login kept in memory

api/src/config.ts

@@ -2,6 +2,7 @@ import { readFileSync } from 'fs';
 
 export type ServerConfig = {
   port: number;
+  origin: string[];
 };
 
 export type MongoConfig = {

api/src/framework/express/server.ts

@@ -16,10 +16,21 @@ class Server {
 
     this.app = express();
     this.app.use(express.json());
-    this.app.use(cors());
+    this.app.use(
+      cors({
+        maxAge: 86400,
+        credentials: true,
+        origin: this.config.origin,
+      }),
+    );
     this.app.use(RequestId());
     this.app.use(
-      session({ secret: randomUUID(), cookie: { maxAge: 1000 * 3600 * 24 } }),
+      session({
+        secret: randomUUID(),
+        cookie: { maxAge: 1000 * 3600 * 24 },
+        resave: false,
+        saveUninitialized: false,
+      }),
     );
     //this.app.use(checkPermissions());
     this.app.use(getRoutes(services));

api/src/framework/express/user.ts

@@ -27,7 +27,7 @@ function LogoutHandler(services: Services): RequestHandler {
       req.session.user = null;
       res.status(204).send();
     } else {
-      next({ message: 'not logged in' });
+      next({ status: 401, message: 'not logged in' });
     }
   };
 }