security update

lib/api/security.js

@@ -5,12 +5,17 @@
 
 import * as userStorage from '../services/storage/userStorage.js';
 import cookieSession from 'cookie-session';
-import { nanoid } from 'nanoid';
+const SESSION_MAX_AGE = 2 * 60 * 60 * 1000; // 2 hours
 const unauthorized = (res) => {
   return res.send(401);
 };
 const isUnauthorized = (req) => {
-  return req.session.currentUser == null;
+  if (req.session.currentUser == null) return true;
+  if (Date.now() - req.session.createdAt > SESSION_MAX_AGE) {
+    req.session = null;
+    return true;
+  }
+  return false;
 };
 const isAdmin = (req) => {
   if (!isUnauthorized(req)) {
@@ -37,12 +42,11 @@ const adminInterceptor = () => {
     }
   };
 };
-const cookieSession$0 = (userId) => {
+const cookieSession$0 = (secret) => {
   return cookieSession({
     name: 'fredy-admin-session',
-    keys: ['fredy', 'super', 'fancy', 'key', nanoid()],
-    userId,
-    maxAge: 2 * 60 * 60 * 1000, // 2 hours
+    keys: [secret],
+    maxAge: SESSION_MAX_AGE,
   });
 };
 export { cookieSession$0 as cookieSession };