@midwayjs/session 3.0.0-beta.9 → 3.0.3

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2013 - Now midwayjs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -7,7 +7,6 @@ Session component for @midwayjs/koa and @midwayjs/faas
 
 ```bash
 $ npm i @midwayjs/session --save
-$ npm i @types/koa-session --save-dev
 ```
 
 

package/dist/config/config.default.d.ts

@@ -1,4 +1,5 @@
 export declare const session: {
+    enable: boolean;
     maxAge: number;
     key: string;
     httpOnly: boolean;

package/dist/config/config.default.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.session = void 0;
 exports.session = {
+    enable: true,
     maxAge: 24 * 3600 * 1000,
     key: 'MW_SESS',
     httpOnly: true,

package/dist/config/config.default.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.default.js","sourceRoot":"","sources":["../../src/config/config.default.ts"],"names":[],"mappings":";;;AAAa,QAAA,OAAO,GAAG;IACrB,MAAM,EAAE,IAAI;IACZ,MAAM,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;IACxB,GAAG,EAAE,SAAS;IACd,QAAQ,EAAE,IAAI;IACd,kBAAkB;IAClB,QAAQ,EAAE,IAAI;CACf,CAAC","sourcesContent":["export const session = {\n  enable: true,\n  maxAge: 24 * 3600 * 1000, // ms\n  key: 'MW_SESS',\n  httpOnly: true,\n  // sameSite: null,\n  logValue: true,\n};\n"]}

package/dist/configuration.js

@@ -16,21 +16,23 @@ const session_1 = require("./middleware/session");
 const core_1 = require("@midwayjs/core");
 let SessionConfiguration = class SessionConfiguration {
     async onReady() {
-        this.applicationManager.getApplications(['koa', 'faas']).forEach(app => {
-            if (app.on) {
-                // listen on session's events
-                app.on('session:missed', ({ ctx, key }) => {
-                    this.logger.warn('[session][missed] key(%s)', key);
-                });
-                app.on('session:expired', ({ ctx, key, value }) => {
-                    this.logger.warn('[session][expired] key(%s) value(%j)', key, this.sessionConfig.logValue ? value : '');
-                });
-                app.on('session:invalid', ({ ctx, key, value }) => {
-                    this.logger.warn('[session][invalid] key(%s) value(%j)', key, this.sessionConfig.logValue ? value : '');
-                });
-            }
-            app.useMiddleware(session_1.SessionMiddleware);
-        });
+        if (this.sessionConfig.enable) {
+            this.applicationManager.getApplications(['koa', 'faas']).forEach(app => {
+                if (app.on) {
+                    // listen on session's events
+                    app.on('session:missed', ({ ctx, key }) => {
+                        this.logger.warn('[session][missed] key(%s)', key);
+                    });
+                    app.on('session:expired', ({ ctx, key, value }) => {
+                        this.logger.warn('[session][expired] key(%s) value(%j)', key, this.sessionConfig.logValue ? value : '');
+                    });
+                    app.on('session:invalid', ({ ctx, key, value }) => {
+                        this.logger.warn('[session][invalid] key(%s) value(%j)', key, this.sessionConfig.logValue ? value : '');
+                    });
+                }
+                app.useMiddleware(session_1.SessionMiddleware);
+            });
+        }
     }
 };
 __decorate([

package/dist/configuration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../src/configuration.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,mDAA4E;AAC5E,yDAAyD;AACzD,kDAAyD;AACzD,yCAA0D;AAU1D,IAAa,oBAAoB,GAAjC,MAAa,oBAAoB;IAU/B,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAC7B,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBACrE,IAAK,GAAW,CAAC,EAAE,EAAE;oBACnB,6BAA6B;oBAC5B,GAAW,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE;wBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;oBACrD,CAAC,CAAC,CAAC;oBACF,GAAW,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE;wBACzD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sCAAsC,EACtC,GAAG,EACH,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC;oBACJ,CAAC,CAAC,CAAC;oBACF,GAAW,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE;wBACzD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sCAAsC,EACtC,GAAG,EACH,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC;oBACJ,CAAC,CAAC,CAAC;iBACJ;gBAED,GAAG,CAAC,aAAa,CAAC,2BAAiB,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;SACJ;IACH,CAAC;CACF,CAAA;AApCC;IADC,IAAA,kBAAM,GAAE;8BACW,+BAAwB;gEAAC;AAG7C;IADC,IAAA,kBAAM,EAAC,YAAY,CAAC;;oDACd;AAGP;IADC,IAAA,kBAAM,EAAC,SAAS,CAAC;;2DACJ;AARH,oBAAoB;IARhC,IAAA,yBAAa,EAAC;QACb,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE;YACb;gBACE,OAAO,EAAE,aAAa;aACvB;SACF;KACF,CAAC;GACW,oBAAoB,CAsChC;AAtCY,oDAAoB","sourcesContent":["import { Config, Configuration, Inject, Logger } from '@midwayjs/decorator';\nimport * as DefaultConfig from './config/config.default';\nimport { SessionMiddleware } from './middleware/session';\nimport { MidwayApplicationManager } from '@midwayjs/core';\n\n@Configuration({\n  namespace: 'session',\n  importConfigs: [\n    {\n      default: DefaultConfig,\n    },\n  ],\n})\nexport class SessionConfiguration {\n  @Inject()\n  applicationManager: MidwayApplicationManager;\n\n  @Logger('coreLogger')\n  logger;\n\n  @Config('session')\n  sessionConfig;\n\n  async onReady() {\n    if (this.sessionConfig.enable) {\n      this.applicationManager.getApplications(['koa', 'faas']).forEach(app => {\n        if ((app as any).on) {\n          // listen on session's events\n          (app as any).on('session:missed', ({ ctx, key }) => {\n            this.logger.warn('[session][missed] key(%s)', key);\n          });\n          (app as any).on('session:expired', ({ ctx, key, value }) => {\n            this.logger.warn(\n              '[session][expired] key(%s) value(%j)',\n              key,\n              this.sessionConfig.logValue ? value : ''\n            );\n          });\n          (app as any).on('session:invalid', ({ ctx, key, value }) => {\n            this.logger.warn(\n              '[session][invalid] key(%s) value(%j)',\n              key,\n              this.sessionConfig.logValue ? value : ''\n            );\n          });\n        }\n\n        app.useMiddleware(SessionMiddleware);\n      });\n    }\n  }\n}\n"]}

package/dist/index.d.ts

@@ -1,4 +1,5 @@
+export * from './interface';
 export { SessionConfiguration as Configuration } from './configuration';
 export * from './middleware/session';
-export * from './store';
+export * from './lib/store';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -11,8 +11,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Configuration = void 0;
+__exportStar(require("./interface"), exports);
 var configuration_1 = require("./configuration");
 Object.defineProperty(exports, "Configuration", { enumerable: true, get: function () { return configuration_1.SessionConfiguration; } });
 __exportStar(require("./middleware/session"), exports);
-__exportStar(require("./store"), exports);
+__exportStar(require("./lib/store"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,8CAA4B;AAC5B,iDAAwE;AAA/D,8GAAA,oBAAoB,OAAiB;AAC9C,uDAAqC;AACrC,8CAA4B","sourcesContent":["export * from './interface';\nexport { SessionConfiguration as Configuration } from './configuration';\nexport * from './middleware/session';\nexport * from './lib/store';\n"]}

package/dist/interface.d.ts

@@ -0,0 +1,105 @@
+import { CookieSetOptions } from '@midwayjs/cookies';
+import { opts } from 'koa-session';
+export interface ISession {
+    /**
+     * JSON representation of the session.
+     */
+    toJSON(): object;
+    /**
+     * Return how many values there are in the session object.
+     * Used to see if it"s "populated".
+     */
+    readonly length: number;
+    /**
+     * populated flag, which is just a boolean alias of .length.
+     */
+    readonly populated: boolean;
+    /**
+     * get/set session maxAge
+     */
+    maxAge: opts["maxAge"];
+    /**
+     * save this session no matter whether it is populated
+     */
+    save(): void;
+    /**
+     * allow to put any value on session object
+     */
+    [_: string]: any;
+}
+interface ExternalKeys {
+    /**
+     * get session object by key
+     */
+    get(ctx: any): string;
+    /**
+     * set session object for key, with a maxAge (in ms)
+     */
+    set(ctx: any, value: any): void;
+}
+export interface SessionOptions extends Omit<CookieSetOptions, 'maxAge'> {
+    enable: boolean;
+    /**
+     * cookie key (default is koa:sess)
+     */
+    key: string;
+    /**
+     * maxAge in ms (default is 1 days)
+     * "session" will result in a cookie that expires when session/browser is closed
+     * Warning: If a session cookie is stolen, this cookie will never expire
+     */
+    maxAge?: number | "session" | undefined;
+    /**
+     * custom encode method
+     */
+    encode: (str: string) => Record<any, any>;
+    /**
+     * custom decode method
+     */
+    decode: (obj: Record<any, any>) => string;
+    /**
+     * The way of generating external session id is controlled by the options.genid, which defaults to Date.now() + "-" + uid.sync(24).
+     */
+    genid: () => string;
+    /**
+     * Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. default is false
+     */
+    rolling?: boolean | undefined;
+    /**
+     * Renew session when session is nearly expired, so we can always keep user logged in. (default is false)
+     */
+    renew?: boolean | undefined;
+    /**
+     * External key is used the cookie by default,
+     * but you can use options.externalKey to customize your own external key methods.
+     */
+    externalKey?: ExternalKeys | undefined;
+    /**
+     * If your session store requires data or utilities from context, opts.ContextStore is alse supported.
+     * ContextStore must be a class which claims three instance methods demonstrated above.
+     * new ContextStore(ctx) will be executed on every request.
+     */
+    ContextStore?: {
+        new (ctx: any): SessionStore;
+    } | undefined;
+    /**
+     * If you want to add prefix for all external session id, you can use options.prefix, it will not work if options.genid present.
+     */
+    prefix?: string | undefined;
+    /**
+     * Hook: valid session value before use it
+     */
+    valid?(ctx: any, session: Partial<ISession>): void;
+    /**
+     * Hook: before save session
+     */
+    beforeSave?(ctx: any, session: ISession): void;
+    autoCommit: boolean;
+}
+export declare abstract class SessionStore {
+    abstract get(key: string): any;
+    abstract set(key: string, value: string, maxAge: number): any;
+    abstract destroy(key: any): any;
+}
+export {};
+//# sourceMappingURL=interface.d.ts.map

package/dist/interface.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionStore = void 0;
+class SessionStore {
+}
+exports.SessionStore = SessionStore;
+//# sourceMappingURL=interface.js.map

package/dist/interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interface.js","sourceRoot":"","sources":["../src/interface.ts"],"names":[],"mappings":";;;AAsHA,MAAsB,YAAY;CAIjC;AAJD,oCAIC","sourcesContent":["import { CookieSetOptions } from '@midwayjs/cookies';\nimport { opts } from 'koa-session';\n\nexport interface ISession {\n  /**\n   * JSON representation of the session.\n   */\n  toJSON(): object;\n\n  /**\n   * Return how many values there are in the session object.\n   * Used to see if it\"s \"populated\".\n   */\n  readonly length: number;\n\n  /**\n   * populated flag, which is just a boolean alias of .length.\n   */\n  readonly populated: boolean;\n\n  /**\n   * get/set session maxAge\n   */\n  maxAge: opts[\"maxAge\"];\n\n  /**\n   * save this session no matter whether it is populated\n   */\n  save(): void;\n\n  /**\n   * allow to put any value on session object\n   */\n  [_: string]: any;\n}\n\ninterface ExternalKeys {\n  /**\n   * get session object by key\n   */\n  get(ctx: any): string;\n\n  /**\n   * set session object for key, with a maxAge (in ms)\n   */\n  set(ctx: any, value: any): void;\n}\n\nexport interface SessionOptions extends Omit<CookieSetOptions, 'maxAge'> {\n  enable: boolean;\n  /**\n   * cookie key (default is koa:sess)\n   */\n  key: string;\n\n  /**\n   * maxAge in ms (default is 1 days)\n   * \"session\" will result in a cookie that expires when session/browser is closed\n   * Warning: If a session cookie is stolen, this cookie will never expire\n   */\n  maxAge?: number | \"session\" | undefined;\n\n  /**\n   * custom encode method\n   */\n  encode: (str: string) => Record<any, any>;\n\n  /**\n   * custom decode method\n   */\n  decode: (obj: Record<any, any>) => string;\n\n  /**\n   * The way of generating external session id is controlled by the options.genid, which defaults to Date.now() + \"-\" + uid.sync(24).\n   */\n  genid: () => string;\n\n  /**\n   * Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. default is false\n   */\n  rolling?: boolean | undefined;\n\n  /**\n   * Renew session when session is nearly expired, so we can always keep user logged in. (default is false)\n   */\n  renew?: boolean | undefined;\n\n  /**\n   * External key is used the cookie by default,\n   * but you can use options.externalKey to customize your own external key methods.\n   */\n  externalKey?: ExternalKeys | undefined;\n\n  /**\n   * If your session store requires data or utilities from context, opts.ContextStore is alse supported.\n   * ContextStore must be a class which claims three instance methods demonstrated above.\n   * new ContextStore(ctx) will be executed on every request.\n   */\n  ContextStore?: { new(ctx: any): SessionStore } | undefined;\n\n  /**\n   * If you want to add prefix for all external session id, you can use options.prefix, it will not work if options.genid present.\n   */\n  prefix?: string | undefined;\n\n  /**\n   * Hook: valid session value before use it\n   */\n  valid?(ctx: any, session: Partial<ISession>): void;\n\n  /**\n   * Hook: before save session\n   */\n  beforeSave?(ctx: any, session: ISession): void;\n\n  autoCommit: boolean;\n}\n\nexport abstract class SessionStore {\n  abstract get(key: string);\n  abstract set(key: string, value: string, maxAge: number);\n  abstract destroy(key);\n}\n"]}

package/dist/lib/context.d.ts

@@ -0,0 +1,80 @@
+export declare class ContextSession {
+    private ctx;
+    private app;
+    private opts;
+    private session;
+    private externalKey;
+    private prevHash;
+    store: any;
+    /**
+     * context session constructor
+     * @api public
+     */
+    constructor(ctx: any, opts: any);
+    /**
+     * internal logic of `ctx.session`
+     * @return {Session} session object
+     *
+     * @api public
+     */
+    get(): any;
+    /**
+     * internal logic of `ctx.session=`
+     * @param {Object} val session object
+     *
+     * @api public
+     */
+    set(val: any): void;
+    /**
+     * init session from external store
+     * will be called in the front of session middleware
+     *
+     * @api public
+     */
+    initFromExternal(): Promise<void>;
+    /**
+     * init session from cookie
+     * @api private
+     */
+    initFromCookie(): void;
+    /**
+     * verify session(expired or )
+     * @param  {Object} value session object
+     * @param  {Object} key session externalKey(optional)
+     * @return {Boolean} valid
+     * @api private
+     */
+    valid(value: any, key?: any): boolean;
+    /**
+     * @param {String} event event name
+     * @param {Object} data event data
+     * @api private
+     */
+    emit(event: any, data: any): void;
+    /**
+     * create a new session and attach to ctx.sess
+     *
+     * @param {Object} [val] session data
+     * @param {String} [externalKey] session external key
+     * @api private
+     */
+    create(val?: any, externalKey?: any): void;
+    /**
+     * Commit the session changes or removal.
+     *
+     * @api public
+     */
+    commit(): Promise<void>;
+    _shouldSaveSession(): "" | "force" | "changed" | "rolling" | "renew";
+    /**
+     * remove session
+     * @api private
+     */
+    remove(): Promise<void>;
+    /**
+     * save session
+     * @api private
+     */
+    save(changed: any): Promise<void>;
+}
+//# sourceMappingURL=context.d.ts.map

package/dist/lib/context.js

@@ -0,0 +1,315 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContextSession = void 0;
+const util_1 = require("util");
+const util_2 = require("./util");
+const session_1 = require("./session");
+const debug = (0, util_1.debuglog)('session:context');
+class ContextSession {
+    /**
+     * context session constructor
+     * @api public
+     */
+    constructor(ctx, opts) {
+        this.ctx = ctx;
+        this.app = ctx.app;
+        this.opts = Object.assign({}, opts);
+        this.store = this.opts.ContextStore
+            ? new this.opts.ContextStore(ctx)
+            : this.opts.store;
+    }
+    /**
+     * internal logic of `ctx.session`
+     * @return {Session} session object
+     *
+     * @api public
+     */
+    get() {
+        const session = this.session;
+        // already retrieved
+        if (session)
+            return session;
+        // unset
+        if (session === false)
+            return null;
+        // create an empty session or init from cookie
+        this.store ? this.create() : this.initFromCookie();
+        return this.session;
+    }
+    /**
+     * internal logic of `ctx.session=`
+     * @param {Object} val session object
+     *
+     * @api public
+     */
+    set(val) {
+        if (val === null) {
+            this.session = false;
+            return;
+        }
+        if (typeof val === 'object') {
+            // use the original `externalKey` if exists to avoid waste storage
+            this.create(val, this.externalKey);
+            return;
+        }
+        throw new Error('this.session can only be set as null or an object.');
+    }
+    /**
+     * init session from external store
+     * will be called in the front of session middleware
+     *
+     * @api public
+     */
+    async initFromExternal() {
+        debug('init from external');
+        const ctx = this.ctx;
+        const opts = this.opts;
+        let externalKey;
+        if (opts.externalKey) {
+            externalKey = opts.externalKey.get(ctx);
+            debug('get external key from custom %s', externalKey);
+        }
+        else {
+            externalKey = ctx.cookies.get(opts.key, opts);
+            debug('get external key from cookie %s', externalKey);
+        }
+        if (!externalKey) {
+            // create a new `externalKey`
+            this.create();
+            return;
+        }
+        const json = await this.store.get(externalKey, opts.maxAge, {
+            ctx,
+            rolling: opts.rolling,
+        });
+        if (!this.valid(json, externalKey)) {
+            // create a new `externalKey`
+            this.create();
+            return;
+        }
+        // create with original `externalKey`
+        this.create(json, externalKey);
+        this.prevHash = (0, util_2.hash)(this.session.toJSON());
+    }
+    /**
+     * init session from cookie
+     * @api private
+     */
+    initFromCookie() {
+        debug('init from cookie');
+        const ctx = this.ctx;
+        const opts = this.opts;
+        const cookie = ctx.cookies.get(opts.key, opts);
+        if (!cookie) {
+            this.create();
+            return;
+        }
+        let json;
+        debug('parse %s', cookie);
+        try {
+            json = opts.decode(cookie);
+        }
+        catch (err) {
+            // backwards compatibility:
+            // create a new session if parsing fails.
+            // new Buffer(string, 'base64') does not seem to crash
+            // when `string` is not base64-encoded.
+            // but `JSON.parse(string)` will crash.
+            debug('decode %j error: %s', cookie, err);
+            if (!(err instanceof SyntaxError)) {
+                // clean this cookie to ensure next request won't throw again
+                ctx.cookies.set(opts.key, '', opts);
+                // ctx.onerror will unset all headers, and set those specified in err
+                err.headers = {
+                    'set-cookie': ctx.response.get('set-cookie'),
+                };
+                throw err;
+            }
+            this.create();
+            return;
+        }
+        debug('parsed %j', json);
+        if (!this.valid(json)) {
+            this.create();
+            return;
+        }
+        // support access `ctx.session` before session middleware
+        this.create(json);
+        this.prevHash = (0, util_2.hash)(this.session.toJSON());
+    }
+    /**
+     * verify session(expired or )
+     * @param  {Object} value session object
+     * @param  {Object} key session externalKey(optional)
+     * @return {Boolean} valid
+     * @api private
+     */
+    valid(value, key) {
+        const ctx = this.ctx;
+        if (!value) {
+            this.emit('missed', { key, value, ctx });
+            return false;
+        }
+        if (value._expire && value._expire < Date.now()) {
+            debug('expired session');
+            this.emit('expired', { key, value, ctx });
+            return false;
+        }
+        const valid = this.opts.valid;
+        if (typeof valid === 'function' && !valid(ctx, value)) {
+            // valid session value fail, ignore this session
+            debug('invalid session');
+            this.emit('invalid', { key, value, ctx });
+            return false;
+        }
+        return true;
+    }
+    /**
+     * @param {String} event event name
+     * @param {Object} data event data
+     * @api private
+     */
+    emit(event, data) {
+        setImmediate(() => {
+            this.app.emit(`session:${event}`, data);
+        });
+    }
+    /**
+     * create a new session and attach to ctx.sess
+     *
+     * @param {Object} [val] session data
+     * @param {String} [externalKey] session external key
+     * @api private
+     */
+    create(val, externalKey) {
+        debug('create session with val: %j externalKey: %s', val, externalKey);
+        if (this.store) {
+            this.externalKey =
+                externalKey || (this.opts.genid && this.opts.genid(this.ctx));
+        }
+        this.session = new session_1.Session(this, val, this.externalKey);
+    }
+    /**
+     * Commit the session changes or removal.
+     *
+     * @api public
+     */
+    async commit() {
+        const session = this.session;
+        const opts = this.opts;
+        const ctx = this.ctx;
+        // not accessed
+        if (undefined === session)
+            return;
+        // removed
+        if (session === false) {
+            await this.remove();
+            return;
+        }
+        const reason = this._shouldSaveSession();
+        debug('should save session: %s', reason);
+        if (!reason)
+            return;
+        if (typeof opts.beforeSave === 'function') {
+            debug('before save');
+            opts.beforeSave(ctx, session);
+        }
+        const changed = reason === 'changed';
+        await this.save(changed);
+    }
+    _shouldSaveSession() {
+        const prevHash = this.prevHash;
+        const session = this.session;
+        // force save session when `session._requireSave` set
+        if (session._requireSave)
+            return 'force';
+        // do nothing if new and not populated
+        const json = session.toJSON();
+        if (!prevHash && !Object.keys(json).length)
+            return '';
+        // save if session changed
+        const changed = prevHash !== (0, util_2.hash)(json);
+        if (changed)
+            return 'changed';
+        // save if opts.rolling set
+        if (this.opts.rolling)
+            return 'rolling';
+        // save if opts.renew and session will expired
+        if (this.opts.renew) {
+            const expire = session._expire;
+            const maxAge = session.maxAge;
+            // renew when session will expired in maxAge / 2
+            if (expire && maxAge && expire - Date.now() < maxAge / 2)
+                return 'renew';
+        }
+        return '';
+    }
+    /**
+     * remove session
+     * @api private
+     */
+    async remove() {
+        // Override the default options so that we can properly expire the session cookies
+        const opts = Object.assign({}, this.opts, {
+            expires: util_2.COOKIE_EXP_DATE,
+            maxAge: false,
+        });
+        const ctx = this.ctx;
+        const key = opts.key;
+        const externalKey = this.externalKey;
+        if (externalKey) {
+            await this.store.destroy(externalKey, { ctx });
+        }
+        ctx.cookies.set(key, '', opts);
+    }
+    /**
+     * save session
+     * @api private
+     */
+    async save(changed) {
+        const opts = this.opts;
+        const key = opts.key;
+        const externalKey = this.externalKey;
+        let json = this.session.toJSON();
+        // set expire for check
+        let maxAge = opts.maxAge ? opts.maxAge : util_2.ONE_DAY;
+        if (maxAge === 'session') {
+            // do not set _expire in json if maxAge is set to 'session'
+            // also delete maxAge from options
+            opts.maxAge = undefined;
+            json._session = true;
+        }
+        else {
+            // set expire for check
+            json._expire = maxAge + Date.now();
+            json._maxAge = maxAge;
+        }
+        // save to external store
+        if (externalKey) {
+            debug('save %j to external key %s', json, externalKey);
+            if (typeof maxAge === 'number') {
+                // ensure store expired after cookie
+                maxAge += 10000;
+            }
+            await this.store.set(externalKey, json, maxAge, {
+                changed,
+                ctx: this.ctx,
+                rolling: opts.rolling,
+            });
+            if (opts.externalKey) {
+                opts.externalKey.set(this.ctx, externalKey);
+            }
+            else {
+                this.ctx.cookies.set(key, externalKey, opts);
+            }
+            return;
+        }
+        // save to cookie
+        debug('save %j to cookie', json);
+        json = opts.encode(json);
+        debug('save %s', json);
+        this.ctx.cookies.set(key, json, opts);
+    }
+}
+exports.ContextSession = ContextSession;
+//# sourceMappingURL=context.js.map