@thi.ng/server 0.10.4 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +7 -1
  2. package/README.md +2 -2
  3. package/package.json +16 -16
  4. package/session/session.d.ts +6 -0
  5. package/session/session.js +13 -4
package/CHANGELOG.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Change Log
2
2
 
3
- - **Last updated**: 2025-05-28T12:02:40Z
3
+ - **Last updated**: 2025-06-09T17:24:08Z
4
4
  - **Generator**: [thi.ng/monopub](https://thi.ng/monopub)
5
5
 
6
6
  All notable changes to this project will be documented in this file.
@@ -11,6 +11,12 @@ See [Conventional Commits](https://conventionalcommits.org/) for commit guidelin
11
11
  **Note:** Unlisted _patch_ versions only involve non-code or otherwise excluded changes
12
12
  and/or version bumps of transitive dependencies.
13
13
 
14
+ ## [0.11.0](https://github.com/thi-ng/umbrella/tree/@thi.ng/server@0.11.0) (2025-06-05)
15
+
16
+ #### 🚀 Features
17
+
18
+ - force expire session cookie if invalid session ([ac6c208](https://github.com/thi-ng/umbrella/commit/ac6c208))
19
+
14
20
  ## [0.10.0](https://github.com/thi-ng/umbrella/tree/@thi.ng/server@0.10.0) (2025-04-16)
15
21
 
16
22
  #### 🚀 Features
package/README.md CHANGED
@@ -7,7 +7,7 @@
7
7
  [![Mastodon Follow](https://img.shields.io/mastodon/follow/109331703950160316?domain=https%3A%2F%2Fmastodon.thi.ng&style=social)](https://mastodon.thi.ng/@toxi)
8
8
 
9
9
  > [!NOTE]
10
- > This is one of 208 standalone projects, maintained as part
10
+ > This is one of 209 standalone projects, maintained as part
11
11
  > of the [@thi.ng/umbrella](https://github.com/thi-ng/umbrella/) monorepo
12
12
  > and anti-framework.
13
13
  >
@@ -164,7 +164,7 @@ For Node.js REPL:
164
164
  const ser = await import("@thi.ng/server");
165
165
  ```
166
166
 
167
- Package sizes (brotli'd, pre-treeshake): ESM: 6.27 KB
167
+ Package sizes (brotli'd, pre-treeshake): ESM: 6.32 KB
168
168
 
169
169
  ## Dependencies
170
170
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thi.ng/server",
3
- "version": "0.10.4",
3
+ "version": "0.11.1",
4
4
  "description": "Minimal HTTP server with declarative routing, static file serving and freely extensible via pre/post interceptors",
5
5
  "type": "module",
6
6
  "module": "./index.js",
@@ -39,20 +39,20 @@
39
39
  "tool:tangle": "../../node_modules/.bin/tangle src/**/*.ts"
40
40
  },
41
41
  "dependencies": {
42
- "@thi.ng/api": "^8.11.28",
43
- "@thi.ng/arrays": "^2.11.1",
44
- "@thi.ng/cache": "^2.3.33",
45
- "@thi.ng/checks": "^3.7.8",
46
- "@thi.ng/errors": "^2.5.34",
47
- "@thi.ng/file-io": "^2.1.37",
48
- "@thi.ng/leaky-bucket": "^0.2.6",
49
- "@thi.ng/logger": "^3.1.9",
50
- "@thi.ng/mime": "^2.7.10",
51
- "@thi.ng/paths": "^5.2.11",
52
- "@thi.ng/router": "^4.1.30",
53
- "@thi.ng/strings": "^3.9.13",
54
- "@thi.ng/timestamp": "^1.1.13",
55
- "@thi.ng/uuid": "^1.1.25"
42
+ "@thi.ng/api": "^8.11.29",
43
+ "@thi.ng/arrays": "^2.11.2",
44
+ "@thi.ng/cache": "^2.3.34",
45
+ "@thi.ng/checks": "^3.7.9",
46
+ "@thi.ng/errors": "^2.5.35",
47
+ "@thi.ng/file-io": "^2.1.38",
48
+ "@thi.ng/leaky-bucket": "^0.2.7",
49
+ "@thi.ng/logger": "^3.1.10",
50
+ "@thi.ng/mime": "^2.7.11",
51
+ "@thi.ng/paths": "^5.2.12",
52
+ "@thi.ng/router": "^4.1.31",
53
+ "@thi.ng/strings": "^3.9.14",
54
+ "@thi.ng/timestamp": "^1.1.14",
55
+ "@thi.ng/uuid": "^1.1.26"
56
56
  },
57
57
  "devDependencies": {
58
58
  "@types/node": "^22.15.21",
@@ -167,5 +167,5 @@
167
167
  "status": "alpha",
168
168
  "year": 2024
169
169
  },
170
- "gitHead": "61c3833b7ef7d044621454b5ea4af885d39f065e\n"
170
+ "gitHead": "93cdcd8db4d4669561a7f0ebc47697bdbfd04214\n"
171
171
  }
package/session/session.d.ts CHANGED
@@ -87,6 +87,12 @@ export declare class SessionInterceptor<CTX extends RequestCtx = RequestCtx, SES
87
87
  replaceSession(ctx: CTX): Promise<SESSION | undefined>;
88
88
  withSession(res: ServerResponse, session: SESSION): ServerResponse<import("http").IncomingMessage>;
89
89
  validateSession(cookie: string): Promise<SESSION | undefined>;
90
+ /**
91
+ * Appends `set-cookie` header which forces immediate expiry of session cookie.
92
+ *
93
+ * @param ctx
94
+ */
95
+ expireCookie(ctx: CTX): void;
90
96
  }
91
97
  /**
92
98
  * Factory function to create a new {@link SessionInterceptor} instance
package/session/session.js CHANGED
@@ -29,6 +29,7 @@ class SessionInterceptor {
29
29
  if (cookie) {
30
30
  session = await this.validateSession(cookie);
31
31
  if (!session) {
32
+ this.expireCookie(ctx);
32
33
  ctx.res.forbidden();
33
34
  return false;
34
35
  }
@@ -56,10 +57,7 @@ class SessionInterceptor {
56
57
  if (await this.store.delete(sessionID)) {
57
58
  ctx.logger.info("delete session:", sessionID);
58
59
  ctx.session = void 0;
59
- ctx.res.appendHeader(
60
- "set-cookie",
61
- `${this.cookieName}=;Expires=Thu, 01 Jan 1970 00:00:00 GMT;${this.cookieOpts}`
62
- );
60
+ this.expireCookie(ctx);
63
61
  }
64
62
  }
65
63
  /**
@@ -117,6 +115,17 @@ class SessionInterceptor {
117
115
  const sameLength = actual.length === expected.length;
118
116
  return timingSafeEqual(sameLength ? actual : expected, expected) && sameLength ? session : void 0;
119
117
  }
118
+ /**
119
+ * Appends `set-cookie` header which forces immediate expiry of session cookie.
120
+ *
121
+ * @param ctx
122
+ */
123
+ expireCookie(ctx) {
124
+ ctx.res.appendHeader(
125
+ "set-cookie",
126
+ `${this.cookieName}=;Expires=Thu, 01 Jan 1970 00:00:00 GMT;${this.cookieOpts}`
127
+ );
128
+ }
120
129
  }
121
130
  const sessionInterceptor = (opts) => new SessionInterceptor(opts);
122
131
  const createSession = (ctx) => ({