logger done

RaihanSharif · RaihanSharif · commit 2f3ad7fd46e5 · 2025-12-17T15:26:13.000Z
diff --git a/README.md b/README.md
@@ -94,9 +94,12 @@ This setup leaks memory as memoryStore doesn't have a way to make sessions expir
 As per express recommendation, developers should use a suitable session storage library. See below one example with `connect-pg-simple`, which stores session data in a postgres database.
 
 <https://github.com/RaihanSharif/Cyber_Security_base_2025_project1/blob/ac0608d4f1745a9a05558d0a938372693709fd9c/app.js#L22>
-In this example the session is also configured to be more secure. 
-* `secure` - Ensures that the browser only sends cookies over HTTPS
-* `httpOnly` - Ensure the cookie is sent only over HTTP(S), no client JavaScript, which protects against cross-site scripting.
-* `maxAge` - Ensure that the cookie expires after some time.
+In this example the session is also configured to be more secure.
+
+-   `secure` - Ensures that the browser only sends cookies over HTTPS
+-   `httpOnly` - Ensure the cookie is sent only over HTTP(S), no client JavaScript, which protects against cross-site scripting.
+-   `maxAge` - Ensure that the cookie expires after some time.
 
 ### A09 Security Logging and Monitoring Failures
+
+Logging key security event is vital to ensuring accountability. Meaning that in the event of a secuirty breach the security team is able to properly trace the source the breach, for example security misconfiguration. Logging is also important to be able to quickly see and respond to attacks. E.g. if a large number of login attempts are made in a short time, it should be logged so that appropriate action can be taken.
diff --git a/app.js b/app.js
@@ -19,15 +19,15 @@ app.use(
         secret: process.env.SESSION_SECRET,
         resave: false,
         saveUninitialized: false,
-        // store: new pgSession({
-        //     pool: pool,
-        //     createTableIfMissing: true,
-        // }),
-        // cookie: {
-        //     maxAge: 24 * 60 * 60 * 1000,
-        //     secure: true,
-        //     httpOnly: true,
-        //  }, // 1 day
+        store: new pgSession({
+            pool: pool,
+            createTableIfMissing: true,
+        }),
+        cookie: {
+            maxAge: 24 * 60 * 60 * 1000,
+            // secure: true,
+            httpOnly: true,
+        }, // 1 day
     })
 );
 
diff --git a/controllers/accountController.js b/controllers/accountController.js
@@ -62,7 +62,6 @@ const postLogin = [
 
 // TODO: fix auth failure
 function getAdminView(req, res) {
-    console.log(req.query.admin === "true");
     if (req.query.admin === "true") {
         // if (req.user && req.user.is_admin) {
         res.render("adminPanel", { title: "admin panel" });
diff --git a/controllers/postController.js b/controllers/postController.js
@@ -8,7 +8,6 @@ async function getAllPosts(req, res, next) {
             await pool.query(`SELECT message, username FROM post JOIN account ON
             post.user_id=account.id;`);
 
-        console.log(rows);
         res.render("showPosts", { title: "posts", postList: rows });
     } catch (err) {
         return next(err);
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -24,6 +24,7 @@
         "express": "^5.2.1",
         "express-session": "^1.18.2",
         "express-validator": "^7.3.1",
+        "morgan": "^1.10.1",
         "passport": "^0.7.0",
         "passport-local": "^1.0.0",
         "pg": "^8.16.3"
diff --git a/public/script.js b/public/script.js
diff --git a/public/styles.css b/public/styles.css
diff --git a/rootPath.js b/rootPath.js
@@ -0,0 +1,5 @@
+const path = require("node:path");
+
+module.exports = {
+    logPath: path.join(__dirname, "logs"),
+};
diff --git a/routes/authRoutes.js b/routes/authRoutes.js
@@ -1,17 +1,29 @@
 const { Router } = require("express");
-
 const accountController = require("../controllers/accountController");
-
+const morgan = require("morgan");
+const fs = require("fs");
+const path = require("node:path");
 const authRouter = new Router();
 
+const { logPath } = require("../rootPath");
+
+const logStream = fs.createWriteStream(
+    path.join(logPath, "authentication.log"),
+    { flags: "a" }
+);
+
+const logger = morgan("combined", {
+    stream: logStream,
+});
+
 authRouter.get("/sign-up", accountController.getSingup);
 
 authRouter.post("/sign-up", accountController.postSignup);
 
-authRouter.post("/log-in", accountController.postLogin);
+authRouter.post("/log-in", [logger, accountController.postLogin]);
 
-authRouter.post("/log-out", accountController.postLogout);
+authRouter.post("/log-out", [logger, accountController.postLogout]);
 
-authRouter.get("/admin", accountController.getAdminView);
+authRouter.get("/admin", [logger, accountController.getAdminView]);
 
 module.exports = authRouter;
