Adds the foundation for secure cookie-based authentication without changing
the authentication flow. This prepares the codebase for moving JWT tokens
from Redux state to httpOnly cookies in a follow-up PR.
Changes:
- Added cookie-parser dependency for HTTP cookie handling
- Added cookieParser() middleware to Express application
- Created cookieHelpers.js utilities for consistent cookie options
- Includes getAuthCookieOptions() for setting secure authentication cookies
- Includes getClearAuthCookieOptions() for clearing cookies on logout
Infrastructure only - no behavioral changes to authentication flow yet.
Files added/modified:
- package.json (cookie-parser dependency)
- src/app.js (cookieParser middleware)
- src/utils/cookieHelpers.js (cookie utilities)
Next steps:
- Follow-up PR will modify JWT verification to check cookies
- Enable secure cookie-based authentication
- Add logout functionality to clear httpOnly cookies
Risk level: LOW (infrastructure only, no authentication changes)
Adds foundational utilities for XSS prevention without applying them yet.
This prepares the codebase for comprehensive input sanitization in a follow-up PR.
Changes:
- Added isomorphic-dompurify and jsdom dependencies
- Created sanitization utilities in src/utils/sanitization.js
- Includes recursive object sanitization functions
- Provides Express middleware for body and query sanitization
Infrastructure only - no behavioral changes yet.
Files added:
- src/utils/sanitization.js (sanitization utilities)
- package.json (new dependencies)
Next steps:
- Apply sanitization middleware in follow-up PR
- Enable XSS protection across application
- Added a new `/games` route in `monitorRoute.js` to fetch all supported games.
- Implemented `getAllGames` method in `monitorController.js` using the `gamedig` library.
- Introduced `useFetchMonitorGames` hook in `monitorHooks.js` to fetch game data in the frontend.
- Updated `UptimeCreate` page to support game server monitoring:
- Added a new monitor type `"game"`.
- Dynamically fetches and displays game options using the new `/games` API.
- Removed hardcoded `GAMES` object and replaced it with dynamic fetching from the backend.
- Updated `NetworkService.js` with a new `getMonitorGames` method for API calls.
This update introduces game server monitoring functionality, allowing users to monitor game servers dynamically.
