@prairielearn/session 3.0.20 → 3.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/before-end.js +4 -4
  3. package/dist/before-end.js.map +1 -1
  4. package/dist/index.js +1 -1
  5. package/dist/index.js.map +1 -1
  6. package/package.json +4 -4
  7. package/src/before-end.ts +4 -4
  8. package/src/index.ts +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # @prairielearn/session
2
2
 
3
+ ## 3.0.21
4
+
5
+ ### Patch Changes
6
+
7
+ - f571b40: Upgrade all JavaScript dependencies
8
+
3
9
  ## 3.0.20
4
10
 
5
11
  ### Patch Changes
package/dist/before-end.js CHANGED
@@ -52,12 +52,12 @@ export function beforeEnd(res, next, fn) {
52
52
  return ret;
53
53
  }
54
54
  const contentLength = Number(res.getHeader('Content-Length'));
55
- if (!isNaN(contentLength) && contentLength > 0) {
55
+ if (!Number.isNaN(contentLength) && contentLength > 0) {
56
56
  chunk = !Buffer.isBuffer(chunk) ? Buffer.from(chunk, encoding) : chunk;
57
57
  encoding = undefined;
58
- if (chunk.length !== 0) {
59
- ret = _write.call(res, chunk.slice(0, chunk.length - 1));
60
- chunk = chunk.slice(chunk.length - 1, chunk.length);
58
+ if (chunk.length > 0) {
59
+ ret = _write.call(res, chunk.slice(0, -1));
60
+ chunk = chunk.slice(-1);
61
61
  return ret;
62
62
  }
63
63
  }
package/dist/before-end.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"before-end.js","sourceRoot":"","sources":["../src/before-end.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,SAAS,CAAC,GAAQ,EAAE,IAAkB,EAAE,EAAuB;IAC7E,MAAM,IAAI,GAAG,GAAG,CAAC,GAAU,CAAC;IAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAY,CAAC;IAChC,IAAI,KAAK,GAAG,KAAK,CAAC;IAElB,GAAG,CAAC,GAAG,GAAG,SAAS,GAAG,CAAC,KAAU,EAAE,QAAa;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,GAAG,IAAI,CAAC;QAEb,IAAI,GAAQ,CAAC;QACb,IAAI,IAAI,GAAG,IAAI,CAAC;QAEhB,SAAS,QAAQ;YACf,IAAI,IAAI,EAAE,CAAC;gBACT,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;gBACtC,IAAI,GAAG,KAAK,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;QAED,SAAS,QAAQ;YACf,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,GAAG,CAAC;YACb,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,GAAG,CAAC,eAAe,EAAE,CAAC;YACxB,CAAC;YAED,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;gBAClB,GAAG,GAAG,IAAI,CAAC;gBACX,OAAO,GAAG,CAAC;YACb,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC;YAE9D,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;gBAC/C,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBACvE,QAAQ,GAAG,SAAS,CAAC;gBAErB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;oBACzD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;oBACpD,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;YAED,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;YACxC,IAAI,GAAG,KAAK,CAAC;YAEb,OAAO,GAAG,CAAC;QACb,CAAC;QAED,EAAE,EAAE,CAAC,IAAI,CACP,GAAG,EAAE;YACH,QAAQ,EAAE,CAAC;QACb,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;YACN,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACxB,QAAQ,EAAE,CAAC;QACb,CAAC,CACF,CAAC;QAEF,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { NextFunction } from 'express';\n\n/**\n * The following function is based on code from `express-session`:\n *\n * https://github.com/expressjs/session/blob/1010fadc2f071ddf2add94235d72224cf65159c6/index.js#L246-L360\n *\n * This code is used to work around the fact that Express doesn't have a good\n * hook to allow us to perform some asynchronous operation before the response\n * is written to the client.\n *\n * Note that this is truly only necessary for Express. Other Node frameworks\n * like Fastify and Adonis have hooks that allow us to do this without any\n * hacks. It's also probably only useful in the context of Express, as it\n * seems to rely on the fact that Express and its ecosystem generally don't\n * call `end()` without an additional chunk of data. If it instead called\n * `write()` with the final data and then `end()` with no data, this code\n * wouldn't function as intended. It's possible that `stream.pipe(res)` does\n * in fact behave this way, so it's probably not completely safe to use this\n * code when streaming responses back to the client.\n *\n * One could probably make this safer by *also* hooking into `response.write()`\n * and buffering the data. My understanding of Node streams isn't good enough\n * to implement that, though.\n */\nexport function beforeEnd(res: any, next: NextFunction, fn: () => Promise<void>) {\n const _end = res.end as any;\n const _write = res.write as any;\n let ended = false;\n\n res.end = function end(chunk: any, encoding: any) {\n if (ended) {\n return false;\n }\n\n ended = true;\n\n let ret: any;\n let sync = true;\n\n function writeend() {\n if (sync) {\n ret = _end.call(res, chunk, encoding);\n sync = false;\n return;\n }\n\n _end.call(res);\n }\n\n function writetop() {\n if (!sync) {\n return ret;\n }\n\n if (!res._header) {\n res._implicitHeader();\n }\n\n if (chunk == null) {\n ret = true;\n return ret;\n }\n\n const contentLength = Number(res.getHeader('Content-Length'));\n\n if (!isNaN(contentLength) && contentLength > 0) {\n chunk = !Buffer.isBuffer(chunk) ? Buffer.from(chunk, encoding) : chunk;\n encoding = undefined;\n\n if (chunk.length !== 0) {\n ret = _write.call(res, chunk.slice(0, chunk.length - 1));\n chunk = chunk.slice(chunk.length - 1, chunk.length);\n return ret;\n }\n }\n\n ret = _write.call(res, chunk, encoding);\n sync = false;\n\n return ret;\n }\n\n fn().then(\n () => {\n writeend();\n },\n (err) => {\n setImmediate(next, err);\n writeend();\n },\n );\n\n return writetop();\n };\n}\n"]}
1
+ {"version":3,"file":"before-end.js","sourceRoot":"","sources":["../src/before-end.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,SAAS,CAAC,GAAQ,EAAE,IAAkB,EAAE,EAAuB;IAC7E,MAAM,IAAI,GAAG,GAAG,CAAC,GAAU,CAAC;IAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAY,CAAC;IAChC,IAAI,KAAK,GAAG,KAAK,CAAC;IAElB,GAAG,CAAC,GAAG,GAAG,SAAS,GAAG,CAAC,KAAU,EAAE,QAAa;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,GAAG,IAAI,CAAC;QAEb,IAAI,GAAQ,CAAC;QACb,IAAI,IAAI,GAAG,IAAI,CAAC;QAEhB,SAAS,QAAQ;YACf,IAAI,IAAI,EAAE,CAAC;gBACT,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;gBACtC,IAAI,GAAG,KAAK,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;QAED,SAAS,QAAQ;YACf,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,GAAG,CAAC;YACb,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,GAAG,CAAC,eAAe,EAAE,CAAC;YACxB,CAAC;YAED,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;gBAClB,GAAG,GAAG,IAAI,CAAC;gBACX,OAAO,GAAG,CAAC;YACb,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC;YAE9D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;gBACtD,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBACvE,QAAQ,GAAG,SAAS,CAAC;gBAErB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC3C,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxB,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;YAED,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;YACxC,IAAI,GAAG,KAAK,CAAC;YAEb,OAAO,GAAG,CAAC;QACb,CAAC;QAED,EAAE,EAAE,CAAC,IAAI,CACP,GAAG,EAAE;YACH,QAAQ,EAAE,CAAC;QACb,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;YACN,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACxB,QAAQ,EAAE,CAAC;QACb,CAAC,CACF,CAAC;QAEF,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { NextFunction } from 'express';\n\n/**\n * The following function is based on code from `express-session`:\n *\n * https://github.com/expressjs/session/blob/1010fadc2f071ddf2add94235d72224cf65159c6/index.js#L246-L360\n *\n * This code is used to work around the fact that Express doesn't have a good\n * hook to allow us to perform some asynchronous operation before the response\n * is written to the client.\n *\n * Note that this is truly only necessary for Express. Other Node frameworks\n * like Fastify and Adonis have hooks that allow us to do this without any\n * hacks. It's also probably only useful in the context of Express, as it\n * seems to rely on the fact that Express and its ecosystem generally don't\n * call `end()` without an additional chunk of data. If it instead called\n * `write()` with the final data and then `end()` with no data, this code\n * wouldn't function as intended. It's possible that `stream.pipe(res)` does\n * in fact behave this way, so it's probably not completely safe to use this\n * code when streaming responses back to the client.\n *\n * One could probably make this safer by *also* hooking into `response.write()`\n * and buffering the data. My understanding of Node streams isn't good enough\n * to implement that, though.\n */\nexport function beforeEnd(res: any, next: NextFunction, fn: () => Promise<void>) {\n const _end = res.end as any;\n const _write = res.write as any;\n let ended = false;\n\n res.end = function end(chunk: any, encoding: any) {\n if (ended) {\n return false;\n }\n\n ended = true;\n\n let ret: any;\n let sync = true;\n\n function writeend() {\n if (sync) {\n ret = _end.call(res, chunk, encoding);\n sync = false;\n return;\n }\n\n _end.call(res);\n }\n\n function writetop() {\n if (!sync) {\n return ret;\n }\n\n if (!res._header) {\n res._implicitHeader();\n }\n\n if (chunk == null) {\n ret = true;\n return ret;\n }\n\n const contentLength = Number(res.getHeader('Content-Length'));\n\n if (!Number.isNaN(contentLength) && contentLength > 0) {\n chunk = !Buffer.isBuffer(chunk) ? Buffer.from(chunk, encoding) : chunk;\n encoding = undefined;\n\n if (chunk.length > 0) {\n ret = _write.call(res, chunk.slice(0, -1));\n chunk = chunk.slice(-1);\n return ret;\n }\n }\n\n ret = _write.call(res, chunk, encoding);\n sync = false;\n\n return ret;\n }\n\n fn().then(\n () => {\n writeend();\n },\n (err) => {\n setImmediate(next, err);\n writeend();\n },\n );\n\n return writetop();\n };\n}\n"]}
package/dist/index.js CHANGED
@@ -74,7 +74,7 @@ export function createSessionMiddleware(options) {
74
74
  domain: options.cookie?.domain,
75
75
  sameSite: options.cookie?.sameSite ?? false,
76
76
  expires: req.session.getExpirationDate(),
77
- ...(options.cookie?.writeOverrides?.[i] ?? {}),
77
+ ...options.cookie?.writeOverrides?.[i],
78
78
  });
79
79
  });
80
80
  }
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzC,OAAO,YAAY,MAAM,uBAAuB,CAAC;AACjD,OAAO,SAAS,MAAM,YAAY,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAqB,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC5F,OAAO,EAEL,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,sBAAsB,GACvB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAqB,MAAM,YAAY,CAAC;AA4C/C,MAAM,mBAAmB,GAAG,SAAS,CAAC;AACtC,MAAM,sBAAsB,GAAG,QAAQ,CAAC,CAAC,QAAQ;AAEjD,MAAM,UAAU,uBAAuB,CAAC,OAAuB;IAC7D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,mBAAmB,CAAC;IAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,sBAAsB,CAAC;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE5B,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,MAAM,EAAE,cAAc,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,IACE,OAAO,CAAC,MAAM,EAAE,cAAc;QAC9B,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAChE,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,UAAU,iBAAiB,CAClD,GAAY,EACZ,GAAa,EACb,IAAkB;QAElB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,sBAAsB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,eAAe,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,CAAC;QACjE,GAAG,CAAC,OAAO,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,sBAAsB,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAE/D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE;YAClB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,eAAe,EAAE,CAAC;oBACpB,mEAAmE;oBACnE,+BAA+B;oBAC/B,EAAE;oBACF,qEAAqE;oBACrE,0EAA0E;oBAC1E,sEAAsE;oBACtE,uEAAuE;oBACvE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;wBACzC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;wBAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;wBACrF,IAAI,MAAM,EAAE,CAAC;4BACX,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;wBAClE,CAAC;oBACH,CAAC,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,CAAC;YAC/E,IAAI,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7C,iDAAiD;gBACjD,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;YACpF,MAAM,YAAY,GAAG,CAAC,eAAe,IAAI,eAAe,KAAK,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,MAAM,mBAAmB,GACvB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,YAAY,IAAI,mBAAmB,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1D,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;oBACzC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,eAAe,EAAE;wBACtC,MAAM,EAAE,YAAY;wBACpB,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;wBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM;wBAC9B,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,KAAK;wBAC3C,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE;wBACxC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;qBAC/C,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAE7B,KAAK,UAAU,cAAc,CAAC,GAAY;YACxC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;gBACrC,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,gBAAgB,GAAG,IAAI,CAAC;YAExB,sEAAsE;YACtE,gEAAgE;YAChE,EAAE;YACF,yEAAyE;YACzE,wEAAwE;YACxE,wEAAwE;YACxE,mDAAmD;YACnD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,YAAY,CAAC;YAC9D,MAAM,iBAAiB,GACrB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,WAAW,IAAI,iBAAiB,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,GAAG,CACb,GAAG,CAAC,OAAO,CAAC,EAAE,EACd,GAAG,CAAC,OAAO;gBACX,sEAAsE;gBACtE,oEAAoE;gBACpE,sBAAsB;gBACtB,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CACxD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,qDAAqD;QACrD,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;YAC9B,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,GAAG,CAAC,QAAe,CAAC;QAC7C,GAAG,CAAC,QAAQ,GAAG,SAAS,QAAQ,CAAC,GAAG,IAAW;YAC7C,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CACtB,GAAG,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,EACvC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB,EAAE,MAAc;IACtD,OAAO,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC","sourcesContent":["import cookie from 'cookie';\nimport signature from 'cookie-signature';\nimport type { NextFunction, Request, Response } from 'express';\nimport asyncHandler from 'express-async-handler';\nimport onHeaders from 'on-headers';\n\nimport { beforeEnd } from './before-end.js';\nimport { type CookieSecure, getSessionIdFromCookie, shouldSecureCookie } from './cookie.js';\nimport {\n type Session,\n generateSessionId,\n hashSession,\n loadSession,\n truncateExpirationDate,\n} from './session.js';\nimport { type SessionStore } from './store.js';\n\ndeclare global {\n // eslint-disable-next-line @typescript-eslint/no-namespace\n namespace Express {\n interface Request {\n session: Session;\n }\n }\n}\n\ninterface CookieOptions {\n secure?: CookieSecure;\n httpOnly?: boolean;\n domain?: string;\n sameSite?: boolean | 'none' | 'lax' | 'strict';\n maxAge?: number;\n}\n\nexport interface SessionOptions {\n secret: string | string[];\n store: SessionStore;\n cookie?: CookieOptions & {\n /**\n * The name of the session cookie. The session is always read from this\n * named cookie, but it may be written to multiple cookies if `writeNames`\n * is provided.\n */\n name?: string;\n /**\n * Multiple write names can be provided to allow for a session cookie to be\n * written to multiple names. This can be useful for a migration of a cookie\n * to an explicit subdomain, for example.\n */\n writeNames?: string[];\n /**\n * Used with `writeNames` to provide additional options for each written cookie.\n */\n writeOverrides?: Omit<CookieOptions, 'secure'>[];\n };\n}\n\nexport type { SessionStore };\n\nconst DEFAULT_COOKIE_NAME = 'session';\nconst DEFAULT_COOKIE_MAX_AGE = 86400000; // 1 day\n\nexport function createSessionMiddleware(options: SessionOptions) {\n const secrets = Array.isArray(options.secret) ? options.secret : [options.secret];\n const cookieName = options.cookie?.name ?? DEFAULT_COOKIE_NAME;\n const cookieMaxAge = options.cookie?.maxAge ?? DEFAULT_COOKIE_MAX_AGE;\n const store = options.store;\n\n // Ensure that the session cookie that we're reading from will be written to.\n const writeCookieNames = options.cookie?.writeNames ?? [cookieName];\n if (!writeCookieNames.includes(cookieName)) {\n throw new Error('cookie.name must be included in cookie.writeNames');\n }\n\n // Validate write overrides.\n if (options.cookie?.writeOverrides && !options.cookie.writeNames) {\n throw new Error('cookie.writeOverrides must be used with cookie.writeNames');\n }\n if (\n options.cookie?.writeOverrides &&\n options.cookie.writeOverrides.length !== writeCookieNames.length\n ) {\n throw new Error('cookie.writeOverrides must have the same length as cookie.writeNames');\n }\n\n return asyncHandler(async function sessionMiddleware(\n req: Request,\n res: Response,\n next: NextFunction,\n ) {\n const cookies = cookie.parse(req.headers.cookie ?? '');\n const sessionCookie = cookies[cookieName];\n const cookieSessionId = getSessionIdFromCookie(sessionCookie, secrets);\n const sessionId = cookieSessionId ?? (await generateSessionId());\n req.session = await loadSession(sessionId, req, store, cookieMaxAge);\n\n const originalHash = hashSession(req.session);\n const originalExpirationDate = req.session.getExpirationDate();\n\n onHeaders(res, () => {\n if (!req.session) {\n if (cookieSessionId) {\n // If the request arrived with a session cookie but the session was\n // destroyed, clear the cookie.\n //\n // To cover all our bases, we'll clear *all* known session cookies to\n // ensure that state sessions aren't left behind. We'll also send commands\n // to clear the cookies both on and off the explicit domain, to handle\n // the case where the application has moved from one domain to another.\n writeCookieNames.forEach((cookieName, i) => {\n res.clearCookie(cookieName);\n const domain = options.cookie?.writeOverrides?.[i]?.domain ?? options.cookie?.domain;\n if (domain) {\n res.clearCookie(cookieName, { domain: options.cookie?.domain });\n }\n });\n return;\n }\n\n // There is no session to do anything with.\n return;\n }\n\n const secureCookie = shouldSecureCookie(req, options.cookie?.secure ?? 'auto');\n if (secureCookie && req.protocol !== 'https') {\n // Avoid sending cookie over insecure connection.\n return;\n }\n\n // Ensure that all known session cookies are set to the same value.\n const hasAllCookies = writeCookieNames.every((cookieName) => !!cookies[cookieName]);\n const isNewSession = !cookieSessionId || cookieSessionId !== req.session.id;\n const didExpirationChange =\n originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n if (isNewSession || didExpirationChange || !hasAllCookies) {\n const signedSessionId = signSessionId(req.session.id, secrets[0]);\n writeCookieNames.forEach((cookieName, i) => {\n res.cookie(cookieName, signedSessionId, {\n secure: secureCookie,\n httpOnly: options.cookie?.httpOnly ?? true,\n domain: options.cookie?.domain,\n sameSite: options.cookie?.sameSite ?? false,\n expires: req.session.getExpirationDate(),\n ...(options.cookie?.writeOverrides?.[i] ?? {}),\n });\n });\n }\n });\n\n let sessionPersisted = false;\n\n async function persistSession(req: Request) {\n if (!req.session || sessionPersisted) {\n // There is no session to do anything with.\n return;\n }\n\n sessionPersisted = true;\n\n // If this is a new session, we would have already persisted it to the\n // store, so we don't need to take that into consideration here.\n //\n // If the hash of the session data changed, we'll unconditionally persist\n // the updated data to the store. However, if the hash didn't change, we\n // only want to persist it if the expiration changed *and* if we can set\n // a cookie to reflect the updated expiration date.\n const hashChanged = hashSession(req.session) !== originalHash;\n const expirationChanged =\n originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n if (hashChanged || expirationChanged) {\n await store.set(\n req.session.id,\n req.session,\n // Cookies only support second-level resolution. To ensure consistency\n // between the cookie and the store, truncate the expiration date to\n // the nearest second.\n truncateExpirationDate(req.session.getExpirationDate()),\n );\n }\n }\n\n // We'll attempt to persist the session at the end of the request. This\n // hacky strategy is borrowed from `express-session`.\n beforeEnd(res, next, async () => {\n await persistSession(req);\n });\n\n // We'll also attempt to persist the session before performing a redirect.\n // This is necessary because browsers and `fetch()` implementations aren't\n // required to wait for a response body to be received before following a\n // redirect. So, we need to make sure that the session is persisted before\n // we send the redirect response. This way, the subsequent GET will be able\n // to load the latest session data.\n const originalRedirect = res.redirect as any;\n res.redirect = function redirect(...args: any[]) {\n persistSession(req).then(\n () => originalRedirect.apply(res, args),\n (err) => next(err),\n );\n };\n\n next();\n });\n}\n\nfunction signSessionId(sessionId: string, secret: string): string {\n return signature.sign(sessionId, secret);\n}\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzC,OAAO,YAAY,MAAM,uBAAuB,CAAC;AACjD,OAAO,SAAS,MAAM,YAAY,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAqB,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC5F,OAAO,EAEL,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,sBAAsB,GACvB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAqB,MAAM,YAAY,CAAC;AA4C/C,MAAM,mBAAmB,GAAG,SAAS,CAAC;AACtC,MAAM,sBAAsB,GAAG,QAAQ,CAAC,CAAC,QAAQ;AAEjD,MAAM,UAAU,uBAAuB,CAAC,OAAuB;IAC7D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,mBAAmB,CAAC;IAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,sBAAsB,CAAC;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE5B,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,MAAM,EAAE,cAAc,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,IACE,OAAO,CAAC,MAAM,EAAE,cAAc;QAC9B,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAChE,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,UAAU,iBAAiB,CAClD,GAAY,EACZ,GAAa,EACb,IAAkB;QAElB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,sBAAsB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,eAAe,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,CAAC;QACjE,GAAG,CAAC,OAAO,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,sBAAsB,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAE/D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE;YAClB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,eAAe,EAAE,CAAC;oBACpB,mEAAmE;oBACnE,+BAA+B;oBAC/B,EAAE;oBACF,qEAAqE;oBACrE,0EAA0E;oBAC1E,sEAAsE;oBACtE,uEAAuE;oBACvE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;wBACzC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;wBAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;wBACrF,IAAI,MAAM,EAAE,CAAC;4BACX,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;wBAClE,CAAC;oBACH,CAAC,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,CAAC;YAC/E,IAAI,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7C,iDAAiD;gBACjD,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;YACpF,MAAM,YAAY,GAAG,CAAC,eAAe,IAAI,eAAe,KAAK,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,MAAM,mBAAmB,GACvB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,YAAY,IAAI,mBAAmB,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1D,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;oBACzC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,eAAe,EAAE;wBACtC,MAAM,EAAE,YAAY;wBACpB,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;wBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM;wBAC9B,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,KAAK;wBAC3C,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE;wBACxC,GAAG,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;qBACvC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAE7B,KAAK,UAAU,cAAc,CAAC,GAAY;YACxC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;gBACrC,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,gBAAgB,GAAG,IAAI,CAAC;YAExB,sEAAsE;YACtE,gEAAgE;YAChE,EAAE;YACF,yEAAyE;YACzE,wEAAwE;YACxE,wEAAwE;YACxE,mDAAmD;YACnD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,YAAY,CAAC;YAC9D,MAAM,iBAAiB,GACrB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,WAAW,IAAI,iBAAiB,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,GAAG,CACb,GAAG,CAAC,OAAO,CAAC,EAAE,EACd,GAAG,CAAC,OAAO;gBACX,sEAAsE;gBACtE,oEAAoE;gBACpE,sBAAsB;gBACtB,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CACxD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,qDAAqD;QACrD,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;YAC9B,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,GAAG,CAAC,QAAe,CAAC;QAC7C,GAAG,CAAC,QAAQ,GAAG,SAAS,QAAQ,CAAC,GAAG,IAAW;YAC7C,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CACtB,GAAG,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,EACvC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB,EAAE,MAAc;IACtD,OAAO,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC","sourcesContent":["import cookie from 'cookie';\nimport signature from 'cookie-signature';\nimport type { NextFunction, Request, Response } from 'express';\nimport asyncHandler from 'express-async-handler';\nimport onHeaders from 'on-headers';\n\nimport { beforeEnd } from './before-end.js';\nimport { type CookieSecure, getSessionIdFromCookie, shouldSecureCookie } from './cookie.js';\nimport {\n type Session,\n generateSessionId,\n hashSession,\n loadSession,\n truncateExpirationDate,\n} from './session.js';\nimport { type SessionStore } from './store.js';\n\ndeclare global {\n // eslint-disable-next-line @typescript-eslint/no-namespace\n namespace Express {\n interface Request {\n session: Session;\n }\n }\n}\n\ninterface CookieOptions {\n secure?: CookieSecure;\n httpOnly?: boolean;\n domain?: string;\n sameSite?: boolean | 'none' | 'lax' | 'strict';\n maxAge?: number;\n}\n\nexport interface SessionOptions {\n secret: string | string[];\n store: SessionStore;\n cookie?: CookieOptions & {\n /**\n * The name of the session cookie. The session is always read from this\n * named cookie, but it may be written to multiple cookies if `writeNames`\n * is provided.\n */\n name?: string;\n /**\n * Multiple write names can be provided to allow for a session cookie to be\n * written to multiple names. This can be useful for a migration of a cookie\n * to an explicit subdomain, for example.\n */\n writeNames?: string[];\n /**\n * Used with `writeNames` to provide additional options for each written cookie.\n */\n writeOverrides?: Omit<CookieOptions, 'secure'>[];\n };\n}\n\nexport type { SessionStore };\n\nconst DEFAULT_COOKIE_NAME = 'session';\nconst DEFAULT_COOKIE_MAX_AGE = 86400000; // 1 day\n\nexport function createSessionMiddleware(options: SessionOptions) {\n const secrets = Array.isArray(options.secret) ? options.secret : [options.secret];\n const cookieName = options.cookie?.name ?? DEFAULT_COOKIE_NAME;\n const cookieMaxAge = options.cookie?.maxAge ?? DEFAULT_COOKIE_MAX_AGE;\n const store = options.store;\n\n // Ensure that the session cookie that we're reading from will be written to.\n const writeCookieNames = options.cookie?.writeNames ?? [cookieName];\n if (!writeCookieNames.includes(cookieName)) {\n throw new Error('cookie.name must be included in cookie.writeNames');\n }\n\n // Validate write overrides.\n if (options.cookie?.writeOverrides && !options.cookie.writeNames) {\n throw new Error('cookie.writeOverrides must be used with cookie.writeNames');\n }\n if (\n options.cookie?.writeOverrides &&\n options.cookie.writeOverrides.length !== writeCookieNames.length\n ) {\n throw new Error('cookie.writeOverrides must have the same length as cookie.writeNames');\n }\n\n return asyncHandler(async function sessionMiddleware(\n req: Request,\n res: Response,\n next: NextFunction,\n ) {\n const cookies = cookie.parse(req.headers.cookie ?? '');\n const sessionCookie = cookies[cookieName];\n const cookieSessionId = getSessionIdFromCookie(sessionCookie, secrets);\n const sessionId = cookieSessionId ?? (await generateSessionId());\n req.session = await loadSession(sessionId, req, store, cookieMaxAge);\n\n const originalHash = hashSession(req.session);\n const originalExpirationDate = req.session.getExpirationDate();\n\n onHeaders(res, () => {\n if (!req.session) {\n if (cookieSessionId) {\n // If the request arrived with a session cookie but the session was\n // destroyed, clear the cookie.\n //\n // To cover all our bases, we'll clear *all* known session cookies to\n // ensure that state sessions aren't left behind. We'll also send commands\n // to clear the cookies both on and off the explicit domain, to handle\n // the case where the application has moved from one domain to another.\n writeCookieNames.forEach((cookieName, i) => {\n res.clearCookie(cookieName);\n const domain = options.cookie?.writeOverrides?.[i]?.domain ?? options.cookie?.domain;\n if (domain) {\n res.clearCookie(cookieName, { domain: options.cookie?.domain });\n }\n });\n return;\n }\n\n // There is no session to do anything with.\n return;\n }\n\n const secureCookie = shouldSecureCookie(req, options.cookie?.secure ?? 'auto');\n if (secureCookie && req.protocol !== 'https') {\n // Avoid sending cookie over insecure connection.\n return;\n }\n\n // Ensure that all known session cookies are set to the same value.\n const hasAllCookies = writeCookieNames.every((cookieName) => !!cookies[cookieName]);\n const isNewSession = !cookieSessionId || cookieSessionId !== req.session.id;\n const didExpirationChange =\n originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n if (isNewSession || didExpirationChange || !hasAllCookies) {\n const signedSessionId = signSessionId(req.session.id, secrets[0]);\n writeCookieNames.forEach((cookieName, i) => {\n res.cookie(cookieName, signedSessionId, {\n secure: secureCookie,\n httpOnly: options.cookie?.httpOnly ?? true,\n domain: options.cookie?.domain,\n sameSite: options.cookie?.sameSite ?? false,\n expires: req.session.getExpirationDate(),\n ...options.cookie?.writeOverrides?.[i],\n });\n });\n }\n });\n\n let sessionPersisted = false;\n\n async function persistSession(req: Request) {\n if (!req.session || sessionPersisted) {\n // There is no session to do anything with.\n return;\n }\n\n sessionPersisted = true;\n\n // If this is a new session, we would have already persisted it to the\n // store, so we don't need to take that into consideration here.\n //\n // If the hash of the session data changed, we'll unconditionally persist\n // the updated data to the store. However, if the hash didn't change, we\n // only want to persist it if the expiration changed *and* if we can set\n // a cookie to reflect the updated expiration date.\n const hashChanged = hashSession(req.session) !== originalHash;\n const expirationChanged =\n originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n if (hashChanged || expirationChanged) {\n await store.set(\n req.session.id,\n req.session,\n // Cookies only support second-level resolution. To ensure consistency\n // between the cookie and the store, truncate the expiration date to\n // the nearest second.\n truncateExpirationDate(req.session.getExpirationDate()),\n );\n }\n }\n\n // We'll attempt to persist the session at the end of the request. This\n // hacky strategy is borrowed from `express-session`.\n beforeEnd(res, next, async () => {\n await persistSession(req);\n });\n\n // We'll also attempt to persist the session before performing a redirect.\n // This is necessary because browsers and `fetch()` implementations aren't\n // required to wait for a response body to be received before following a\n // redirect. So, we need to make sure that the session is persisted before\n // we send the redirect response. This way, the subsequent GET will be able\n // to load the latest session data.\n const originalRedirect = res.redirect as any;\n res.redirect = function redirect(...args: any[]) {\n persistSession(req).then(\n () => originalRedirect.apply(res, args),\n (err) => next(err),\n );\n };\n\n next();\n });\n}\n\nfunction signSessionId(sessionId: string, secret: string): string {\n return signature.sign(sessionId, secret);\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@prairielearn/session",
3
- "version": "3.0.20",
3
+ "version": "3.0.21",
4
4
  "type": "module",
5
5
  "repository": {
6
6
  "type": "git",
@@ -22,11 +22,11 @@
22
22
  "uid-safe": "^2.1.5"
23
23
  },
24
24
  "devDependencies": {
25
- "@prairielearn/express-test-utils": "^2.0.2",
25
+ "@prairielearn/express-test-utils": "^2.0.3",
26
26
  "@prairielearn/tsconfig": "^0.0.0",
27
27
  "@types/cookie": "^0.6.0",
28
28
  "@types/cookie-signature": "^1.1.2",
29
- "@types/node": "^22.17.0",
29
+ "@types/node": "^22.18.0",
30
30
  "@types/node-fetch": "^2.6.13",
31
31
  "@types/on-headers": "^1.0.4",
32
32
  "@types/set-cookie-parser": "^2.4.10",
@@ -37,7 +37,7 @@
37
37
  "node-fetch": "^3.3.2",
38
38
  "set-cookie-parser": "^2.7.1",
39
39
  "source-map-support": "^0.5.21",
40
- "tsx": "^4.20.3",
40
+ "tsx": "^4.20.5",
41
41
  "typescript": "^5.9.2",
42
42
  "vitest": "^3.2.4"
43
43
  }
package/src/before-end.ts CHANGED
@@ -64,13 +64,13 @@ export function beforeEnd(res: any, next: NextFunction, fn: () => Promise<void>)
64
64
 
65
65
  const contentLength = Number(res.getHeader('Content-Length'));
66
66
 
67
- if (!isNaN(contentLength) && contentLength > 0) {
67
+ if (!Number.isNaN(contentLength) && contentLength > 0) {
68
68
  chunk = !Buffer.isBuffer(chunk) ? Buffer.from(chunk, encoding) : chunk;
69
69
  encoding = undefined;
70
70
 
71
- if (chunk.length !== 0) {
72
- ret = _write.call(res, chunk.slice(0, chunk.length - 1));
73
- chunk = chunk.slice(chunk.length - 1, chunk.length);
71
+ if (chunk.length > 0) {
72
+ ret = _write.call(res, chunk.slice(0, -1));
73
+ chunk = chunk.slice(-1);
74
74
  return ret;
75
75
  }
76
76
  }
package/src/index.ts CHANGED
@@ -141,7 +141,7 @@ export function createSessionMiddleware(options: SessionOptions) {
141
141
  domain: options.cookie?.domain,
142
142
  sameSite: options.cookie?.sameSite ?? false,
143
143
  expires: req.session.getExpirationDate(),
144
- ...(options.cookie?.writeOverrides?.[i] ?? {}),
144
+ ...options.cookie?.writeOverrides?.[i],
145
145
  });
146
146
  });
147
147
  }