Implement Sessions
Here we learn how to implement sessions with Express.js to add the necessary backend security.
yarn add express-sessionimport cors from 'cors';
import express from 'express';
import Session from 'express-session';
import { generateNonce, SiweMessage } from 'siwe';
const app = express();
app.use(express.json());
app.use(cors({
origin: 'http://localhost:8080',
credentials: true,
}))
app.use(Session({
name: 'siwe-quickstart',
secret: "siwe-quickstart-secret",
resave: true,
saveUninitialized: true,
cookie: { secure: false, sameSite: true }
}));
app.get('/nonce', async function (req, res) {
req.session.nonce = generateNonce();
res.setHeader('Content-Type', 'text/plain');
res.status(200).send(req.session.nonce);
});
app.post('/verify', async function (req, res) {
try {
if (!req.body.message) {
res.status(422).json({ message: 'Expected prepareMessage object as body.' });
return;
}
let SIWEObject = new SiweMessage(req.body.message);
const { data: message } = await SIWEObject.verify({ signature: req.body.signature, nonce: req.session.nonce });
req.session.siwe = message;
req.session.cookie.expires = new Date(message.expirationTime);
req.session.save(() => res.status(200).send(true));
} catch (e) {
req.session.siwe = null;
req.session.nonce = null;
console.error(e);
switch (e) {
case ErrorTypes.EXPIRED_MESSAGE: {
req.session.save(() => res.status(440).json({ message: e.message }));
break;
}
case ErrorTypes.INVALID_SIGNATURE: {
req.session.save(() => res.status(422).json({ message: e.message }));
break;
}
default: {
req.session.save(() => res.status(500).json({ message: e.message }));
break;
}
}
}
});
app.get('/personal_information', function (req, res) {
if (!req.session.siwe) {
res.status(401).json({ message: 'You have to first sign_in' });
return;
}
console.log("User is authenticated!");
res.setHeader('Content-Type', 'text/plain');
res.send(`You are authenticated and your address is: ${req.session.siwe.address}`);
});
app.listen(3000);
Last updated