@midwayjs/session 3.0.0-beta.16 → 3.0.1

package/README.md

@@ -7,7 +7,6 @@ Session component for @midwayjs/koa and @midwayjs/faas
 
 ```bash
 $ npm i @midwayjs/session --save
-$ npm i @types/koa-session --save-dev
 ```
 
 

package/dist/index.d.ts

@@ -1,4 +1,5 @@
+export * from './interface';
 export { SessionConfiguration as Configuration } from './configuration';
 export * from './middleware/session';
-export * from './store';
+export * from './lib/store';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -11,8 +11,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Configuration = void 0;
+__exportStar(require("./interface"), exports);
 var configuration_1 = require("./configuration");
 Object.defineProperty(exports, "Configuration", { enumerable: true, get: function () { return configuration_1.SessionConfiguration; } });
 __exportStar(require("./middleware/session"), exports);
-__exportStar(require("./store"), exports);
+__exportStar(require("./lib/store"), exports);
 //# sourceMappingURL=index.js.map

package/dist/interface.d.ts

@@ -0,0 +1,105 @@
+import { CookieSetOptions } from '@midwayjs/cookies';
+import { opts } from 'koa-session';
+export interface ISession {
+    /**
+     * JSON representation of the session.
+     */
+    toJSON(): object;
+    /**
+     * Return how many values there are in the session object.
+     * Used to see if it"s "populated".
+     */
+    readonly length: number;
+    /**
+     * populated flag, which is just a boolean alias of .length.
+     */
+    readonly populated: boolean;
+    /**
+     * get/set session maxAge
+     */
+    maxAge: opts["maxAge"];
+    /**
+     * save this session no matter whether it is populated
+     */
+    save(): void;
+    /**
+     * allow to put any value on session object
+     */
+    [_: string]: any;
+}
+interface ExternalKeys {
+    /**
+     * get session object by key
+     */
+    get(ctx: any): string;
+    /**
+     * set session object for key, with a maxAge (in ms)
+     */
+    set(ctx: any, value: any): void;
+}
+export interface SessionOptions extends Omit<CookieSetOptions, 'maxAge'> {
+    enable: boolean;
+    /**
+     * cookie key (default is koa:sess)
+     */
+    key: string;
+    /**
+     * maxAge in ms (default is 1 days)
+     * "session" will result in a cookie that expires when session/browser is closed
+     * Warning: If a session cookie is stolen, this cookie will never expire
+     */
+    maxAge?: number | "session" | undefined;
+    /**
+     * custom encode method
+     */
+    encode: (str: string) => Record<any, any>;
+    /**
+     * custom decode method
+     */
+    decode: (obj: Record<any, any>) => string;
+    /**
+     * The way of generating external session id is controlled by the options.genid, which defaults to Date.now() + "-" + uid.sync(24).
+     */
+    genid: () => string;
+    /**
+     * Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. default is false
+     */
+    rolling?: boolean | undefined;
+    /**
+     * Renew session when session is nearly expired, so we can always keep user logged in. (default is false)
+     */
+    renew?: boolean | undefined;
+    /**
+     * External key is used the cookie by default,
+     * but you can use options.externalKey to customize your own external key methods.
+     */
+    externalKey?: ExternalKeys | undefined;
+    /**
+     * If your session store requires data or utilities from context, opts.ContextStore is alse supported.
+     * ContextStore must be a class which claims three instance methods demonstrated above.
+     * new ContextStore(ctx) will be executed on every request.
+     */
+    ContextStore?: {
+        new (ctx: any): SessionStore;
+    } | undefined;
+    /**
+     * If you want to add prefix for all external session id, you can use options.prefix, it will not work if options.genid present.
+     */
+    prefix?: string | undefined;
+    /**
+     * Hook: valid session value before use it
+     */
+    valid?(ctx: any, session: Partial<ISession>): void;
+    /**
+     * Hook: before save session
+     */
+    beforeSave?(ctx: any, session: ISession): void;
+    autoCommit: boolean;
+}
+export declare abstract class SessionStore {
+    abstract get(key: string): any;
+    abstract set(key: string, value: string, maxAge: number): any;
+    abstract destroy(key: any): any;
+}
+export {};
+//# sourceMappingURL=interface.d.ts.map

package/dist/interface.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionStore = void 0;
+class SessionStore {
+}
+exports.SessionStore = SessionStore;
+//# sourceMappingURL=interface.js.map

package/dist/lib/context.d.ts

@@ -0,0 +1,80 @@
+export declare class ContextSession {
+    private ctx;
+    private app;
+    private opts;
+    private session;
+    private externalKey;
+    private prevHash;
+    store: any;
+    /**
+     * context session constructor
+     * @api public
+     */
+    constructor(ctx: any, opts: any);
+    /**
+     * internal logic of `ctx.session`
+     * @return {Session} session object
+     *
+     * @api public
+     */
+    get(): any;
+    /**
+     * internal logic of `ctx.session=`
+     * @param {Object} val session object
+     *
+     * @api public
+     */
+    set(val: any): void;
+    /**
+     * init session from external store
+     * will be called in the front of session middleware
+     *
+     * @api public
+     */
+    initFromExternal(): Promise<void>;
+    /**
+     * init session from cookie
+     * @api private
+     */
+    initFromCookie(): void;
+    /**
+     * verify session(expired or )
+     * @param  {Object} value session object
+     * @param  {Object} key session externalKey(optional)
+     * @return {Boolean} valid
+     * @api private
+     */
+    valid(value: any, key?: any): boolean;
+    /**
+     * @param {String} event event name
+     * @param {Object} data event data
+     * @api private
+     */
+    emit(event: any, data: any): void;
+    /**
+     * create a new session and attach to ctx.sess
+     *
+     * @param {Object} [val] session data
+     * @param {String} [externalKey] session external key
+     * @api private
+     */
+    create(val?: any, externalKey?: any): void;
+    /**
+     * Commit the session changes or removal.
+     *
+     * @api public
+     */
+    commit(): Promise<void>;
+    _shouldSaveSession(): "" | "force" | "changed" | "rolling" | "renew";
+    /**
+     * remove session
+     * @api private
+     */
+    remove(): Promise<void>;
+    /**
+     * save session
+     * @api private
+     */
+    save(changed: any): Promise<void>;
+}
+//# sourceMappingURL=context.d.ts.map

package/dist/lib/context.js

@@ -0,0 +1,315 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContextSession = void 0;
+const util_1 = require("util");
+const util_2 = require("./util");
+const session_1 = require("./session");
+const debug = (0, util_1.debuglog)('session:context');
+class ContextSession {
+    /**
+     * context session constructor
+     * @api public
+     */
+    constructor(ctx, opts) {
+        this.ctx = ctx;
+        this.app = ctx.app;
+        this.opts = Object.assign({}, opts);
+        this.store = this.opts.ContextStore
+            ? new this.opts.ContextStore(ctx)
+            : this.opts.store;
+    }
+    /**
+     * internal logic of `ctx.session`
+     * @return {Session} session object
+     *
+     * @api public
+     */
+    get() {
+        const session = this.session;
+        // already retrieved
+        if (session)
+            return session;
+        // unset
+        if (session === false)
+            return null;
+        // create an empty session or init from cookie
+        this.store ? this.create() : this.initFromCookie();
+        return this.session;
+    }
+    /**
+     * internal logic of `ctx.session=`
+     * @param {Object} val session object
+     *
+     * @api public
+     */
+    set(val) {
+        if (val === null) {
+            this.session = false;
+            return;
+        }
+        if (typeof val === 'object') {
+            // use the original `externalKey` if exists to avoid waste storage
+            this.create(val, this.externalKey);
+            return;
+        }
+        throw new Error('this.session can only be set as null or an object.');
+    }
+    /**
+     * init session from external store
+     * will be called in the front of session middleware
+     *
+     * @api public
+     */
+    async initFromExternal() {
+        debug('init from external');
+        const ctx = this.ctx;
+        const opts = this.opts;
+        let externalKey;
+        if (opts.externalKey) {
+            externalKey = opts.externalKey.get(ctx);
+            debug('get external key from custom %s', externalKey);
+        }
+        else {
+            externalKey = ctx.cookies.get(opts.key, opts);
+            debug('get external key from cookie %s', externalKey);
+        }
+        if (!externalKey) {
+            // create a new `externalKey`
+            this.create();
+            return;
+        }
+        const json = await this.store.get(externalKey, opts.maxAge, {
+            ctx,
+            rolling: opts.rolling,
+        });
+        if (!this.valid(json, externalKey)) {
+            // create a new `externalKey`
+            this.create();
+            return;
+        }
+        // create with original `externalKey`
+        this.create(json, externalKey);
+        this.prevHash = (0, util_2.hash)(this.session.toJSON());
+    }
+    /**
+     * init session from cookie
+     * @api private
+     */
+    initFromCookie() {
+        debug('init from cookie');
+        const ctx = this.ctx;
+        const opts = this.opts;
+        const cookie = ctx.cookies.get(opts.key, opts);
+        if (!cookie) {
+            this.create();
+            return;
+        }
+        let json;
+        debug('parse %s', cookie);
+        try {
+            json = opts.decode(cookie);
+        }
+        catch (err) {
+            // backwards compatibility:
+            // create a new session if parsing fails.
+            // new Buffer(string, 'base64') does not seem to crash
+            // when `string` is not base64-encoded.
+            // but `JSON.parse(string)` will crash.
+            debug('decode %j error: %s', cookie, err);
+            if (!(err instanceof SyntaxError)) {
+                // clean this cookie to ensure next request won't throw again
+                ctx.cookies.set(opts.key, '', opts);
+                // ctx.onerror will unset all headers, and set those specified in err
+                err.headers = {
+                    'set-cookie': ctx.response.get('set-cookie'),
+                };
+                throw err;
+            }
+            this.create();
+            return;
+        }
+        debug('parsed %j', json);
+        if (!this.valid(json)) {
+            this.create();
+            return;
+        }
+        // support access `ctx.session` before session middleware
+        this.create(json);
+        this.prevHash = (0, util_2.hash)(this.session.toJSON());
+    }
+    /**
+     * verify session(expired or )
+     * @param  {Object} value session object
+     * @param  {Object} key session externalKey(optional)
+     * @return {Boolean} valid
+     * @api private
+     */
+    valid(value, key) {
+        const ctx = this.ctx;
+        if (!value) {
+            this.emit('missed', { key, value, ctx });
+            return false;
+        }
+        if (value._expire && value._expire < Date.now()) {
+            debug('expired session');
+            this.emit('expired', { key, value, ctx });
+            return false;
+        }
+        const valid = this.opts.valid;
+        if (typeof valid === 'function' && !valid(ctx, value)) {
+            // valid session value fail, ignore this session
+            debug('invalid session');
+            this.emit('invalid', { key, value, ctx });
+            return false;
+        }
+        return true;
+    }
+    /**
+     * @param {String} event event name
+     * @param {Object} data event data
+     * @api private
+     */
+    emit(event, data) {
+        setImmediate(() => {
+            this.app.emit(`session:${event}`, data);
+        });
+    }
+    /**
+     * create a new session and attach to ctx.sess
+     *
+     * @param {Object} [val] session data
+     * @param {String} [externalKey] session external key
+     * @api private
+     */
+    create(val, externalKey) {
+        debug('create session with val: %j externalKey: %s', val, externalKey);
+        if (this.store) {
+            this.externalKey =
+                externalKey || (this.opts.genid && this.opts.genid(this.ctx));
+        }
+        this.session = new session_1.Session(this, val, this.externalKey);
+    }
+    /**
+     * Commit the session changes or removal.
+     *
+     * @api public
+     */
+    async commit() {
+        const session = this.session;
+        const opts = this.opts;
+        const ctx = this.ctx;
+        // not accessed
+        if (undefined === session)
+            return;
+        // removed
+        if (session === false) {
+            await this.remove();
+            return;
+        }
+        const reason = this._shouldSaveSession();
+        debug('should save session: %s', reason);
+        if (!reason)
+            return;
+        if (typeof opts.beforeSave === 'function') {
+            debug('before save');
+            opts.beforeSave(ctx, session);
+        }
+        const changed = reason === 'changed';
+        await this.save(changed);
+    }
+    _shouldSaveSession() {
+        const prevHash = this.prevHash;
+        const session = this.session;
+        // force save session when `session._requireSave` set
+        if (session._requireSave)
+            return 'force';
+        // do nothing if new and not populated
+        const json = session.toJSON();
+        if (!prevHash && !Object.keys(json).length)
+            return '';
+        // save if session changed
+        const changed = prevHash !== (0, util_2.hash)(json);
+        if (changed)
+            return 'changed';
+        // save if opts.rolling set
+        if (this.opts.rolling)
+            return 'rolling';
+        // save if opts.renew and session will expired
+        if (this.opts.renew) {
+            const expire = session._expire;
+            const maxAge = session.maxAge;
+            // renew when session will expired in maxAge / 2
+            if (expire && maxAge && expire - Date.now() < maxAge / 2)
+                return 'renew';
+        }
+        return '';
+    }
+    /**
+     * remove session
+     * @api private
+     */
+    async remove() {
+        // Override the default options so that we can properly expire the session cookies
+        const opts = Object.assign({}, this.opts, {
+            expires: util_2.COOKIE_EXP_DATE,
+            maxAge: false,
+        });
+        const ctx = this.ctx;
+        const key = opts.key;
+        const externalKey = this.externalKey;
+        if (externalKey) {
+            await this.store.destroy(externalKey, { ctx });
+        }
+        ctx.cookies.set(key, '', opts);
+    }
+    /**
+     * save session
+     * @api private
+     */
+    async save(changed) {
+        const opts = this.opts;
+        const key = opts.key;
+        const externalKey = this.externalKey;
+        let json = this.session.toJSON();
+        // set expire for check
+        let maxAge = opts.maxAge ? opts.maxAge : util_2.ONE_DAY;
+        if (maxAge === 'session') {
+            // do not set _expire in json if maxAge is set to 'session'
+            // also delete maxAge from options
+            opts.maxAge = undefined;
+            json._session = true;
+        }
+        else {
+            // set expire for check
+            json._expire = maxAge + Date.now();
+            json._maxAge = maxAge;
+        }
+        // save to external store
+        if (externalKey) {
+            debug('save %j to external key %s', json, externalKey);
+            if (typeof maxAge === 'number') {
+                // ensure store expired after cookie
+                maxAge += 10000;
+            }
+            await this.store.set(externalKey, json, maxAge, {
+                changed,
+                ctx: this.ctx,
+                rolling: opts.rolling,
+            });
+            if (opts.externalKey) {
+                opts.externalKey.set(this.ctx, externalKey);
+            }
+            else {
+                this.ctx.cookies.set(key, externalKey, opts);
+            }
+            return;
+        }
+        // save to cookie
+        debug('save %j to cookie', json);
+        json = opts.encode(json);
+        debug('save %s', json);
+        this.ctx.cookies.set(key, json, opts);
+    }
+}
+exports.ContextSession = ContextSession;
+//# sourceMappingURL=context.js.map

package/dist/lib/session.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Session model.
+ */
+import { ISession } from '../interface';
+export declare class Session implements ISession {
+    private _sessCtx;
+    private _ctx;
+    private _externalKey;
+    _requireSave: any;
+    isNew: boolean;
+    /**
+     * Session constructor
+     * @param sessionContext
+     * @param {Object} obj
+     * @param externalKey
+     */
+    constructor(sessionContext: any, obj: any, externalKey: any);
+    /**
+     * JSON representation of the session.
+     *
+     * @return {Object}
+     * @api public
+     */
+    toJSON(): {};
+    /**
+     * Return how many values there are in the session object.
+     * Used to see if it's "populated".
+     *
+     * @return {Number}
+     * @api public
+     */
+    get length(): number;
+    /**
+     * populated flag, which is just a boolean alias of .length.
+     *
+     * @return {Boolean}
+     * @api public
+     */
+    get populated(): boolean;
+    /**
+     * get session maxAge
+     *
+     * @return {Number}
+     * @api public
+     */
+    get maxAge(): any;
+    /**
+     * set session maxAge
+     *
+     * @api public
+     * @param val
+     */
+    set maxAge(val: any);
+    /**
+     * get session external key
+     * only exist if opts.store present
+     */
+    get externalKey(): any;
+    /**
+     * save this session no matter whether it is populated
+     *
+     * @api public
+     */
+    save(): void;
+    /**
+     * commit this session's headers if autoCommit is set to false
+     *
+     * @api public
+     */
+    manuallyCommit(): Promise<void>;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/lib/session.js

@@ -0,0 +1,112 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Session = void 0;
+class Session {
+    /**
+     * Session constructor
+     * @param sessionContext
+     * @param {Object} obj
+     * @param externalKey
+     */
+    constructor(sessionContext, obj, externalKey) {
+        this.isNew = true;
+        this._sessCtx = sessionContext;
+        this._ctx = sessionContext.ctx;
+        this._externalKey = externalKey;
+        if (!obj) {
+            this.isNew = true;
+        }
+        else {
+            for (const k in obj) {
+                // restore maxAge from store
+                if (k === '_maxAge')
+                    this._ctx.sessionOptions.maxAge = obj._maxAge;
+                else if (k === '_session')
+                    this._ctx.sessionOptions.maxAge = 'session';
+                else
+                    this[k] = obj[k];
+            }
+        }
+    }
+    /**
+     * JSON representation of the session.
+     *
+     * @return {Object}
+     * @api public
+     */
+    toJSON() {
+        const obj = {};
+        Object.keys(this).forEach(key => {
+            if (key === 'isNew')
+                return;
+            if (key[0] === '_')
+                return;
+            obj[key] = this[key];
+        });
+        return obj;
+    }
+    /**
+     * Return how many values there are in the session object.
+     * Used to see if it's "populated".
+     *
+     * @return {Number}
+     * @api public
+     */
+    get length() {
+        return Object.keys(this.toJSON()).length;
+    }
+    /**
+     * populated flag, which is just a boolean alias of .length.
+     *
+     * @return {Boolean}
+     * @api public
+     */
+    get populated() {
+        return !!this.length;
+    }
+    /**
+     * get session maxAge
+     *
+     * @return {Number}
+     * @api public
+     */
+    get maxAge() {
+        return this._ctx.sessionOptions.maxAge;
+    }
+    /**
+     * set session maxAge
+     *
+     * @api public
+     * @param val
+     */
+    set maxAge(val) {
+        this._ctx.sessionOptions.maxAge = val;
+        // maxAge changed, must save to cookie and store
+        this._requireSave = true;
+    }
+    /**
+     * get session external key
+     * only exist if opts.store present
+     */
+    get externalKey() {
+        return this._externalKey;
+    }
+    /**
+     * save this session no matter whether it is populated
+     *
+     * @api public
+     */
+    save() {
+        this._requireSave = true;
+    }
+    /**
+     * commit this session's headers if autoCommit is set to false
+     *
+     * @api public
+     */
+    async manuallyCommit() {
+        await this._sessCtx.commit();
+    }
+}
+exports.Session = Session;
+//# sourceMappingURL=session.js.map

package/dist/lib/store.d.ts

@@ -0,0 +1,7 @@
+import { SessionStore } from '../interface';
+export declare class SessionStoreManager {
+    private sessionStore;
+    setSessionStore(sessionStore: any): void;
+    getSessionStore(): SessionStore;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/{store.js → lib/store.js}

@@ -6,11 +6,8 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SessionStoreManager = exports.SessionStore = void 0;
+exports.SessionStoreManager = void 0;
 const decorator_1 = require("@midwayjs/decorator");
-class SessionStore {
-}
-exports.SessionStore = SessionStore;
 let SessionStoreManager = class SessionStoreManager {
     setSessionStore(sessionStore) {
         this.sessionStore = sessionStore;

package/dist/lib/util.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Decode the base64 cookie value to an object.
+ *
+ * @param {String} string
+ * @return {Object}
+ * @api private
+ */
+export declare function decode(string: any): any;
+/**
+ * Encode an object into a base64-encoded JSON string.
+ *
+ * @param {Object} body
+ * @return {String}
+ * @api private
+ */
+export declare function encode(body: any): string;
+export declare function hash(sess: any): number;
+export declare const COOKIE_EXP_DATE: Date;
+export declare const ONE_DAY: number;
+//# sourceMappingURL=util.d.ts.map

package/dist/lib/util.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ONE_DAY = exports.COOKIE_EXP_DATE = exports.hash = exports.encode = exports.decode = void 0;
+const crc_1 = require("crc");
+/**
+ * Decode the base64 cookie value to an object.
+ *
+ * @param {String} string
+ * @return {Object}
+ * @api private
+ */
+function decode(string) {
+    const body = Buffer.from(string, 'base64').toString('utf8');
+    return JSON.parse(body);
+}
+exports.decode = decode;
+/**
+ * Encode an object into a base64-encoded JSON string.
+ *
+ * @param {Object} body
+ * @return {String}
+ * @api private
+ */
+function encode(body) {
+    body = JSON.stringify(body);
+    return Buffer.from(body).toString('base64');
+}
+exports.encode = encode;
+function hash(sess) {
+    return (0, crc_1.crc32)(JSON.stringify(sess));
+}
+exports.hash = hash;
+exports.COOKIE_EXP_DATE = new Date('Thu, 01 Jan 1970 00:00:00 GMT');
+exports.ONE_DAY = 24 * 60 * 60 * 1000;
+//# sourceMappingURL=util.js.map

package/dist/middleware/session.d.ts

@@ -1,10 +1,10 @@
 import { IMiddleware } from '@midwayjs/core';
-import { SessionStoreManager } from '../store';
+import { SessionStoreManager } from '../lib/store';
 export declare class SessionMiddleware implements IMiddleware<any, any> {
     sessionConfig: any;
     logger: any;
     sessionStoreManager: SessionStoreManager;
-    resolve(app: any): any;
+    resolve(app: any): (ctx: any, next: any) => Promise<void>;
     static getName(): string;
 }
 //# sourceMappingURL=session.d.ts.map

package/dist/middleware/session.js

@@ -11,8 +11,112 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SessionMiddleware = void 0;
 const decorator_1 = require("@midwayjs/decorator");
-const koaSession = require("koa-session");
-const store_1 = require("../store");
+const store_1 = require("../lib/store");
+const util_1 = require("../lib/util");
+const assert = require("assert");
+const context_1 = require("../lib/context");
+const CONTEXT_SESSION = Symbol('context#contextSession');
+const _CONTEXT_SESSION = Symbol('context#_contextSession');
+/**
+ * format and check session options
+ * @param  {Object} opts session options
+ * @return {Object} new session options
+ *
+ * @api private
+ */
+function formatOpts(opts) {
+    opts = opts || {};
+    // key
+    opts.key = opts.key || 'koa.sess';
+    // back-compat maxage
+    if (!('maxAge' in opts))
+        opts.maxAge = opts.maxage;
+    // defaults
+    if (opts.overwrite == null)
+        opts.overwrite = true;
+    if (opts.httpOnly == null)
+        opts.httpOnly = true;
+    // delete null sameSite config
+    if (opts.sameSite == null)
+        delete opts.sameSite;
+    if (opts.signed == null)
+        opts.signed = true;
+    if (opts.autoCommit == null)
+        opts.autoCommit = true;
+    // setup encoding/decoding
+    if (typeof opts.encode !== 'function') {
+        opts.encode = util_1.encode;
+    }
+    if (typeof opts.decode !== 'function') {
+        opts.decode = util_1.decode;
+    }
+    const store = opts.store;
+    if (store) {
+        assert(decorator_1.Types.isFunction(store.get), 'store.get must be function');
+        assert(decorator_1.Types.isFunction(store.set), 'store.set must be function');
+        assert(decorator_1.Types.isFunction(store.destroy), 'store.destroy must be function');
+    }
+    const externalKey = opts.externalKey;
+    if (externalKey) {
+        assert(decorator_1.Types.isFunction(externalKey.get), 'externalKey.get must be function');
+        assert(decorator_1.Types.isFunction(externalKey.set), 'externalKey.set must be function');
+    }
+    const ContextStore = opts.ContextStore;
+    if (ContextStore) {
+        assert(decorator_1.Types.isClass(ContextStore), 'ContextStore must be a class');
+        assert(decorator_1.Types.isFunction(ContextStore.prototype.get), 'ContextStore.prototype.get must be function');
+        assert(decorator_1.Types.isFunction(ContextStore.prototype.set), 'ContextStore.prototype.set must be function');
+        assert(decorator_1.Types.isFunction(ContextStore.prototype.destroy), 'ContextStore.prototype.destroy must be function');
+    }
+    if (!opts.genid) {
+        if (opts.prefix) {
+            opts.genid = () => `${opts.prefix}${decorator_1.Utils.randomUUID()}`;
+        }
+        else {
+            opts.genid = decorator_1.Utils.randomUUID;
+        }
+    }
+    return opts;
+}
+/**
+ * extend context prototype, add session properties
+ *
+ * @param  {Object} context koa's context prototype
+ * @param  {Object} opts session options
+ *
+ * @api private
+ */
+function extendContext(context, opts) {
+    // eslint-disable-next-line no-prototype-builtins
+    if (context.hasOwnProperty(CONTEXT_SESSION)) {
+        return;
+    }
+    Object.defineProperties(context, {
+        [CONTEXT_SESSION]: {
+            get() {
+                if (this[_CONTEXT_SESSION]) {
+                    return this[_CONTEXT_SESSION];
+                }
+                this[_CONTEXT_SESSION] = new context_1.ContextSession(this, opts);
+                return this[_CONTEXT_SESSION];
+            },
+        },
+        session: {
+            get() {
+                return this[CONTEXT_SESSION].get();
+            },
+            set(val) {
+                this[CONTEXT_SESSION].set(val);
+            },
+            configurable: true,
+        },
+        sessionOptions: {
+            get() {
+                return this[CONTEXT_SESSION].opts;
+            },
+        },
+    });
+}
 let SessionMiddleware = class SessionMiddleware {
     resolve(app) {
         if (!this.sessionConfig.httpOnly) {
@@ -22,7 +126,22 @@ let SessionMiddleware = class SessionMiddleware {
         if (store) {
             this.sessionConfig.store = store;
         }
-        return koaSession(this.sessionConfig, app);
+        const opts = formatOpts(this.sessionConfig);
+        extendContext(app.context, opts);
+        return async function session(ctx, next) {
+            const sess = ctx[CONTEXT_SESSION];
+            if (sess.store) {
+                await sess.initFromExternal();
+            }
+            try {
+                await next();
+            }
+            finally {
+                if (opts.autoCommit) {
+                    await sess.commit();
+                }
+            }
+        };
     }
     static getName() {
         return 'session';

package/index.d.ts

@@ -1,12 +1,20 @@
-import { opts } from 'koa-session';
+import { SessionOptions, ISession } from './dist';
 export * from './dist/index';
 
 declare module '@midwayjs/core/dist/interface' {
   interface MidwayConfig {
-    session: Partial<
-      opts & {
-        enable: boolean;
-      }
-    >;
+    session?: PowerPartial<SessionOptions>;
+  }
+}
+
+declare module '@midwayjs/koa/dist/interface' {
+  interface Context {
+    session?: ISession;
+  }
+}
+
+declare module '@midwayjs/faas/dist/interface' {
+  interface Context {
+    session?: ISession;
   }
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@midwayjs/session",
   "description": "midway session component for koa and faas",
-  "version": "3.0.0-beta.16",
+  "version": "3.0.1",
   "main": "dist/index",
   "typings": "index.d.ts",
   "files": [
@@ -10,13 +10,13 @@
     "index.d.ts"
   ],
   "devDependencies": {
-    "@midwayjs/core": "^3.0.0-beta.16",
-    "@midwayjs/decorator": "^3.0.0-beta.16",
-    "@midwayjs/mock": "^3.0.0-beta.16",
-    "@types/koa-session": "5.10.4"
+    "@midwayjs/core": "^3.0.1",
+    "@midwayjs/decorator": "^3.0.0",
+    "@midwayjs/mock": "^3.0.1"
   },
   "dependencies": {
-    "koa-session": "^6.2.0"
+    "@midwayjs/cookies": "1.0.1",
+    "crc": "4.1.0"
   },
   "keywords": [
     "midway",
@@ -29,8 +29,8 @@
   "license": "MIT",
   "scripts": {
     "build": "tsc",
-    "test": "node --require=ts-node/register ../../node_modules/.bin/jest",
-    "cov": "node --require=ts-node/register ../../node_modules/.bin/jest --coverage --forceExit",
+    "test": "node --require=ts-node/register ../../node_modules/.bin/jest --runInBand",
+    "cov": "node --require=ts-node/register ../../node_modules/.bin/jest --runInBand --coverage --forceExit",
     "ci": "npm run test",
     "lint": "mwts check"
   },
@@ -41,5 +41,5 @@
     "type": "git",
     "url": "https://github.com/midwayjs/midway.git"
   },
-  "gitHead": "43a32745ac45164dfef1494cba979f9652a6692b"
+  "gitHead": "f345b4ed0392e5c3b9e815438ef0a377ad6da076"
 }

package/dist/store.d.ts

@@ -1,11 +0,0 @@
-export declare abstract class SessionStore {
-    abstract get(key: string): any;
-    abstract set(key: string, value: string, maxAge: number): any;
-    abstract destroy(key: any): any;
-}
-export declare class SessionStoreManager {
-    private sessionStore;
-    setSessionStore(sessionStore: any): void;
-    getSessionStore(): SessionStore;
-}
-//# sourceMappingURL=store.d.ts.map