From f6176f74cc75ca9c37973af47536e57540c91e53 Mon Sep 17 00:00:00 2001
From: b1ek <me@blek.codes>
Date: Sun, 19 Feb 2023 01:29:43 +1000
Subject: [PATCH] encrypt cookies

---
 .env.example |  2 +-
 index.js     | 14 ++++++++++++--
 package.json |  2 ++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.env.example b/.env.example
index 4d10f08..6d577e1 100644
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,4 @@
 APP_PORT=8000
 APP_DEBUG=true
-# a 256-bit base64 encryption key
+# a 32-bit base64 encryption key
 APP_KEY=TKe8lE2IdkgGBUrB4nxdq7mGMf8PK29xqOnGa3vU0PBmNXADJrVA5LKd8pg6g/YO5aFG/ESzUleo/9Hve3SAe4rvwLBejD/SKOmDR4gbaMv4PuiNi8S2sYL30aVyi1OeaSTyYsfjteumkFxFVwrsxhDCX94xvNEuTEfS4repfLo=
\ No newline at end of file
diff --git a/index.js b/index.js
index 7021bed..0c8ddbd 100644
--- a/index.js
+++ b/index.js
@@ -4,11 +4,21 @@ require('./startup');
 
 const express = require('express');
 const app = express();
+const session = require('express-session');
+const cookie_parse = require('cookie-parser');
+const cookie_encrypt = require('cookie-encrypter');
 
-const { APP_PORT } = process.env;
+const { APP_PORT, APP_KEY } = process.env;
 
 app.use(require('./routes'));
-app.use(express.static('public'))
+app.use(express.static('public'));
+
+app.use(cookie_parse(APP_KEY))
+app.use(cookie_encrypt(APP_KEY));
+app.use(session({
+	secret: APP_KEY,
+	cookie: { secure: true }
+}));
 
 const server = app.listen(APP_PORT, () => {
 		console.log("Listening on port " + APP_PORT);
diff --git a/package.json b/package.json
index 45c51b0..6d43283 100644
--- a/package.json
+++ b/package.json
@@ -12,6 +12,8 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
+    "cookie-encrypter": "^1.0.1",
+    "cookie-parser": "^1.4.6",
     "crc-32": "^1.2.2",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",