.redirect) {
-        redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect
+        redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect;
       }
       return passport.authenticate('local', {
         successRedirect: `${self.mountPath}${redirect}`,
         failureRedirect: `${self.mountPath}login${req.body.redirect ? `?redirect=${req.body.redirect}` : ''}`,
-        failureFlash : true
-      })(req, res, next)
+        failureFlash: true
+      })(req, res, next);
     },
   );
 
-  app.get('/logout', function(req, res){
-    req.logout();
-    res.redirect(`${self.mountPath}login`);
+  app.get('/logout', function(req, res, next) {
+    req.logout(function(err) {
+      if (err) { return next(err); }
+      res.redirect(`${self.mountPath}login`);
+    });
   });
 }
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -41,11 +41,11 @@
     "body-parser": "2.2.0",
     "commander": "13.1.0",
     "connect-flash": "0.1.1",
-    "cookie-session": "2.1.0",
     "copy-to-clipboard": "3.3.3",
     "core-js": "3.41.0",
     "csurf": "1.11.0",
     "express": "4.21.2",
+    "express-session": "1.18.1",
     "graphiql": "2.0.8",
     "graphql": "16.11.0",
     "immutable": "5.1.2",
@@ -55,7 +55,7 @@
     "otpauth": "8.0.3",
     "package-json": "7.0.0",
     "parse": "3.5.1",
-    "passport": "0.5.3",
+    "passport": "0.7.0",
     "passport-local": "1.0.0",
     "prismjs": "1.30.0",
     "prop-types": "15.8.1",