@holo-js/session 0.1.3

package/dist/drivers/redis-adapter.d.ts

@@ -0,0 +1,71 @@
+import { NormalizedSessionRedisStoreConfig } from '@holo-js/config';
+import { i as SessionRedisDriverAdapter, a as SessionRecord } from '../redis-nJc4PF7B.js';
+
+interface SessionRedisAdapterOptions {
+    readonly now?: () => Date;
+}
+type RedisStandaloneOptions = {
+    readonly host?: string;
+    readonly port?: number;
+    readonly path?: string;
+    readonly password?: string;
+    readonly username?: string;
+    readonly db?: number;
+    readonly tls?: Record<string, never>;
+    readonly lazyConnect: true;
+    readonly maxRetriesPerRequest: number;
+};
+type RedisClusterOptions = {
+    readonly redisOptions: RedisStandaloneOptions;
+};
+type RedisClusterStartupNode = {
+    readonly host: string;
+    readonly port: number;
+    readonly tls?: Record<string, never>;
+};
+type RedisClientLike = {
+    connect?(): Promise<unknown>;
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string, mode: 'PX', durationMs: number): Promise<'OK' | null>;
+    del(key: string): Promise<number>;
+    quit(): Promise<unknown>;
+    disconnect(): void;
+};
+declare function isRedisUrlTarget(value: string): boolean;
+declare function isRedisSocketConnectionTarget(value: string): boolean;
+declare function toRedisSocketPath(value: string): string;
+declare function createStandaloneOptions(config: NormalizedSessionRedisStoreConfig): RedisStandaloneOptions;
+declare function createClusterOptions(config: NormalizedSessionRedisStoreConfig): RedisClusterOptions;
+declare function parseClusterNodeUrl(node: string, label: string): RedisClusterStartupNode;
+declare function resolveClusterStartupNodes(config: NormalizedSessionRedisStoreConfig): readonly RedisClusterStartupNode[];
+declare function createRedisClient(config: NormalizedSessionRedisStoreConfig): RedisClientLike;
+declare function serializeSessionRecord(record: SessionRecord): string;
+declare function deserializeSessionRecord(value: string): SessionRecord | null;
+declare class RedisSessionAdapter implements SessionRedisDriverAdapter {
+    private readonly client;
+    private readonly prefix;
+    private readonly now;
+    constructor(config: NormalizedSessionRedisStoreConfig, options?: SessionRedisAdapterOptions);
+    private qualifyKey;
+    connect(): Promise<void>;
+    get(sessionId: string): Promise<SessionRecord | null>;
+    set(record: SessionRecord): Promise<void>;
+    del(sessionId: string): Promise<void>;
+    close(): Promise<void>;
+    disconnect(): Promise<void>;
+}
+declare function createSessionRedisAdapter(config: NormalizedSessionRedisStoreConfig, options?: SessionRedisAdapterOptions): RedisSessionAdapter;
+declare const sessionRedisAdapterInternals: {
+    createClusterOptions: typeof createClusterOptions;
+    createRedisClient: typeof createRedisClient;
+    createStandaloneOptions: typeof createStandaloneOptions;
+    deserializeSessionRecord: typeof deserializeSessionRecord;
+    isRedisSocketConnectionTarget: typeof isRedisSocketConnectionTarget;
+    isRedisUrlTarget: typeof isRedisUrlTarget;
+    parseClusterNodeUrl: typeof parseClusterNodeUrl;
+    resolveClusterStartupNodes: typeof resolveClusterStartupNodes;
+    serializeSessionRecord: typeof serializeSessionRecord;
+    toRedisSocketPath: typeof toRedisSocketPath;
+};
+
+export { RedisSessionAdapter, type SessionRedisAdapterOptions, createSessionRedisAdapter, sessionRedisAdapterInternals };

package/dist/drivers/redis-adapter.mjs

@@ -0,0 +1,186 @@
+// src/drivers/redis-adapter.ts
+import Redis from "ioredis";
+function isRedisUrlTarget(value) {
+  return value.startsWith("redis://") || value.startsWith("rediss://");
+}
+function isRedisSocketConnectionTarget(value) {
+  return value.startsWith("unix://") || value.startsWith("/");
+}
+function toRedisSocketPath(value) {
+  return value.startsWith("unix://") ? value.slice("unix://".length) : value;
+}
+function createStandaloneOptions(config) {
+  return {
+    ...!isRedisSocketConnectionTarget(config.host) ? {
+      host: config.host,
+      port: config.port
+    } : {
+      path: toRedisSocketPath(config.host)
+    },
+    password: config.password,
+    username: config.username,
+    db: config.db,
+    lazyConnect: true,
+    maxRetriesPerRequest: 3
+  };
+}
+function createClusterOptions(config) {
+  if (typeof config.db === "number" && config.db !== 0) {
+    throw new Error("[@holo-js/session] Redis Cluster does not support selecting a non-zero database. Remove db or set it to 0.");
+  }
+  const startupNodes = resolveClusterStartupNodes(config);
+  return {
+    redisOptions: {
+      password: config.password,
+      username: config.username,
+      lazyConnect: true,
+      maxRetriesPerRequest: 3,
+      ...startupNodes.some((node) => typeof node.tls !== "undefined") ? { tls: {} } : {}
+    }
+  };
+}
+function parseClusterNodeUrl(node, label) {
+  try {
+    const parsed = new URL(node);
+    if (parsed.protocol !== "redis:" && parsed.protocol !== "rediss:") {
+      throw new Error(`unsupported protocol "${parsed.protocol}"`);
+    }
+    if (!parsed.hostname) {
+      throw new Error("missing hostname");
+    }
+    return {
+      host: parsed.hostname,
+      port: parsed.port ? Number.parseInt(parsed.port, 10) : 6379,
+      ...parsed.protocol === "rediss:" ? { tls: {} } : {}
+    };
+  } catch (error) {
+    throw new Error(`[@holo-js/session] ${label} is invalid: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+function resolveClusterStartupNodes(config) {
+  return (config.clusters ?? []).map((node, index) => {
+    const label = `Session Redis store "${config.name}" cluster node ${index + 1}`;
+    if (typeof node.url === "string") {
+      return parseClusterNodeUrl(node.url, `${label} url`);
+    }
+    if (isRedisSocketConnectionTarget(node.host)) {
+      throw new Error(`[@holo-js/session] ${label} cannot use a Unix socket path in Redis cluster mode.`);
+    }
+    return {
+      host: node.host,
+      port: node.port
+    };
+  });
+}
+function createRedisClient(config) {
+  const RedisConstructor = Redis;
+  if (typeof config.url === "string" && isRedisUrlTarget(config.url)) {
+    return new RedisConstructor(config.url, {
+      password: config.password,
+      username: config.username,
+      db: config.db,
+      lazyConnect: true,
+      maxRetriesPerRequest: 3
+    });
+  }
+  if (config.clusters && config.clusters.length > 0) {
+    return new RedisConstructor.Cluster(
+      resolveClusterStartupNodes(config),
+      createClusterOptions(config)
+    );
+  }
+  return new RedisConstructor(createStandaloneOptions(config));
+}
+function serializeSessionRecord(record) {
+  return JSON.stringify({
+    id: record.id,
+    store: record.store,
+    data: record.data,
+    createdAt: record.createdAt.toISOString(),
+    lastActivityAt: record.lastActivityAt.toISOString(),
+    expiresAt: record.expiresAt.toISOString(),
+    ...typeof record.rememberTokenHash === "undefined" ? {} : { rememberTokenHash: record.rememberTokenHash }
+  });
+}
+function deserializeSessionRecord(value) {
+  try {
+    const parsed = JSON.parse(value);
+    if (typeof parsed.id !== "string" || typeof parsed.store !== "string" || typeof parsed.data !== "object" || parsed.data === null || Array.isArray(parsed.data) || typeof parsed.createdAt !== "string" || typeof parsed.lastActivityAt !== "string" || typeof parsed.expiresAt !== "string" || typeof parsed.rememberTokenHash !== "undefined" && typeof parsed.rememberTokenHash !== "string") {
+      return null;
+    }
+    const createdAtMs = Date.parse(parsed.createdAt);
+    const lastActivityAtMs = Date.parse(parsed.lastActivityAt);
+    const expiresAtMs = Date.parse(parsed.expiresAt);
+    if (Number.isNaN(createdAtMs) || Number.isNaN(lastActivityAtMs) || Number.isNaN(expiresAtMs)) {
+      return null;
+    }
+    return Object.freeze({
+      id: parsed.id,
+      store: parsed.store,
+      data: Object.freeze({ ...parsed.data }),
+      createdAt: new Date(createdAtMs),
+      lastActivityAt: new Date(lastActivityAtMs),
+      expiresAt: new Date(expiresAtMs),
+      ...typeof parsed.rememberTokenHash === "undefined" ? {} : { rememberTokenHash: parsed.rememberTokenHash }
+    });
+  } catch {
+    return null;
+  }
+}
+var RedisSessionAdapter = class {
+  client;
+  prefix;
+  now;
+  constructor(config, options = {}) {
+    this.client = createRedisClient(config);
+    this.prefix = config.prefix;
+    this.now = options.now ?? (() => /* @__PURE__ */ new Date());
+  }
+  qualifyKey(sessionId) {
+    return `${this.prefix}${sessionId}`;
+  }
+  async connect() {
+    await this.client.connect?.();
+  }
+  async get(sessionId) {
+    const encoded = await this.client.get(this.qualifyKey(sessionId));
+    return encoded ? deserializeSessionRecord(encoded) : null;
+  }
+  async set(record) {
+    const ttlMs = Math.max(1, record.expiresAt.getTime() - this.now().getTime());
+    await this.client.set(this.qualifyKey(record.id), serializeSessionRecord(record), "PX", ttlMs);
+  }
+  async del(sessionId) {
+    await this.client.del(this.qualifyKey(sessionId));
+  }
+  async close() {
+    try {
+      await this.client.quit();
+    } catch {
+      this.client.disconnect();
+    }
+  }
+  async disconnect() {
+    this.client.disconnect();
+  }
+};
+function createSessionRedisAdapter(config, options) {
+  return new RedisSessionAdapter(config, options);
+}
+var sessionRedisAdapterInternals = {
+  createClusterOptions,
+  createRedisClient,
+  createStandaloneOptions,
+  deserializeSessionRecord,
+  isRedisSocketConnectionTarget,
+  isRedisUrlTarget,
+  parseClusterNodeUrl,
+  resolveClusterStartupNodes,
+  serializeSessionRecord,
+  toRedisSocketPath
+};
+export {
+  RedisSessionAdapter,
+  createSessionRedisAdapter,
+  sessionRedisAdapterInternals
+};

package/dist/index.d.ts

@@ -0,0 +1,59 @@
+import { S as SessionRuntimeBindings, R as RememberTokenOptions, a as SessionRecord, C as CookieSerializeOptions, b as CreateSessionInput, c as SessionRuntimeFacade, d as ReadSessionOptions, e as RotateSessionOptions, T as TouchSessionOptions, f as SessionStore, g as SessionFacade } from './redis-nJc4PF7B.js';
+export { h as SessionCookieHelpers, i as SessionRedisDriverAdapter, j as createRedisSessionStore } from './redis-nJc4PF7B.js';
+export { HoloSessionConfig, HoloSessionCookieConfig, NormalizedHoloSessionConfig, SessionCookieSameSite, defineSessionConfig } from '@holo-js/config';
+
+declare function getSessionRuntimeBindings(): SessionRuntimeBindings;
+declare function hashRememberToken(secret: string): string;
+declare function createSessionId(): string;
+declare function createRememberSecret(): string;
+declare function normalizeCookieOptions(options?: CookieSerializeOptions): Required<Omit<CookieSerializeOptions, 'domain' | 'expires'>> & Pick<CookieSerializeOptions, 'domain' | 'expires'>;
+declare function serializeCookie(name: string, value: string, options?: CookieSerializeOptions): string;
+declare function parseCookieHeader(header: string | null | undefined): Readonly<Record<string, string>>;
+declare function isExpired(record: SessionRecord): boolean;
+declare function createSession(input?: CreateSessionInput): Promise<SessionRecord>;
+declare function writeSession(record: SessionRecord): Promise<SessionRecord>;
+declare function readSession(sessionId: string, options?: ReadSessionOptions): Promise<SessionRecord | null>;
+declare function touchSession(sessionId: string, options?: TouchSessionOptions): Promise<SessionRecord | null>;
+declare function rotateSession(sessionId: string, options?: RotateSessionOptions): Promise<SessionRecord>;
+declare function invalidateSession(sessionId: string, options?: ReadSessionOptions): Promise<void>;
+declare function issueRememberMeToken(sessionId: string, options?: RememberTokenOptions): Promise<string>;
+declare function consumeRememberMeToken(token: string, options?: RememberTokenOptions): Promise<SessionRecord | null>;
+declare const cookies: Readonly<{
+    make(name: string, value: string, options?: CookieSerializeOptions): string;
+    forget(name: string, options?: CookieSerializeOptions): string;
+}>;
+declare function cookie(name: string, value: string, options?: CookieSerializeOptions): string;
+declare function sessionCookie(value: string, options?: CookieSerializeOptions): string;
+declare function rememberMeCookie(value: string, options?: CookieSerializeOptions): string;
+declare function configureSessionRuntime(bindings?: SessionRuntimeBindings): void;
+declare function getSessionRuntime(): SessionRuntimeFacade;
+declare function resetSessionRuntime(): void;
+declare const sessionRuntimeInternals: {
+    createRememberSecret: typeof createRememberSecret;
+    createSessionId: typeof createSessionId;
+    getSessionRuntimeBindings: typeof getSessionRuntimeBindings;
+    hashRememberToken: typeof hashRememberToken;
+    isExpired: typeof isExpired;
+    normalizeCookieOptions: typeof normalizeCookieOptions;
+};
+
+interface SessionDatabaseDriverAdapter {
+    read(sessionId: string): Promise<SessionRecord | null>;
+    write(record: SessionRecord): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+}
+declare function createDatabaseSessionStore(adapter: SessionDatabaseDriverAdapter): SessionStore;
+
+declare function serializeRecord(record: SessionRecord): string;
+declare function deserializeRecord(raw: string): SessionRecord;
+declare function getRecordPath(root: string, sessionId: string): string;
+declare function createFileSessionStore(root: string): SessionStore;
+declare const fileSessionDriverInternals: {
+    deserializeRecord: typeof deserializeRecord;
+    getRecordPath: typeof getRecordPath;
+    serializeRecord: typeof serializeRecord;
+};
+
+declare const session: SessionFacade;
+
+export { CookieSerializeOptions, CreateSessionInput, ReadSessionOptions, RememberTokenOptions, RotateSessionOptions, type SessionDatabaseDriverAdapter, SessionFacade, SessionRecord, SessionRuntimeBindings, SessionRuntimeFacade, SessionStore, TouchSessionOptions, configureSessionRuntime, consumeRememberMeToken, cookie, cookies, createDatabaseSessionStore, createFileSessionStore, createSession, session as default, fileSessionDriverInternals, getSessionRuntime, invalidateSession, issueRememberMeToken, parseCookieHeader, readSession, rememberMeCookie, resetSessionRuntime, rotateSession, serializeCookie, sessionCookie, sessionRuntimeInternals, touchSession, writeSession };

package/dist/index.mjs

@@ -0,0 +1,459 @@
+// src/runtime.ts
+import { createHash, randomBytes, randomUUID } from "crypto";
+function getSessionRuntimeState() {
+  const runtime = globalThis;
+  runtime.__holoSessionRuntime__ ??= {};
+  return runtime.__holoSessionRuntime__;
+}
+function getSessionRuntimeBindings() {
+  const bindings = getSessionRuntimeState().bindings;
+  if (!bindings) {
+    throw new Error("[@holo-js/session] Session runtime is not configured yet.");
+  }
+  return bindings;
+}
+function getStore(name) {
+  const bindings = getSessionRuntimeBindings();
+  const storeName = name?.trim() || bindings.config.driver;
+  const store = bindings.stores[storeName];
+  if (!store) {
+    throw new Error(`[@holo-js/session] Session store "${storeName}" is not configured.`);
+  }
+  return { name: storeName, store, config: bindings.config };
+}
+function ensureDate(value) {
+  return new Date(value.getTime());
+}
+function now() {
+  return /* @__PURE__ */ new Date();
+}
+function createExpiryDate(minutes) {
+  return new Date(Date.now() + minutes * 6e4);
+}
+function hashRememberToken(secret) {
+  return createHash("sha256").update(secret).digest("hex");
+}
+function createSessionId() {
+  return randomUUID();
+}
+function normalizeSessionKey(input) {
+  return input.name?.trim() || input.id?.trim() || createSessionId();
+}
+function normalizeSessionData(input) {
+  return Object.freeze({
+    ...input.value ?? input.data ?? {}
+  });
+}
+function createRememberSecret() {
+  return randomBytes(24).toString("base64url");
+}
+function createRememberTokenIssuedAt() {
+  return Date.now().toString(36);
+}
+function parseRememberTokenIssuedAt(value) {
+  const parsed = Number.parseInt(value, 36);
+  return Number.isFinite(parsed) ? parsed : null;
+}
+function parseRememberMeToken(token) {
+  const firstSeparator = token.indexOf(".");
+  if (firstSeparator <= 0) {
+    return null;
+  }
+  const secondSeparator = token.indexOf(".", firstSeparator + 1);
+  if (secondSeparator <= firstSeparator + 1) {
+    const sessionId2 = token.slice(0, firstSeparator);
+    const secret2 = token.slice(firstSeparator + 1);
+    return sessionId2 && secret2 ? { sessionId: sessionId2, secretPayload: secret2 } : null;
+  }
+  const sessionId = token.slice(0, firstSeparator);
+  const issuedAtRaw = token.slice(firstSeparator + 1, secondSeparator);
+  const secret = token.slice(secondSeparator + 1);
+  const issuedAt = parseRememberTokenIssuedAt(issuedAtRaw);
+  if (!sessionId || !issuedAtRaw || !secret || issuedAt === null) {
+    return null;
+  }
+  return {
+    sessionId,
+    secretPayload: `${issuedAtRaw}.${secret}`,
+    issuedAt
+  };
+}
+function normalizeCookieOptions(options = {}) {
+  const config = getSessionRuntimeState().bindings?.config.cookie;
+  return {
+    path: options.path ?? config?.path ?? "/",
+    domain: options.domain ?? config?.domain,
+    secure: options.secure ?? config?.secure ?? false,
+    httpOnly: options.httpOnly ?? config?.httpOnly ?? true,
+    sameSite: options.sameSite ?? config?.sameSite ?? "lax",
+    partitioned: options.partitioned ?? config?.partitioned ?? false,
+    maxAge: options.maxAge ?? (config?.maxAge ?? 0) * 60,
+    expires: options.expires
+  };
+}
+function serializeCookie(name, value, options = {}) {
+  if (!name.trim()) {
+    throw new Error("[@holo-js/session] Cookie name must be a non-empty string.");
+  }
+  const normalized = normalizeCookieOptions(options);
+  const attributes = [
+    `${encodeURIComponent(name)}=${encodeURIComponent(value)}`,
+    `Path=${normalized.path}`
+  ];
+  if (normalized.domain) {
+    attributes.push(`Domain=${normalized.domain}`);
+  }
+  if (normalized.maxAge > 0) {
+    attributes.push(`Max-Age=${normalized.maxAge}`);
+  }
+  if (normalized.expires) {
+    attributes.push(`Expires=${normalized.expires.toUTCString()}`);
+  }
+  if (normalized.secure) {
+    attributes.push("Secure");
+  }
+  if (normalized.httpOnly) {
+    attributes.push("HttpOnly");
+  }
+  attributes.push(`SameSite=${normalized.sameSite[0].toUpperCase()}${normalized.sameSite.slice(1)}`);
+  if (normalized.partitioned) {
+    attributes.push("Partitioned");
+  }
+  return attributes.join("; ");
+}
+function parseCookieHeader(header) {
+  if (!header) {
+    return Object.freeze({});
+  }
+  const entries = header.split(";").map((segment) => segment.trim()).filter(Boolean).map((segment) => {
+    const separator = segment.indexOf("=");
+    if (separator <= 0) {
+      return void 0;
+    }
+    const key = decodeURIComponent(segment.slice(0, separator));
+    const value = decodeURIComponent(segment.slice(separator + 1));
+    return [key, value];
+  }).filter((entry) => !!entry);
+  return Object.freeze(Object.fromEntries(entries));
+}
+function isExpired(record) {
+  return record.expiresAt.getTime() <= Date.now();
+}
+async function readRecordFromStore(sessionId, store) {
+  const record = await store.read(sessionId);
+  if (!record) {
+    return null;
+  }
+  if (isExpired(record)) {
+    await store.delete(sessionId);
+    return null;
+  }
+  return record;
+}
+async function readRecord(sessionId, options) {
+  const { store } = getStore(options?.store);
+  return readRecordFromStore(sessionId, store);
+}
+async function locateRecord(sessionId) {
+  const bindings = getSessionRuntimeBindings();
+  for (const [storeName, store] of Object.entries(bindings.stores)) {
+    const record = await readRecordFromStore(sessionId, store);
+    if (record) {
+      return {
+        record,
+        storeName,
+        store
+      };
+    }
+  }
+  return null;
+}
+async function createSession(input = {}) {
+  const { name, store, config } = getStore(input.store);
+  const currentTime = now();
+  const idleExpiry = createExpiryDate(config.idleTimeout);
+  const absoluteExpiry = createExpiryDate(config.absoluteLifetime);
+  const record = Object.freeze({
+    id: normalizeSessionKey(input),
+    store: name,
+    data: normalizeSessionData(input),
+    createdAt: ensureDate(currentTime),
+    lastActivityAt: ensureDate(currentTime),
+    expiresAt: idleExpiry.getTime() < absoluteExpiry.getTime() ? idleExpiry : absoluteExpiry
+  });
+  await store.write(record);
+  return record;
+}
+async function writeSession(record) {
+  const { name, store } = getStore(record.store);
+  const nextRecord = Object.freeze({
+    ...record,
+    store: name,
+    data: Object.freeze({ ...record.data ?? {} }),
+    createdAt: ensureDate(record.createdAt),
+    lastActivityAt: ensureDate(record.lastActivityAt),
+    expiresAt: ensureDate(record.expiresAt)
+  });
+  await store.write(nextRecord);
+  return nextRecord;
+}
+async function readSession(sessionId, options) {
+  return readRecord(sessionId, options);
+}
+async function touchSession(sessionId, options) {
+  const record = await readRecord(sessionId, options);
+  if (!record) {
+    return null;
+  }
+  const { store, config } = getStore(options?.store ?? record.store);
+  const idleExpiry = createExpiryDate(config.idleTimeout);
+  const absoluteExpiry = new Date(record.createdAt.getTime() + config.absoluteLifetime * 6e4);
+  const touched = Object.freeze({
+    ...record,
+    lastActivityAt: now(),
+    expiresAt: idleExpiry.getTime() < absoluteExpiry.getTime() ? idleExpiry : absoluteExpiry
+  });
+  await store.write(touched);
+  return touched;
+}
+async function rotateSession(sessionId, options = {}) {
+  const located = await locateRecord(sessionId);
+  if (!located) {
+    throw new Error(`[@holo-js/session] Session "${sessionId}" was not found.`);
+  }
+  const { store, name } = getStore(options.store ?? located.record.store);
+  const rotated = Object.freeze({
+    ...located.record,
+    id: options.newId?.trim() || createSessionId(),
+    store: name
+  });
+  await store.write(rotated);
+  if (located.storeName !== name || rotated.id !== sessionId) {
+    await located.store.delete(sessionId);
+  }
+  return rotated;
+}
+async function invalidateSession(sessionId, options) {
+  const { store } = getStore(options?.store);
+  await store.delete(sessionId);
+}
+async function issueRememberMeToken(sessionId, options) {
+  const record = await readRecord(sessionId, options);
+  if (!record) {
+    throw new Error(`[@holo-js/session] Session "${sessionId}" was not found.`);
+  }
+  const { store } = getStore(options?.store ?? record.store);
+  const issuedAt = createRememberTokenIssuedAt();
+  const secret = createRememberSecret();
+  const updated = Object.freeze({
+    ...record,
+    rememberTokenHash: hashRememberToken(`${issuedAt}.${secret}`)
+  });
+  await store.write(updated);
+  return `${record.id}.${issuedAt}.${secret}`;
+}
+async function consumeRememberMeToken(token, options) {
+  const parsed = parseRememberMeToken(token);
+  if (!parsed) {
+    return null;
+  }
+  const bindings = getSessionRuntimeBindings();
+  const stores = options?.store ? [getStore(options.store).store] : Object.values(bindings.stores);
+  let record = null;
+  for (const store of stores) {
+    record = await store.read(parsed.sessionId);
+    if (record) {
+      break;
+    }
+  }
+  if (!record?.rememberTokenHash) {
+    return null;
+  }
+  if (parsed.issuedAt) {
+    const rememberExpiry = parsed.issuedAt + getSessionRuntimeBindings().config.rememberMeLifetime * 6e4;
+    if (rememberExpiry <= Date.now()) {
+      return null;
+    }
+  }
+  return record.rememberTokenHash === hashRememberToken(parsed.secretPayload) ? record : null;
+}
+var cookies = Object.freeze({
+  make(name, value, options) {
+    return serializeCookie(name, value, options);
+  },
+  forget(name, options = {}) {
+    return serializeCookie(name, "", {
+      ...options,
+      expires: /* @__PURE__ */ new Date(0),
+      maxAge: 0
+    });
+  }
+});
+function cookie(name, value, options) {
+  return cookies.make(name, value, options);
+}
+function sessionCookie(value, options) {
+  const name = getSessionRuntimeState().bindings?.config.cookie.name ?? "holo_session";
+  return cookie(name, value, options);
+}
+function rememberMeCookie(value, options) {
+  const bindings = getSessionRuntimeState().bindings;
+  const name = `${bindings?.config.cookie.name ?? "holo_session"}_remember`;
+  const maxAge = options?.maxAge ?? (bindings?.config.rememberMeLifetime ?? 0) * 60;
+  return cookie(name, value, {
+    ...options,
+    maxAge
+  });
+}
+function configureSessionRuntime(bindings) {
+  getSessionRuntimeState().bindings = bindings;
+}
+function getSessionRuntime() {
+  return {
+    create: createSession,
+    write: writeSession,
+    read: readSession,
+    rotate: rotateSession,
+    invalidate: invalidateSession,
+    touch: touchSession,
+    issueRememberMeToken,
+    consumeRememberMeToken,
+    cookie,
+    sessionCookie,
+    rememberMeCookie
+  };
+}
+function resetSessionRuntime() {
+  getSessionRuntimeState().bindings = void 0;
+}
+var sessionRuntimeInternals = {
+  createRememberSecret,
+  createSessionId,
+  getSessionRuntimeBindings,
+  hashRememberToken,
+  isExpired,
+  normalizeCookieOptions
+};
+
+// src/contracts.ts
+import { defineSessionConfig } from "@holo-js/config";
+
+// src/drivers/database.ts
+function createDatabaseSessionStore(adapter) {
+  return {
+    read(sessionId) {
+      return adapter.read(sessionId);
+    },
+    write(record) {
+      return adapter.write(record);
+    },
+    delete(sessionId) {
+      return adapter.delete(sessionId);
+    }
+  };
+}
+
+// src/drivers/file.ts
+import { mkdir, readFile, rm, writeFile } from "fs/promises";
+import { join } from "path";
+function serializeRecord(record) {
+  return JSON.stringify({
+    ...record,
+    createdAt: record.createdAt.toISOString(),
+    lastActivityAt: record.lastActivityAt.toISOString(),
+    expiresAt: record.expiresAt.toISOString()
+  });
+}
+function deserializeRecord(raw) {
+  const parsed = JSON.parse(raw);
+  return Object.freeze({
+    ...parsed,
+    createdAt: new Date(parsed.createdAt),
+    lastActivityAt: new Date(parsed.lastActivityAt),
+    expiresAt: new Date(parsed.expiresAt)
+  });
+}
+function getRecordPath(root, sessionId) {
+  return join(root, `${encodeURIComponent(sessionId)}.json`);
+}
+function createFileSessionStore(root) {
+  return {
+    async read(sessionId) {
+      const contents = await readFile(getRecordPath(root, sessionId), "utf8").catch(() => void 0);
+      return contents ? deserializeRecord(contents) : null;
+    },
+    async write(record) {
+      await mkdir(root, { recursive: true });
+      await writeFile(getRecordPath(root, record.id), serializeRecord(record), "utf8");
+    },
+    async delete(sessionId) {
+      await rm(getRecordPath(root, sessionId), { force: true });
+    }
+  };
+}
+var fileSessionDriverInternals = {
+  deserializeRecord,
+  getRecordPath,
+  serializeRecord
+};
+
+// src/drivers/redis.ts
+function createRedisSessionStore(adapter) {
+  return {
+    read(sessionId) {
+      return adapter.get(sessionId);
+    },
+    write(record) {
+      return adapter.set(record);
+    },
+    delete(sessionId) {
+      return adapter.del(sessionId);
+    }
+  };
+}
+
+// src/index.ts
+var session = Object.assign(
+  (input) => createSession(input),
+  {
+    create: createSession,
+    write: writeSession,
+    read: readSession,
+    rotate: rotateSession,
+    invalidate: invalidateSession,
+    touch: touchSession,
+    issueRememberMeToken,
+    consumeRememberMeToken,
+    cookie,
+    sessionCookie,
+    rememberMeCookie,
+    cookies
+  }
+);
+var src_default = session;
+export {
+  configureSessionRuntime,
+  consumeRememberMeToken,
+  cookie,
+  cookies,
+  createDatabaseSessionStore,
+  createFileSessionStore,
+  createRedisSessionStore,
+  createSession,
+  src_default as default,
+  defineSessionConfig,
+  fileSessionDriverInternals,
+  getSessionRuntime,
+  invalidateSession,
+  issueRememberMeToken,
+  parseCookieHeader,
+  readSession,
+  rememberMeCookie,
+  resetSessionRuntime,
+  rotateSession,
+  serializeCookie,
+  sessionCookie,
+  sessionRuntimeInternals,
+  touchSession,
+  writeSession
+};

package/dist/redis-nJc4PF7B.d.ts

@@ -0,0 +1,91 @@
+import { SessionCookieSameSite, NormalizedHoloSessionConfig } from '@holo-js/config';
+
+interface CreateSessionInput {
+    readonly store?: string;
+    readonly data?: Readonly<Record<string, unknown>>;
+    readonly id?: string;
+    readonly name?: string;
+    readonly value?: Readonly<Record<string, unknown>>;
+}
+interface ReadSessionOptions {
+    readonly store?: string;
+}
+interface TouchSessionOptions {
+    readonly store?: string;
+}
+interface RotateSessionOptions {
+    readonly store?: string;
+    readonly newId?: string;
+}
+interface RememberTokenOptions {
+    readonly store?: string;
+}
+interface SessionRecord {
+    readonly id: string;
+    readonly store: string;
+    readonly data: Readonly<Record<string, unknown>>;
+    readonly createdAt: Date;
+    readonly lastActivityAt: Date;
+    readonly expiresAt: Date;
+    readonly rememberTokenHash?: string;
+}
+interface CookieSerializeOptions {
+    readonly path?: string;
+    readonly domain?: string;
+    readonly secure?: boolean;
+    readonly httpOnly?: boolean;
+    readonly sameSite?: SessionCookieSameSite;
+    readonly partitioned?: boolean;
+    readonly maxAge?: number;
+    readonly expires?: Date;
+}
+interface SessionStore {
+    read(sessionId: string): Promise<SessionRecord | null>;
+    write(record: SessionRecord): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+}
+interface SessionRuntimeBindings {
+    readonly config: NormalizedHoloSessionConfig;
+    readonly stores: Readonly<Record<string, SessionStore>>;
+}
+interface SessionRuntimeFacade {
+    create(input?: CreateSessionInput): Promise<SessionRecord>;
+    write(record: SessionRecord): Promise<SessionRecord>;
+    read(sessionId: string, options?: ReadSessionOptions): Promise<SessionRecord | null>;
+    rotate(sessionId: string, options?: RotateSessionOptions): Promise<SessionRecord>;
+    invalidate(sessionId: string, options?: ReadSessionOptions): Promise<void>;
+    touch(sessionId: string, options?: TouchSessionOptions): Promise<SessionRecord | null>;
+    issueRememberMeToken(sessionId: string, options?: RememberTokenOptions): Promise<string>;
+    consumeRememberMeToken(token: string, options?: RememberTokenOptions): Promise<SessionRecord | null>;
+    cookie(name: string, value: string, options?: CookieSerializeOptions): string;
+    sessionCookie(value: string, options?: CookieSerializeOptions): string;
+    rememberMeCookie(value: string, options?: CookieSerializeOptions): string;
+}
+interface SessionCookieHelpers {
+    make(name: string, value: string, options?: CookieSerializeOptions): string;
+    forget(name: string, options?: CookieSerializeOptions): string;
+}
+interface SessionFacade {
+    (input?: CreateSessionInput): Promise<SessionRecord>;
+    create(input?: CreateSessionInput): Promise<SessionRecord>;
+    write(record: SessionRecord): Promise<SessionRecord>;
+    read(sessionId: string, options?: ReadSessionOptions): Promise<SessionRecord | null>;
+    rotate(sessionId: string, options?: RotateSessionOptions): Promise<SessionRecord>;
+    invalidate(sessionId: string, options?: ReadSessionOptions): Promise<void>;
+    touch(sessionId: string, options?: TouchSessionOptions): Promise<SessionRecord | null>;
+    issueRememberMeToken(sessionId: string, options?: RememberTokenOptions): Promise<string>;
+    consumeRememberMeToken(token: string, options?: RememberTokenOptions): Promise<SessionRecord | null>;
+    cookie(name: string, value: string, options?: CookieSerializeOptions): string;
+    sessionCookie(value: string, options?: CookieSerializeOptions): string;
+    rememberMeCookie(value: string, options?: CookieSerializeOptions): string;
+    cookies: SessionCookieHelpers;
+}
+
+interface SessionRedisDriverAdapter {
+    get(sessionId: string): Promise<SessionRecord | null>;
+    set(record: SessionRecord): Promise<void>;
+    del(sessionId: string): Promise<void>;
+}
+declare function createRedisSessionStore(adapter: SessionRedisDriverAdapter): SessionStore;
+
+export { type CookieSerializeOptions as C, type RememberTokenOptions as R, type SessionRuntimeBindings as S, type TouchSessionOptions as T, type SessionRecord as a, type CreateSessionInput as b, type SessionRuntimeFacade as c, type ReadSessionOptions as d, type RotateSessionOptions as e, type SessionStore as f, type SessionFacade as g, type SessionCookieHelpers as h, type SessionRedisDriverAdapter as i, createRedisSessionStore as j };

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@holo-js/session",
+  "version": "0.1.3",
+  "description": "Holo-JS Framework - session contracts, cookie helpers, and session config helpers",
+  "type": "module",
+  "license": "MIT",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "default": "./dist/index.mjs"
+    },
+    "./drivers/redis-adapter": {
+      "types": "./dist/drivers/redis-adapter.d.ts",
+      "import": "./dist/drivers/redis-adapter.mjs",
+      "default": "./dist/drivers/redis-adapter.mjs"
+    }
+  },
+  "main": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "stub": "tsup",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest --run"
+  },
+  "dependencies": {
+    "@holo-js/config": "^0.1.3"
+  },
+  "peerDependencies": {
+    "ioredis": "catalog:"
+  },
+  "peerDependenciesMeta": {
+    "ioredis": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.2",
+    "ioredis": "catalog:",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.2",
+    "vitest": "^2.1.8"
+  }
+}