Address CodeQL issues

[vaibssingh]

Fixes #412

Moved the session secret to .env file. Also added rate limiter, csrf protection, stop returning error stack and add secure attribute to cookie. This PR fixes all the issues being flagged by CodeQL.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	d8cf1a6
🔍 Latest deploy log	https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/65fc4d544e30df0008b83a4b

[codecov]

Codecov Report

Attention: Patch coverage is 83.33333% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 46.98%. Comparing base (a0e9bff) to head (181cc4b).

❗ Current head 181cc4b differs from pull request most recent head d8cf1a6. Consider uploading reports for the commit d8cf1a6 to get more accurate results

Files	Patch %	Lines
src/service/routes/auth.js	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #462       +/-   ##
===========================================
- Coverage   57.15%   46.98%   -10.18%     
===========================================
  Files          39       39               
  Lines        1055     1060        +5     
===========================================
- Hits          603      498      -105     
- Misses        452      562      +110     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[maoo]

Thank you @vaibssingh ! The PR looks good to me, but maybe @JamieSlome and @coopernetes can have another look at it and merge.

Given your contributions to Git Proxy - @vaibssingh , I was wondering if you'd be interested to join our bi-weekly Zoom meeting where we coordinate around project activities; if that's the case, please email help@finos.org and I'll send out all the info you need to join. Thank you!

[maoo]

LGTM

[vaibssingh]

Thank you @vaibssingh ! The PR looks good to me, but maybe @JamieSlome and @coopernetes can have another look at it and merge.

Given your contributions to Git Proxy - @vaibssingh , I was wondering if you'd be interested to join our bi-weekly Zoom meeting where we coordinate around project activities; if that's the case, please email help@finos.org and I'll send out all the info you need to join. Thank you!

I would love to! I will be sending the email soon :)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/dotenv@16.4.5	environment, filesystem	0	79.1 kB	motdotla
npm/express-rate-limit@7.1.5	network	0	106 kB	nfriedly
npm/lusca@1.7.0	None	+1	44.3 kB	maxmil7

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[vaibssingh]

@JamieSlome should I look into the issue being reported by Socket regarding the postintall script too?

[JamieSlome]

@vaibssingh - nothing to do on your end 👍 Bit strange how Socket is reporting new dependencies when none of these dependencies are being added.

[JamieSlome]

LGTM! 🍰