Adds the foundation for secure cookie-based authentication without changing
the authentication flow. This prepares the codebase for moving JWT tokens
from Redux state to httpOnly cookies in a follow-up PR.
Changes:
- Added cookie-parser dependency for HTTP cookie handling
- Added cookieParser() middleware to Express application
- Created cookieHelpers.js utilities for consistent cookie options
- Includes getAuthCookieOptions() for setting secure authentication cookies
- Includes getClearAuthCookieOptions() for clearing cookies on logout
Infrastructure only - no behavioral changes to authentication flow yet.
Files added/modified:
- package.json (cookie-parser dependency)
- src/app.js (cookieParser middleware)
- src/utils/cookieHelpers.js (cookie utilities)
Next steps:
- Follow-up PR will modify JWT verification to check cookies
- Enable secure cookie-based authentication
- Add logout functionality to clear httpOnly cookies
Risk level: LOW (infrastructure only, no authentication changes)
Adds foundational utilities for XSS prevention without applying them yet.
This prepares the codebase for comprehensive input sanitization in a follow-up PR.
Changes:
- Added isomorphic-dompurify and jsdom dependencies
- Created sanitization utilities in src/utils/sanitization.js
- Includes recursive object sanitization functions
- Provides Express middleware for body and query sanitization
Infrastructure only - no behavioral changes yet.
Files added:
- src/utils/sanitization.js (sanitization utilities)
- package.json (new dependencies)
Next steps:
- Apply sanitization middleware in follow-up PR
- Enable XSS protection across application
