From db35882a1882263bfb76dc418db27ece6380ed2e Mon Sep 17 00:00:00 2001 From: Jeremy Kirsch Date: Sun, 17 May 2026 20:35:05 +0200 Subject: [PATCH] . --- DEPLOY.md | 4 ++-- package.json | 4 ++-- server.js | 41 +++++++++++++++++++++-------------------- 3 files changed, 25 insertions(+), 24 deletions(-) diff --git a/DEPLOY.md b/DEPLOY.md index ee8178d..0f69758 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -63,7 +63,7 @@ mysql -u blair_user -p blair_dashboard < /var/www/blair/schema.sql ``` https://deinedomain.de/auth/discord/callback ``` -4. Kopiere **Client ID** und **Client Secret** +4. Kopiere **Client ID** 1505635813072044062 und **Client Secret** fXQyM6oXGQWR23m3QbilHLTJiObg_kP- --- @@ -80,7 +80,7 @@ Ausfüllen: PORT=3000 NODE_ENV=production SESSION_SECRET= -DB_HOST=localhost +DB_HOST=localhost DB_PORT=3306 DB_NAME=blair_dashboard DB_USER=blair_user diff --git a/package.json b/package.json index d96e8e5..d1df622 100644 --- a/package.json +++ b/package.json @@ -14,11 +14,11 @@ "passport": "^0.6.0", "passport-discord": "^0.1.4", "dotenv": "^16.3.1", - "connect-mysql-session": "^0.4.1", + "express-mysql-session": "^3.0.0", "helmet": "^7.1.0", "cors": "^2.8.5" }, "devDependencies": { "nodemon": "^3.0.1" } -} +} \ No newline at end of file diff --git a/server.js b/server.js index 3e40538..c43a485 100644 --- a/server.js +++ b/server.js @@ -1,15 +1,15 @@ require('dotenv').config(); -const express = require('express'); -const session = require('express-session'); +const express = require('express'); +const session = require('express-session'); const passport = require('passport'); -const helmet = require('helmet'); -const path = require('path'); -const db = require('./db'); -const authRoutes = require('./routes/auth'); -const apiRoutes = require('./routes/api'); +const helmet = require('helmet'); +const path = require('path'); +const db = require('./db'); +const authRoutes = require('./routes/auth'); +const apiRoutes = require('./routes/api'); const adminRoutes = require('./routes/admin'); -const app = express(); +const app = express(); const PORT = process.env.PORT || 3000; // ── Security headers ────────────────────────────────── @@ -17,10 +17,10 @@ app.use(helmet({ contentSecurityPolicy: { directives: { defaultSrc: ["'self'"], - scriptSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com"], - styleSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com", "fonts.gstatic.com"], - fontSrc: ["'self'", "fonts.gstatic.com", "fonts.googleapis.com"], - imgSrc: ["'self'", "data:", "cdn.discordapp.com"], + scriptSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com"], + styleSrc: ["'self'", "'unsafe-inline'", "fonts.googleapis.com", "fonts.gstatic.com"], + fontSrc: ["'self'", "fonts.gstatic.com", "fonts.googleapis.com"], + imgSrc: ["'self'", "data:", "cdn.discordapp.com"], connectSrc: ["'self'", "discord.com"], }, }, @@ -31,21 +31,22 @@ app.use(express.json()); app.use(express.urlencoded({ extended: true })); // ── Session with MySQL store ────────────────────────── -const MySQLStore = require('connect-mysql-session')(session); +const MySQLStore = require('express-mysql-session')(session); app.use(session({ secret: process.env.SESSION_SECRET, resave: false, saveUninitialized: false, store: new MySQLStore({ - host: process.env.DB_HOST, - port: parseInt(process.env.DB_PORT) || 3306, + host: process.env.DB_HOST, + port: parseInt(process.env.DB_PORT) || 3306, database: process.env.DB_NAME, - user: process.env.DB_USER, + user: process.env.DB_USER, password: process.env.DB_PASS, + createDatabaseTable: true, }), cookie: { - maxAge: 7 * 24 * 60 * 60 * 1000, // 7 Tage - secure: process.env.NODE_ENV === 'production', + maxAge: 7 * 24 * 60 * 60 * 1000, // 7 Tage + secure: process.env.NODE_ENV === 'production', httpOnly: true, sameSite: 'lax', }, @@ -60,8 +61,8 @@ app.use(passport.session()); app.use(express.static(path.join(__dirname, 'public'))); // ── Routes ──────────────────────────────────────────── -app.use('/auth', authRoutes); -app.use('/api', apiRoutes); +app.use('/auth', authRoutes); +app.use('/api', apiRoutes); app.use('/admin', adminRoutes); // ── SPA fallback ──────────────────────────────────────