Upgrade node version past 20 to get easy ENV variables so session secret can be removed from source code.

.gitignore

@@ -7,3 +7,4 @@
 /node_modules/*
 /tmp/*
 .vimrc
+.env

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18.18.2-alpine
+FROM node:22.9.0-alpine3.20
 
 EXPOSE 3000
 
@@ -20,4 +20,4 @@ RUN npm install
 #RUN cd /usr/src/app/CodeMirror && npm run build
 
 # Use nodemon to start app.
-CMD [ "nodemon" ]
+CMD [ "nodemon", "--env-file=.env", "server.js" ]

server.js

@@ -19,7 +19,7 @@ var db = require('./db');
 var Session = require('express-session');
 var SessionStore = require('session-file-store')(Session);
 var session = Session({
-        secret: 'here kitty kitty',
+        secret: process.env.SESSION_SECRET,
         resave: false,
         saveUninitialized: false,
         cookie: { sameSite: true, secure: true },