non_player1/blair-cheatsheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Jeremy Kirsch 2026-05-17 20:35:05 +02:00
parent 60262323a3
commit db35882a18
3 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
DEPLOY.md
View File

@ -63,7 +63,7 @@ mysql -u blair_user -p blair_dashboard < /var/www/blair/schema.sql
```
https://deinedomain.de/auth/discord/callback
```
4. Kopiere **Client ID** und **Client Secret**
4. Kopiere **Client ID** 1505635813072044062 und **Client Secret** fXQyM6oXGQWR23m3QbilHLTJiObg_kP-
---
@ -80,7 +80,7 @@ Ausfüllen:
PORT=3000
NODE_ENV=production
SESSION_SECRET=<langer-zufälliger-string>
DB_HOST=localhost
DB_HOST=localhost
DB_PORT=3306
DB_NAME=blair_dashboard
DB_USER=blair_user

4
package.json
View File

@ -14,11 +14,11 @@
"passport": "^0.6.0",
"passport-discord": "^0.1.4",
"dotenv": "^16.3.1",
"connect-mysql-session": "^0.4.1",
"express-mysql-session": "^3.0.0",
"helmet": "^7.1.0",
"cors": "^2.8.5"
},
"devDependencies": {
"nodemon": "^3.0.1"
}
}
}

41
server.js
View File

@ -1,15 +1,15 @@
require('dotenv').config();
const express = require('express');
const session = require('express-session');
const express = require('express');
const session = require('express-session');
const passport = require('passport');
const helmet = require('helmet');
const path = require('path');
const db = require('./db');
const authRoutes = require('./routes/auth');
const apiRoutes = require('./routes/api');
const helmet = require('helmet');
const path = require('path');
const db = require('./db');
const authRoutes = require('./routes/auth');
const apiRoutes = require('./routes/api');
const adminRoutes = require('./routes/admin');
const app = express();
const app = express();
const PORT = process.env.PORT || 3000;
// ── Security headers ──────────────────────────────────
@ -17,10 +17,10 @@ app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com"],
styleSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com", "fonts.gstatic.com"],
fontSrc: ["'self'", "fonts.gstatic.com", "fonts.googleapis.com"],
imgSrc: ["'self'", "data:", "cdn.discordapp.com"],
scriptSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com"],
styleSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com", "fonts.gstatic.com"],
fontSrc: ["'self'", "fonts.gstatic.com", "fonts.googleapis.com"],
imgSrc: ["'self'", "data:", "cdn.discordapp.com"],
connectSrc: ["'self'", "discord.com"],
},
},
@ -31,21 +31,22 @@ app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// ── Session with MySQL store ──────────────────────────
const MySQLStore = require('connect-mysql-session')(session);
const MySQLStore = require('express-mysql-session')(session);
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: new MySQLStore({
host: process.env.DB_HOST,
port: parseInt(process.env.DB_PORT) || 3306,
host: process.env.DB_HOST,
port: parseInt(process.env.DB_PORT) || 3306,
database: process.env.DB_NAME,
user: process.env.DB_USER,
user: process.env.DB_USER,
password: process.env.DB_PASS,
createDatabaseTable: true,
}),
cookie: {
maxAge: 7 * 24 * 60 * 60 * 1000, // 7 Tage
secure: process.env.NODE_ENV === 'production',
maxAge: 7 * 24 * 60 * 60 * 1000, // 7 Tage
secure: process.env.NODE_ENV === 'production',
httpOnly: true,
sameSite: 'lax',
},
@ -60,8 +61,8 @@ app.use(passport.session());
app.use(express.static(path.join(__dirname, 'public')));
// ── Routes ────────────────────────────────────────────
app.use('/auth', authRoutes);
app.use('/api', apiRoutes);
app.use('/auth', authRoutes);
app.use('/api', apiRoutes);
app.use('/admin', adminRoutes);
// ── SPA fallback ──────────────────────────────────────