Merge pull request #70 from andrewjcho84/projectManagement

andrewjcho84 · web-flow · commit 9bcea5384122 · 2020-07-15T15:11:20.000-07:00
Readme update, cookie security
diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ Download for [MacOS](https://github.com/team-reactype/ReacType/releases), [Windo
 
 #### Contributors
 
-[Aaron Bumanglang](https://www.linkedin.com/in/akbuma) [@akbuma](https://github.com/akbuma)
+[Aaron Bumanglag](https://www.linkedin.com/in/akbuma) [@akbuma](https://github.com/akbuma)
 
 [Adam Singer](https://linkedin.com/in/adsing) [@spincycle01](https://github.com/spincycle01)
 
diff --git a/app/electron/main.js b/app/electron/main.js
@@ -64,7 +64,7 @@ async function createWindow() {
     webPreferences: {
       zoomFactor: 0.7,
       // enable devtools when in development mode
-      devTools: true,
+      devTools: isDev,
       // crucial security feature - blocks rendering process from having access to node moduels
       nodeIntegration: false,
       // web workers will not have access to node
diff --git a/server/README.md b/server/README.md
@@ -5,6 +5,15 @@
 
 **ReacType Server** is the backend complement to the visual React prototyping tool **ReacType**. It is built in **Node.js** with the **Express** framework linked to **MongoDB** to handle user authentication (personal accounts on our own database as well as through Github Oauth), sessions, and user project management. The server itself is officially deployed through Heroku, but you can host your own local environment to communicate with the database with this repo.
 
+**For future development teams**: If you wish to update the server and re-deploy through heroku, you will need to get the credentials from one of the last team members:
+
+- [Tyler Sullberg](https://www.linkedin.com/in/tyler-sullberg) [@tsully](https://github.com/tsully)
+- [Andrew Cho](https://www.linkedin.com/in/andrewjcho84/) [@andrewjcho84](https://github.com/andrewjcho84)
+- [Aaron Bumanglag](https://www.linkedin.com/in/akbuma) [@akbuma](https://github.com/akbuma)
+- [Fredo Chen](https://www.linkedin.com/in/fredochen/) [@fredosauce](https://github.com/fredosauce)
+
+Redeployment should also be done with only the server subtree and not the entire repo. See this <a href="https://medium.com/@shalandy/deploy-git-subdirectory-to-heroku-ea05e95fce1f">article</a> about deploying just a subdirectory.
+
 If `npm` is your package manager, you just need to run the script `npm run dev` and it will start the server on `http://localhost:5000` for your development environment.
 
 Endpoint testing is currently integrated with Jest and Supertest as well and can be run by `npm run test` or `npm run test:watch` for watch mode.
diff --git a/server/controllers/cookieController.js b/server/controllers/cookieController.js
@@ -3,7 +3,11 @@ const cookieController = {};
 // setSSIDCookie - store the user id from database in cookie
 cookieController.setSSIDCookie = (req, res, next) => {
   // set cookie with key 'ssid' and value to user's id
-  res.cookie('ssid', res.locals.id);
+  res.cookie('ssid', res.locals.id, {
+    httpOnly: true,
+    sameSite: 'None',
+    secure: true
+  });
   return next();
 };
 
