From 45ac2f91373ccf0d7181baec92a15a30dbb3daad Mon Sep 17 00:00:00 2001
From: Andrew Mathes <100437964+AMathesCheckDRV@users.noreply.github.com>
Date: Thu, 1 Feb 2024 21:14:02 -0700
Subject: [PATCH] set recommended SNYK security in app.js

---
 .env   | 1 +
 app.js | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 .env

diff --git a/.env b/.env
new file mode 100644
index 0000000000..56d12980ed
--- /dev/null
+++ b/.env
@@ -0,0 +1 @@
+SESSION_SECRET=SECRET_TOKEN_f8ed84e8f41e4146403dd4a6bbcea5e418d23a9
diff --git a/app.js b/app.js
index e7dfa39ffd..a2663f1015 100644
--- a/app.js
+++ b/app.js
@@ -9,7 +9,7 @@ require('./typeorm-db')
 var st = require('st');
 var crypto = require('crypto');
 var express = require('express');
-var http = require('http');
+var https = require('https');
 var path = require('path');
 var ejsEngine = require('ejs-locals');
 var bodyParser = require('body-parser');
@@ -80,9 +80,9 @@ if (app.get('env') == 'development') {
   app.use(errorHandler());
 }
 
-var token = 'SECRET_TOKEN_f8ed84e8f41e4146403dd4a6bbcea5e418d23a9';
-console.log('token: ' + token);
+const sessionSecret = process.env.SESSION_SECRET;
+console.log('token: ' + sessionSecret);
 
-http.createServer(app).listen(app.get('port'), function () {
+https.createServer(app).listen(app.get('port'), function () {
   console.log('Express server listening on port ' + app.get('port'));
 });