fixed bug where had to login every time the server restarted

2026-01-15 15:14:55 -05:00
parent c560d9e13c
commit 942867d94c
1 changed files with 15 additions and 2 deletions
--- a/backend/middleware/csrf.js
+++ b/backend/middleware/csrf.js
@@ -1,11 +1,24 @@
 const csrf = require("csrf");
 const cookieParser = require("cookie-parser");
+const logger = require("../utils/logger");

 // Initialize CSRF token generator
 const tokens = new csrf();

-// Generate a secret for signing tokens
-const secret = tokens.secretSync();
+// Use persistent secret from environment variable to prevent token invalidation on restart
+const secret = process.env.CSRF_SECRET;
+
+if (!secret) {
+  const errorMsg = "CSRF_SECRET environment variable is required.";
+  logger.error(errorMsg);
+  throw new Error(errorMsg);
+}
+
+if (secret.length < 32) {
+  const errorMsg = "CSRF_SECRET must be at least 32 characters for security";
+  logger.error(errorMsg);
+  throw new Error(errorMsg);
+}

 // CSRF middleware using double submit cookie pattern
 const csrfProtection = (req, res, next) => {