@adonisjs/session 6.3.0 → 7.0.0-0

package/build/src/{Drivers/Redis.d.ts → drivers/redis.d.ts}

@@ -1,29 +1,19 @@
 /**
  * @adonisjs/session
  *
- * (c) Harminder Virk <virk@adonisjs.com>
+ * (c) AdonisJS
  *
  * For the full copyright and license information, please view the LICENSE
  * file that was distributed with this source code.
  */
-/// <reference path="../../adonis-typings/index.d.ts" />
-import { SessionDriverContract, SessionConfig } from '@ioc:Adonis/Addons/Session';
-import { RedisManagerContract } from '@ioc:Adonis/Addons/Redis';
+import type { RedisManagerContract } from '@adonisjs/redis/types';
+import type { SessionDriverContract, SessionConfig } from '../types.js';
 /**
  * File driver to read/write session to filesystem
  */
 export declare class RedisDriver implements SessionDriverContract {
-    private config;
-    private redis;
-    /**
-     * Convert milliseconds to seconds
-     */
-    private ttl;
-    constructor(config: SessionConfig, redis: RedisManagerContract);
-    /**
-     * Returns instance of the redis connection
-     */
-    private getRedisConnection;
+    #private;
+    constructor(config: SessionConfig, redis: RedisManagerContract<any>);
     /**
      * Returns file contents. A new file will be created if it's
      * missing.

package/build/src/drivers/redis.js

@@ -0,0 +1,74 @@
+/**
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { Exception } from '@poppinss/utils';
+import string from '@poppinss/utils/string';
+import { MessageBuilder } from '@poppinss/utils';
+/**
+ * File driver to read/write session to filesystem
+ */
+export class RedisDriver {
+    #config;
+    #redis;
+    #ttl;
+    constructor(config, redis) {
+        this.#config = config;
+        this.#redis = redis;
+        /**
+         * Convert milliseconds to seconds
+         */
+        this.#ttl = Math.round((typeof this.#config.age === 'string'
+            ? string.milliseconds.parse(this.#config.age)
+            : this.#config.age) / 1000);
+        if (!this.#config.redisConnection) {
+            throw new Exception('Missing redisConnection for session redis driver inside "config/session" file', { code: 'E_INVALID_SESSION_DRIVER_CONFIG', status: 500 });
+        }
+    }
+    /**
+     * Returns instance of the redis connection
+     */
+    #getRedisConnection() {
+        return this.#redis.connection(this.#config.redisConnection);
+    }
+    /**
+     * Returns file contents. A new file will be created if it's
+     * missing.
+     */
+    async read(sessionId) {
+        const contents = await this.#getRedisConnection().get(sessionId);
+        if (!contents) {
+            return null;
+        }
+        const verifiedContents = new MessageBuilder().verify(contents, sessionId);
+        if (typeof verifiedContents !== 'object') {
+            return null;
+        }
+        return verifiedContents;
+    }
+    /**
+     * Write session values to a file
+     */
+    async write(sessionId, values) {
+        if (typeof values !== 'object') {
+            throw new Error('Session file driver expects an object of values');
+        }
+        await this.#getRedisConnection().setex(sessionId, this.#ttl, new MessageBuilder().build(values, undefined, sessionId));
+    }
+    /**
+     * Cleanup session file by removing it
+     */
+    async destroy(sessionId) {
+        await this.#getRedisConnection().del(sessionId);
+    }
+    /**
+     * Updates the value expiry
+     */
+    async touch(sessionId) {
+        await this.#getRedisConnection().expire(sessionId, this.#ttl);
+    }
+}

package/build/src/{Session/index.d.ts → session.d.ts}

@@ -1,15 +1,12 @@
-/// <reference path="../../adonis-typings/session.d.ts" />
-import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
-import { SessionConfig, SessionContract, AllowedSessionValues, SessionDriverContract } from '@ioc:Adonis/Addons/Session';
-import { Store } from '../Store';
+import type { SessionConfig, SessionDriverContract, AllowedSessionValues } from './types.js';
+import type { HttpContext } from '@adonisjs/core/http';
+import { Store } from './store.js';
 /**
  * Session class exposes the API to read/write values to the session for
  * a given request.
  */
-export declare class Session implements SessionContract {
-    private ctx;
-    private config;
-    private driver;
+export declare class Session {
+    #private;
     /**
      * Set to true inside the `initiate` method
      */
@@ -34,21 +31,6 @@ export declare class Session implements SessionContract {
      * A copy of previously set flash messages
      */
     flashMessages: Store;
-    /**
-     * Session id for the current request. It will be different
-     * from the "this.sessionId" when regenerate is called.
-     */
-    private currentSessionId;
-    /**
-     * A instance of store with values read from the driver. The store
-     * in initiated inside the [[initiate]] method
-     */
-    private store;
-    /**
-     * Whether or not to re-generate the session id before comitting
-     * session values.
-     */
-    private regeneratedSessionId;
     /**
      * A copy of flash messages. The `input` messages
      * are overwritten when any of the input related
@@ -57,50 +39,7 @@ export declare class Session implements SessionContract {
      * The `others` object is expanded with each call.
      */
     responseFlashMessages: Store;
-    /**
-     * Session key for setting flash messages
-     */
-    private flashMessagesKey;
-    constructor(ctx: HttpContextContract, config: SessionConfig, driver: SessionDriverContract);
-    /**
-     * Returns a merged copy of flash messages or null
-     * when nothing is set
-     */
-    private setFlashMessages;
-    /**
-     * Returns the existing session id or creates one.
-     */
-    private getSessionId;
-    /**
-     * Ensures the session store is initialized
-     */
-    private ensureIsReady;
-    /**
-     * Raises exception when session store is in readonly mode
-     */
-    private ensureIsMutable;
-    /**
-     * Touches the session cookie
-     */
-    private touchSessionCookie;
-    /**
-     * Commits the session value to the store
-     */
-    private commitValuesToStore;
-    /**
-     * Touches the driver to make sure the session values doesn't expire
-     */
-    private touchDriver;
-    /**
-     * Reading flash messages from the last HTTP request and
-     * updating the flash messages bag
-     */
-    private readLastRequestFlashMessage;
-    /**
-     * Share flash messages & read only session's functions with views
-     * (only when view property exists)
-     */
-    private shareLocalsWithView;
+    constructor(ctx: HttpContext, config: SessionConfig, driver: SessionDriverContract);
     /**
      * Initiating the session by reading it's value from the
      * driver and feeding it to a store.

package/build/src/session.js

@@ -0,0 +1,373 @@
+/*
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { Exception } from '@poppinss/utils';
+import lodash from '@poppinss/utils/lodash';
+import { cuid } from '@adonisjs/core/helpers';
+import { Store } from './store.js';
+/**
+ * Session class exposes the API to read/write values to the session for
+ * a given request.
+ */
+export class Session {
+    /**
+     * Session id for the current request. It will be different
+     * from the "this.sessionId" when regenerate is called.
+     */
+    #currentSessionId;
+    /**
+     * A instance of store with values read from the driver. The store
+     * in initiated inside the [[initiate]] method
+     */
+    #store;
+    /**
+     * Whether or not to re-generate the session id before committing
+     * session values.
+     */
+    #regeneratedSessionId = false;
+    /**
+     * Session key for setting flash messages
+     */
+    #flashMessagesKey = '__flash__';
+    /**
+     * The HTTP context for the current request.
+     */
+    #ctx;
+    /**
+     * Configuration for the session
+     */
+    #config;
+    /**
+     * The session driver instance used to read and write session data.
+     */
+    #driver;
+    /**
+     * Set to true inside the `initiate` method
+     */
+    initiated = false;
+    /**
+     * A boolean to know if it's a fresh session or not. Fresh
+     * sessions are those, whose session id is not present
+     * in cookie
+     */
+    fresh = false;
+    /**
+     * A boolean to know if store is initiated in readonly mode
+     * or not. This is done during Websocket requests
+     */
+    readonly = false;
+    /**
+     * Session id for the given request. A new session id is only
+     * generated when the cookie for the session id is missing
+     */
+    sessionId;
+    /**
+     * A copy of previously set flash messages
+     */
+    flashMessages = new Store({});
+    /**
+     * A copy of flash messages. The `input` messages
+     * are overwritten when any of the input related
+     * methods are used.
+     *
+     * The `others` object is expanded with each call.
+     */
+    responseFlashMessages = new Store({});
+    constructor(ctx, config, driver) {
+        this.#ctx = ctx;
+        this.#config = config;
+        this.#driver = driver;
+        this.sessionId = this.#getSessionId();
+        this.#currentSessionId = this.sessionId;
+    }
+    /**
+     * Returns a merged copy of flash messages or null
+     * when nothing is set
+     */
+    #setFlashMessages() {
+        if (this.responseFlashMessages.isEmpty) {
+            return;
+        }
+        const { input, ...others } = this.responseFlashMessages.all();
+        this.put(this.#flashMessagesKey, { ...input, ...others });
+    }
+    /**
+     * Returns the existing session id or creates one.
+     */
+    #getSessionId() {
+        const sessionId = this.#ctx.request.cookie(this.#config.cookieName);
+        if (sessionId) {
+            return sessionId;
+        }
+        this.fresh = true;
+        return cuid();
+    }
+    /**
+     * Ensures the session store is initialized
+     */
+    #ensureIsReady() {
+        if (!this.initiated) {
+            throw new Exception('Session store is not initiated yet. Make sure you are using the session hook', { code: 'E_RUNTIME_EXCEPTION', status: 500 });
+        }
+    }
+    /**
+     * Raises exception when session store is in readonly mode
+     */
+    #ensureIsMutable() {
+        if (this.readonly) {
+            throw new Exception('Session store is in readonly mode and cannot be mutated', {
+                status: 500,
+                code: 'E_RUNTIME_EXCEPTION',
+            });
+        }
+    }
+    /**
+     * Touches the session cookie
+     */
+    #touchSessionCookie() {
+        this.#ctx.logger.trace('touching session cookie');
+        this.#ctx.response.cookie(this.#config.cookieName, this.sessionId, this.#config.cookie);
+    }
+    /**
+     * Commits the session value to the store
+     */
+    async #commitValuesToStore() {
+        this.#ctx.logger.trace('persist session store with driver');
+        await this.#driver.write(this.sessionId, this.#store.toJSON());
+    }
+    /**
+     * Touches the driver to make sure the session values doesn't expire
+     */
+    async #touchDriver() {
+        this.#ctx.logger.trace('touch driver for liveliness');
+        await this.#driver.touch(this.sessionId);
+    }
+    /**
+     * Reading flash messages from the last HTTP request and
+     * updating the flash messages bag
+     */
+    #readLastRequestFlashMessage() {
+        if (this.readonly) {
+            return;
+        }
+        this.flashMessages.update(this.pull(this.#flashMessagesKey, null));
+    }
+    /**
+     * Share flash messages & read only session's functions with views
+     * (only when view property exists)
+     */
+    #shareLocalsWithView() {
+        // @ts-ignore may need to expose ./types/extended from adonisjs/view
+        if (!this.#ctx['view'] || typeof this.#ctx['view'].share !== 'function') {
+            return;
+        }
+        // @ts-ignore may need to expose ./types/extended from adonisjs/view
+        this.#ctx['view'].share({
+            flashMessages: this.flashMessages,
+            session: {
+                get: this.get.bind(this),
+                has: this.has.bind(this),
+                all: this.all.bind(this),
+            },
+        });
+    }
+    /**
+     * Initiating the session by reading it's value from the
+     * driver and feeding it to a store.
+     *
+     * Multiple calls to `initiate` results in a noop.
+     */
+    async initiate(readonly) {
+        if (this.initiated) {
+            return;
+        }
+        this.readonly = readonly;
+        const contents = await this.#driver.read(this.sessionId);
+        this.#store = new Store(contents);
+        this.initiated = true;
+        this.#readLastRequestFlashMessage();
+        this.#shareLocalsWithView();
+    }
+    /**
+     * Re-generates the session id. This can is used to avoid
+     * session fixation attacks.
+     */
+    regenerate() {
+        this.#ctx.logger.trace('explicitly re-generating session id');
+        this.sessionId = cuid();
+        this.#regeneratedSessionId = true;
+    }
+    /**
+     * Set/update session value
+     */
+    put(key, value) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.set(key, value);
+    }
+    /**
+     * Find if the value exists in the session
+     */
+    has(key) {
+        this.#ensureIsReady();
+        return this.#store.has(key);
+    }
+    /**
+     * Get value from the session. The default value is returned
+     * when actual value is `undefined`
+     */
+    get(key, defaultValue) {
+        this.#ensureIsReady();
+        return this.#store.get(key, defaultValue);
+    }
+    /**
+     * Returns everything from the session
+     */
+    all() {
+        this.#ensureIsReady();
+        return this.#store.all();
+    }
+    /**
+     * Remove value for a given key from the session
+     */
+    forget(key) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.unset(key);
+    }
+    /**
+     * The method is equivalent to calling `session.get` followed
+     * by `session.forget`
+     */
+    pull(key, defaultValue) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        return this.#store.pull(key, defaultValue);
+    }
+    /**
+     * Increment value for a number inside the session store. The
+     * method raises an error when underlying value is not
+     * a number
+     */
+    increment(key, steps = 1) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.increment(key, steps);
+    }
+    /**
+     * Decrement value for a number inside the session store. The
+     * method raises an error when underlying value is not
+     * a number
+     */
+    decrement(key, steps = 1) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.decrement(key, steps);
+    }
+    /**
+     * Remove everything from the session
+     */
+    clear() {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.clear();
+    }
+    /**
+     * Add a new flash message
+     */
+    flash(key, value) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        /**
+         * Update value
+         */
+        if (typeof key === 'string') {
+            if (value) {
+                this.responseFlashMessages.set(key, value);
+            }
+        }
+        else {
+            this.responseFlashMessages.merge(key);
+        }
+    }
+    /**
+     * Flash all form values
+     */
+    flashAll() {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.responseFlashMessages.set('input', this.#ctx.request.original());
+    }
+    /**
+     * Flash all form values except mentioned keys
+     */
+    flashExcept(keys) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.responseFlashMessages.set('input', lodash.omit(this.#ctx.request.original(), keys));
+    }
+    /**
+     * Flash only defined keys from the form values
+     */
+    flashOnly(keys) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.responseFlashMessages.set('input', lodash.pick(this.#ctx.request.original(), keys));
+    }
+    /**
+     * Reflash existing flash messages
+     */
+    reflash() {
+        this.flash(this.flashMessages.all());
+    }
+    /**
+     * Reflash selected keys from the existing flash messages
+     */
+    reflashOnly(keys) {
+        this.flash(lodash.pick(this.flashMessages.all(), keys));
+    }
+    /**
+     * Omit selected keys from the existing flash messages
+     * and flash the rest of values
+     */
+    reflashExcept(keys) {
+        this.flash(lodash.omit(this.flashMessages.all(), keys));
+    }
+    /**
+     * Writes value to the underlying session driver.
+     */
+    async commit() {
+        if (!this.initiated) {
+            this.#touchSessionCookie();
+            await this.#touchDriver();
+            return;
+        }
+        /**
+         * Cleanup old session and re-generate new session
+         */
+        if (this.#regeneratedSessionId) {
+            await this.#driver.destroy(this.#currentSessionId);
+        }
+        /**
+         * Touch the session cookie to keep it alive.
+         */
+        this.#touchSessionCookie();
+        this.#setFlashMessages();
+        /**
+         * Commit values to the store if not empty.
+         * Otherwise delete the session store to cleanup
+         * the storage space.
+         */
+        if (!this.#store.isEmpty) {
+            await this.#commitValuesToStore();
+        }
+        else {
+            await this.#driver.destroy(this.sessionId);
+        }
+    }
+}

package/build/src/session_manager.d.ts

@@ -0,0 +1,38 @@
+/**
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { Session } from './session.js';
+import { HttpContext } from '@adonisjs/core/http';
+import { ExtendCallback, SessionConfig } from './types.js';
+import { RedisManagerContract } from '@adonisjs/redis/types';
+import { Encryption } from '@adonisjs/core/encryption';
+import { SessionClient } from './client.js';
+/**
+ * Session manager exposes the API to create session instance for a given
+ * request and also add new drivers.
+ */
+export declare class SessionManager {
+    #private;
+    constructor(config: SessionConfig, encryption: Encryption, redis?: RedisManagerContract<any>);
+    /**
+     * Find if the sessions are enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Creates an instance of the session client
+     */
+    client(): SessionClient;
+    /**
+     * Creates a new session instance for a given HTTP request
+     */
+    create(ctx: HttpContext): Session;
+    /**
+     * Extend the drivers list by adding a new one.
+     */
+    extend(driver: string, callback: ExtendCallback): void;
+}