@adonisjs/session 6.4.0 → 7.0.0-1

package/build/src/session.js

@@ -0,0 +1,371 @@
+/*
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { Exception } from '@poppinss/utils';
+import lodash from '@poppinss/utils/lodash';
+import { cuid } from '@adonisjs/core/helpers';
+import { Store } from './store.js';
+/**
+ * Session class exposes the API to read/write values to the session for
+ * a given request.
+ */
+export class Session {
+    /**
+     * Session id for the current request. It will be different
+     * from the "this.sessionId" when regenerate is called.
+     */
+    #currentSessionId;
+    /**
+     * A instance of store with values read from the driver. The store
+     * in initiated inside the [[initiate]] method
+     */
+    #store;
+    /**
+     * Whether or not to re-generate the session id before committing
+     * session values.
+     */
+    #regeneratedSessionId = false;
+    /**
+     * Session key for setting flash messages
+     */
+    #flashMessagesKey = '__flash__';
+    /**
+     * The HTTP context for the current request.
+     */
+    #ctx;
+    /**
+     * Configuration for the session
+     */
+    #config;
+    /**
+     * The session driver instance used to read and write session data.
+     */
+    #driver;
+    /**
+     * Set to true inside the `initiate` method
+     */
+    initiated = false;
+    /**
+     * A boolean to know if it's a fresh session or not. Fresh
+     * sessions are those, whose session id is not present
+     * in cookie
+     */
+    fresh = false;
+    /**
+     * A boolean to know if store is initiated in readonly mode
+     * or not. This is done during Websocket requests
+     */
+    readonly = false;
+    /**
+     * Session id for the given request. A new session id is only
+     * generated when the cookie for the session id is missing
+     */
+    sessionId;
+    /**
+     * A copy of previously set flash messages
+     */
+    flashMessages = new Store({});
+    /**
+     * A copy of flash messages. The `input` messages
+     * are overwritten when any of the input related
+     * methods are used.
+     *
+     * The `others` object is expanded with each call.
+     */
+    responseFlashMessages = new Store({});
+    constructor(ctx, config, driver) {
+        this.#ctx = ctx;
+        this.#config = config;
+        this.#driver = driver;
+        this.sessionId = this.#getSessionId();
+        this.#currentSessionId = this.sessionId;
+    }
+    /**
+     * Returns a merged copy of flash messages or null
+     * when nothing is set
+     */
+    #setFlashMessages() {
+        if (this.responseFlashMessages.isEmpty) {
+            return;
+        }
+        const { input, ...others } = this.responseFlashMessages.all();
+        this.put(this.#flashMessagesKey, { ...input, ...others });
+    }
+    /**
+     * Returns the existing session id or creates one.
+     */
+    #getSessionId() {
+        const sessionId = this.#ctx.request.cookie(this.#config.cookieName);
+        if (sessionId) {
+            return sessionId;
+        }
+        this.fresh = true;
+        return cuid();
+    }
+    /**
+     * Ensures the session store is initialized
+     */
+    #ensureIsReady() {
+        if (!this.initiated) {
+            throw new Exception('Session store is not initiated yet. Make sure you are using the session hook', { code: 'E_RUNTIME_EXCEPTION', status: 500 });
+        }
+    }
+    /**
+     * Raises exception when session store is in readonly mode
+     */
+    #ensureIsMutable() {
+        if (this.readonly) {
+            throw new Exception('Session store is in readonly mode and cannot be mutated', {
+                status: 500,
+                code: 'E_RUNTIME_EXCEPTION',
+            });
+        }
+    }
+    /**
+     * Touches the session cookie
+     */
+    #touchSessionCookie() {
+        this.#ctx.logger.trace('touching session cookie');
+        this.#ctx.response.cookie(this.#config.cookieName, this.sessionId, this.#config.cookie);
+    }
+    /**
+     * Commits the session value to the store
+     */
+    async #commitValuesToStore() {
+        this.#ctx.logger.trace('persist session store with driver');
+        await this.#driver.write(this.sessionId, this.#store.toJSON());
+    }
+    /**
+     * Touches the driver to make sure the session values doesn't expire
+     */
+    async #touchDriver() {
+        this.#ctx.logger.trace('touch driver for liveliness');
+        await this.#driver.touch(this.sessionId);
+    }
+    /**
+     * Reading flash messages from the last HTTP request and
+     * updating the flash messages bag
+     */
+    #readLastRequestFlashMessage() {
+        if (this.readonly) {
+            return;
+        }
+        this.flashMessages.update(this.pull(this.#flashMessagesKey, null));
+    }
+    /**
+     * Share flash messages & read only session's functions with views
+     * (only when view property exists)
+     */
+    #shareLocalsWithView() {
+        if (!this.#ctx['view'] || typeof this.#ctx['view'].share !== 'function') {
+            return;
+        }
+        this.#ctx['view'].share({
+            flashMessages: this.flashMessages,
+            session: {
+                get: this.get.bind(this),
+                has: this.has.bind(this),
+                all: this.all.bind(this),
+            },
+        });
+    }
+    /**
+     * Initiating the session by reading it's value from the
+     * driver and feeding it to a store.
+     *
+     * Multiple calls to `initiate` results in a noop.
+     */
+    async initiate(readonly) {
+        if (this.initiated) {
+            return;
+        }
+        this.readonly = readonly;
+        const contents = await this.#driver.read(this.sessionId);
+        this.#store = new Store(contents);
+        this.initiated = true;
+        this.#readLastRequestFlashMessage();
+        this.#shareLocalsWithView();
+    }
+    /**
+     * Re-generates the session id. This can is used to avoid
+     * session fixation attacks.
+     */
+    regenerate() {
+        this.#ctx.logger.trace('explicitly re-generating session id');
+        this.sessionId = cuid();
+        this.#regeneratedSessionId = true;
+    }
+    /**
+     * Set/update session value
+     */
+    put(key, value) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.set(key, value);
+    }
+    /**
+     * Find if the value exists in the session
+     */
+    has(key) {
+        this.#ensureIsReady();
+        return this.#store.has(key);
+    }
+    /**
+     * Get value from the session. The default value is returned
+     * when actual value is `undefined`
+     */
+    get(key, defaultValue) {
+        this.#ensureIsReady();
+        return this.#store.get(key, defaultValue);
+    }
+    /**
+     * Returns everything from the session
+     */
+    all() {
+        this.#ensureIsReady();
+        return this.#store.all();
+    }
+    /**
+     * Remove value for a given key from the session
+     */
+    forget(key) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.unset(key);
+    }
+    /**
+     * The method is equivalent to calling `session.get` followed
+     * by `session.forget`
+     */
+    pull(key, defaultValue) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        return this.#store.pull(key, defaultValue);
+    }
+    /**
+     * Increment value for a number inside the session store. The
+     * method raises an error when underlying value is not
+     * a number
+     */
+    increment(key, steps = 1) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.increment(key, steps);
+    }
+    /**
+     * Decrement value for a number inside the session store. The
+     * method raises an error when underlying value is not
+     * a number
+     */
+    decrement(key, steps = 1) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.decrement(key, steps);
+    }
+    /**
+     * Remove everything from the session
+     */
+    clear() {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.#store.clear();
+    }
+    /**
+     * Add a new flash message
+     */
+    flash(key, value) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        /**
+         * Update value
+         */
+        if (typeof key === 'string') {
+            if (value) {
+                this.responseFlashMessages.set(key, value);
+            }
+        }
+        else {
+            this.responseFlashMessages.merge(key);
+        }
+    }
+    /**
+     * Flash all form values
+     */
+    flashAll() {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.responseFlashMessages.set('input', this.#ctx.request.original());
+    }
+    /**
+     * Flash all form values except mentioned keys
+     */
+    flashExcept(keys) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.responseFlashMessages.set('input', lodash.omit(this.#ctx.request.original(), keys));
+    }
+    /**
+     * Flash only defined keys from the form values
+     */
+    flashOnly(keys) {
+        this.#ensureIsReady();
+        this.#ensureIsMutable();
+        this.responseFlashMessages.set('input', lodash.pick(this.#ctx.request.original(), keys));
+    }
+    /**
+     * Reflash existing flash messages
+     */
+    reflash() {
+        this.flash(this.flashMessages.all());
+    }
+    /**
+     * Reflash selected keys from the existing flash messages
+     */
+    reflashOnly(keys) {
+        this.flash(lodash.pick(this.flashMessages.all(), keys));
+    }
+    /**
+     * Omit selected keys from the existing flash messages
+     * and flash the rest of values
+     */
+    reflashExcept(keys) {
+        this.flash(lodash.omit(this.flashMessages.all(), keys));
+    }
+    /**
+     * Writes value to the underlying session driver.
+     */
+    async commit() {
+        if (!this.initiated) {
+            this.#touchSessionCookie();
+            await this.#touchDriver();
+            return;
+        }
+        /**
+         * Cleanup old session and re-generate new session
+         */
+        if (this.#regeneratedSessionId) {
+            await this.#driver.destroy(this.#currentSessionId);
+        }
+        /**
+         * Touch the session cookie to keep it alive.
+         */
+        this.#touchSessionCookie();
+        this.#setFlashMessages();
+        /**
+         * Commit values to the store if not empty.
+         * Otherwise delete the session store to cleanup
+         * the storage space.
+         */
+        if (!this.#store.isEmpty) {
+            await this.#commitValuesToStore();
+        }
+        else {
+            await this.#driver.destroy(this.sessionId);
+        }
+    }
+}

package/build/src/session_manager.d.ts

@@ -0,0 +1,38 @@
+/**
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { Session } from './session.js';
+import { HttpContext } from '@adonisjs/core/http';
+import { ExtendCallback, SessionConfig } from './types.js';
+import { RedisManagerContract } from '@adonisjs/redis/types';
+import { Encryption } from '@adonisjs/core/encryption';
+import { SessionClient } from './client.js';
+/**
+ * Session manager exposes the API to create session instance for a given
+ * request and also add new drivers.
+ */
+export declare class SessionManager {
+    #private;
+    constructor(config: SessionConfig, encryption: Encryption, redis?: RedisManagerContract<any>);
+    /**
+     * Find if the sessions are enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Creates an instance of the session client
+     */
+    client(): SessionClient;
+    /**
+     * Creates a new session instance for a given HTTP request
+     */
+    create(ctx: HttpContext): Session;
+    /**
+     * Extend the drivers list by adding a new one.
+     */
+    extend(driver: string, callback: ExtendCallback): void;
+}

package/build/src/session_manager.js

@@ -0,0 +1,149 @@
+/**
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import string from '@poppinss/utils/string';
+import { Exception } from '@poppinss/utils';
+import { Session } from './session.js';
+import { CookieClient } from '@adonisjs/core/http';
+import { CookieDriver } from './drivers/cookie.js';
+import { MemoryDriver } from './drivers/memory.js';
+import { FileDriver } from './drivers/file.js';
+import { RedisDriver } from './drivers/redis.js';
+import { SessionClient } from './client.js';
+/**
+ * Session manager exposes the API to create session instance for a given
+ * request and also add new drivers.
+ */
+export class SessionManager {
+    /**
+     * A private map of drivers added from outside in.
+     */
+    #extendedDrivers = new Map();
+    /**
+     * Reference to session config
+     */
+    #config;
+    /**
+     * Reference to the encryption instance
+     */
+    #encryption;
+    /**
+     * Reference to the redis manager
+     */
+    #redis;
+    constructor(config, encryption, redis) {
+        this.#encryption = encryption;
+        this.#redis = redis;
+        this.#processConfig(config);
+    }
+    /**
+     * Processes the config and decides the `expires` option for the cookie
+     */
+    #processConfig(config) {
+        /**
+         * Explicitly overwriting `cookie.expires` and `cookie.maxAge` from
+         * the user defined config
+         */
+        const processedConfig = Object.assign({ enabled: true }, config, {
+            cookie: {
+                ...config.cookie,
+                expires: undefined,
+                maxAge: undefined,
+            },
+        });
+        /**
+         * Set the max age when `clearWithBrowser = false`. Otherwise cookie
+         * is a session cookie
+         */
+        if (!processedConfig.clearWithBrowser) {
+            const age = typeof processedConfig.age === 'string'
+                ? Math.round(string.milliseconds.parse(processedConfig.age) / 1000)
+                : processedConfig.age;
+            processedConfig.cookie.maxAge = age;
+        }
+        this.#config = processedConfig;
+    }
+    /**
+     * Returns an instance of cookie driver
+     */
+    #createCookieDriver(ctx) {
+        return new CookieDriver(this.#config, ctx);
+    }
+    /**
+     * Returns an instance of the memory driver
+     */
+    #createMemoryDriver() {
+        return new MemoryDriver();
+    }
+    /**
+     * Returns an instance of file driver
+     */
+    #createFileDriver() {
+        return new FileDriver(this.#config);
+    }
+    /**
+     * Returns an instance of redis driver
+     */
+    #createRedisDriver() {
+        if (!this.#redis) {
+            throw new Error('Install "@adonisjs/redis" in order to use the redis driver for storing sessions');
+        }
+        return new RedisDriver(this.#config, this.#redis);
+    }
+    /**
+     * Creates an instance of extended driver
+     */
+    #createExtendedDriver(ctx) {
+        if (!this.#extendedDrivers.has(this.#config.driver)) {
+            throw new Exception(`"${this.#config.driver}" is not a valid session driver`, {
+                code: 'E_INVALID_SESSION_DRIVER',
+                status: 500,
+            });
+        }
+        return this.#extendedDrivers.get(this.#config.driver)(this, this.#config, ctx);
+    }
+    #createDriver(ctx) {
+        switch (this.#config.driver) {
+            case 'cookie':
+                return this.#createCookieDriver(ctx);
+            case 'file':
+                return this.#createFileDriver();
+            case 'redis':
+                return this.#createRedisDriver();
+            case 'memory':
+                return this.#createMemoryDriver();
+            default:
+                return this.#createExtendedDriver(ctx);
+        }
+    }
+    /**
+     * Find if the sessions are enabled
+     */
+    isEnabled() {
+        return this.#config.enabled;
+    }
+    /**
+     * Creates an instance of the session client
+     */
+    client() {
+        const cookieClient = new CookieClient(this.#encryption);
+        return new SessionClient(this.#config, this.#createMemoryDriver(), cookieClient, {});
+    }
+    /**
+     * Creates a new session instance for a given HTTP request
+     */
+    create(ctx) {
+        return new Session(ctx, this.#config, this.#createDriver(ctx));
+    }
+    /**
+     * Extend the drivers list by adding a new one.
+     */
+    extend(driver, callback) {
+        this.#extendedDrivers.set(driver, callback);
+    }
+}

package/build/src/session_middleware.d.ts

@@ -0,0 +1,5 @@
+import type { HttpContext } from '@adonisjs/core/http';
+import type { NextFn } from '@adonisjs/core/types/http';
+export default class SessionMiddleware {
+    handle(ctx: HttpContext, next: NextFn): Promise<void>;
+}

package/build/src/session_middleware.js

@@ -0,0 +1,20 @@
+export default class SessionMiddleware {
+    async handle(ctx, next) {
+        const sessionManager = (await ctx.containerResolver.make('session'));
+        if (!sessionManager.isEnabled()) {
+            return;
+        }
+        /**
+         * Initiate session store
+         */
+        await ctx.session.initiate(false);
+        /**
+         * Call next middlewares or route handler
+         */
+        await next();
+        /**
+         * Commit store mutations
+         */
+        await ctx.session.commit();
+    }
+}

package/build/src/{Store/index.d.ts → store.d.ts}

@@ -1,13 +1,9 @@
-/// <reference path="../../adonis-typings/index.d.ts" />
-import { AllowedSessionValues, StoreContract } from '@ioc:Adonis/Addons/Session';
+import type { AllowedSessionValues } from './types.js';
 /**
  * Session store to mutate and access values from the session object
  */
-export declare class Store implements StoreContract {
-    /**
-     * Underlying store values
-     */
-    private values;
+export declare class Store {
+    #private;
     constructor(values: {
         [key: string]: any;
     } | null);

package/build/src/{Store/index.js → store.js}

@@ -1,46 +1,47 @@
-"use strict";
 /*
  * @adonisjs/redis
  *
- * (c) Harminder Virk <virk@adonisjs.com>
+ * (c) AdonisJS
  *
  * For the full copyright and license information, please view the LICENSE
  * file that was distributed with this source code.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Store = void 0;
-/// <reference path="../../adonis-typings/index.ts" />
-const utils_1 = require("@poppinss/utils");
+import { Exception } from '@poppinss/utils';
+import lodash from '@poppinss/utils/lodash';
 /**
  * Session store to mutate and access values from the session object
  */
-class Store {
+export class Store {
+    /**
+     * Underlying store values
+     */
+    #values;
     constructor(values) {
-        this.values = values || {};
+        this.#values = values || {};
     }
     /**
      * Find if store is empty or not
      */
     get isEmpty() {
-        return !this.values || Object.keys(this.values).length === 0;
+        return !this.#values || Object.keys(this.#values).length === 0;
     }
     /**
      * Set key/value pair
      */
     set(key, value) {
-        utils_1.lodash.set(this.values, key, value);
+        lodash.set(this.#values, key, value);
     }
     /**
      * Get value for a given key
      */
     get(key, defaultValue) {
-        return utils_1.lodash.get(this.values, key, defaultValue);
+        return lodash.get(this.#values, key, defaultValue);
     }
     /**
      * Remove key
      */
     unset(key) {
-        utils_1.lodash.unset(this.values, key);
+        lodash.unset(this.#values, key);
     }
     /**
      * Reset store by clearing it's values.
@@ -65,7 +66,7 @@ class Store {
     increment(key, steps = 1) {
         const value = this.get(key, 0);
         if (typeof value !== 'number') {
-            throw new utils_1.Exception(`Cannot increment "${key}", since original value is not a number`);
+            throw new Exception(`Cannot increment "${key}", since original value is not a number`);
         }
         this.set(key, value + steps);
     }
@@ -76,7 +77,7 @@ class Store {
     decrement(key, steps = 1) {
         const value = this.get(key, 0);
         if (typeof value !== 'number') {
-            throw new utils_1.Exception(`Cannot increment "${key}", since original value is not a number`);
+            throw new Exception(`Cannot increment "${key}", since original value is not a number`);
         }
         this.set(key, value - steps);
     }
@@ -84,13 +85,13 @@ class Store {
      * Overwrite the underlying values object
      */
     update(values) {
-        this.values = values;
+        this.#values = values;
     }
     /**
      * Update to merge values
      */
     merge(values) {
-        utils_1.lodash.merge(this.values, values);
+        lodash.merge(this.#values, values);
     }
     /**
      * A boolean to know if value exists. Extra guards to check
@@ -107,7 +108,7 @@ class Store {
      * Get all values
      */
     all() {
-        return this.values;
+        return this.#values;
     }
     /**
      * Returns object representation of values
@@ -128,4 +129,3 @@ class Store {
         return JSON.stringify(this.all());
     }
 }
-exports.Store = Store;