add env example for AC

replace cookie session package with express-session
numerique-gouv · Apr 4, 2024 · 399dbc6 · 399dbc6
1 parent 9731c3a
commit 399dbc6
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 113 deletions.
diff --git a/.env.ac.example b/.env.ac.example
@@ -0,0 +1,14 @@
+HOST: http://localhost:3000
+PORT: 3000
+SITE_TITLE: "Bonjour monde !"
+STYLESHEET_URL: https://unpkg.com/bamboo.css
+CALLBACK_URL: /login-callback
+MCP_CLIENT_ID: 
+MCP_CLIENT_SECRET: 
+MCP_PROVIDER: https://fca.integ01.dev-agentconnect.fr/api/v2
+MCP_SCOPES: openid email given_name
+LOGIN_HINT: ""
+MCP_ID_TOKEN_SIGNED_RESPONSE_ALG: RS256
+MCP_USERINFO_SIGNED_RESPONSE_ALG: RS256
+ACR_VALUES: eidas1
+SESSION_SECRET: CeciEstUnFauxSecret
diff --git a/index.js b/index.js
@@ -1,7 +1,7 @@
 import "dotenv/config";
 import express from "express";
 import { Issuer } from "openid-client";
-import cookieSession from "cookie-session";
+import session from "express-session";
 import morgan from "morgan";
 import * as crypto from "crypto";
 
@@ -13,9 +13,9 @@ const app = express();
 
 app.set("view engine", "ejs");
 app.use(
-  cookieSession({
+  session({
+    secret: process.env.SESSION_SECRET,
     name: "mcp_session",
-    keys: ["key1", "key2"],
   })
 );
 app.use(morgan("combined"));
@@ -120,17 +120,18 @@ app.get(process.env.CALLBACK_URL, async (req, res, next) => {
     req.session.userinfo = await client.userinfo(tokenSet.access_token);
     req.session.idtoken = tokenSet.claims();
     req.session.id_token_hint = tokenSet.id_token;
-
+    req.session.oauth2token = tokenSet;
     res.redirect("/");
   } catch (e) {
+    console.error(e)
     next(e);
   }
 });
 
 app.post("/logout", async (req, res, next) => {
   try {
     const id_token_hint = req.session.id_token_hint;
-    req.session = null;
+    req.session.destroy()
     const client = await getMcpClient();
     const redirectUrl = client.endSessionUrl({
       post_logout_redirect_uri: `${origin}/`,

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -19,10 +19,10 @@
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "dependencies": {
-    "cookie-session": "^2.1.0",
     "dotenv": "^16.4.5",
     "ejs": "^3.1.9",
     "express": "^4.18.3",
+    "express-session": "^1.18.0",
     "morgan": "^1.10.0",
     "openid-client": "^5.6.5"
   },