@travetto/auth-session 6.0.0-rc.0 → 6.0.0-rc.2

package/README.md

@@ -13,11 +13,11 @@ npm install @travetto/auth-session
 yarn add @travetto/auth-session
 ```
 
-This is a module that adds session support to the [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") framework, via [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") storage.  The concept here, is that the [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") module provides the solid foundation for ensuring authentication to the system, and transitively to the session data. The [Principal](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L8) provides a session identifier, which refers to a unique authentication session.  Each login will produce a novel session id.  This id provides the contract between [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") and[Auth Session](https://github.com/travetto/travetto/tree/main/module/auth-session#readme "Session provider for the travetto auth module.").  
+This is a module that adds session support to the [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") framework, via [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") storage.  The concept here, is that the [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") module provides the solid foundation for ensuring authentication to the system, and transitively to the session data. The [Principal](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L7) provides a session identifier, which refers to a unique authentication session.  Each login will produce a novel session id.  This id provides the contract between [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") and[Auth Session](https://github.com/travetto/travetto/tree/main/module/auth-session#readme "Session provider for the travetto auth module.").  
 
-This session identifier, is then used when retrieving data from [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") storage. This storage mechanism is not tied to a request/response model, but the [Rest Auth Session](https://github.com/travetto/travetto/tree/main/module/auth-rest-session#readme "Rest authentication session integration support for the Travetto framework") does provide a natural integration with the [RESTful API](https://github.com/travetto/travetto/tree/main/module/rest#readme "Declarative api for RESTful APIs with support for the dependency injection module.") module.   
+This session identifier, is then used when retrieving data from [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") storage. This storage mechanism is not tied to a request/response model, but the [Web Auth Session](https://github.com/travetto/travetto/tree/main/module/auth-web-session#readme "Web authentication session integration support for the Travetto framework") does provide a natural integration with the [Web API](https://github.com/travetto/travetto/tree/main/module/web#readme "Declarative api for Web Applications with support for the dependency injection.") module.   
 
-Within the framework the sessions are stored against any [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") implementation that provides [ModelExpirySupport](https://github.com/travetto/travetto/tree/main/module/model/src/service/expiry.ts), as the data needs to be able to be expired appropriately.  The list of supported model providers are:
+Within the framework the sessions are stored against any [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") implementation that provides [ModelExpirySupport](https://github.com/travetto/travetto/tree/main/module/model/src/types/expiry.ts#L10), as the data needs to be able to be expired appropriately.  The list of supported model providers are:
    *  [Redis Model Support](https://github.com/travetto/travetto/tree/main/module/model-redis#readme "Redis backing for the travetto model module.")
    *  [MongoDB Model Support](https://github.com/travetto/travetto/tree/main/module/model-mongo#readme "Mongo backing for the travetto model module.")
    *  [S3 Model Support](https://github.com/travetto/travetto/tree/main/module/model-s3#readme "S3 backing for the travetto model module.")
@@ -25,31 +25,32 @@ Within the framework the sessions are stored against any [Data Modeling Support]
    *  [Elasticsearch Model Source](https://github.com/travetto/travetto/tree/main/module/model-elasticsearch#readme "Elasticsearch backing for the travetto model module, with real-time modeling support for Elasticsearch mappings.")
    *  [File Model Support](https://github.com/travetto/travetto/tree/main/module/model-file#readme "File system backing for the travetto model module.")
    *  [Memory Model Support](https://github.com/travetto/travetto/tree/main/module/model-memory#readme "Memory backing for the travetto model module.")
-While the expiry is not necessarily a hard requirement, the implementation without it can be quite messy.  To that end, the ability to add [ModelExpirySupport](https://github.com/travetto/travetto/tree/main/module/model/src/service/expiry.ts) to the model provider would be the natural extension point if more expiry support is needed.
+While the expiry is not necessarily a hard requirement, the implementation without it can be quite messy.  To that end, the ability to add [ModelExpirySupport](https://github.com/travetto/travetto/tree/main/module/model/src/types/expiry.ts#L10) to the model provider would be the natural extension point if more expiry support is needed.
 
 **Code: Sample usage of Session Service**
 ```typescript
-class RestSessionConfig implements ManagedInterceptorConfig { }
+export class AuthSessionInterceptor implements WebInterceptor {
 
-/**
- * Loads session, and provides ability to create session as needed, persists when complete.
- */
-@Injectable()
-export class AuthSessionInterceptor implements RestInterceptor {
-
-  dependsOn: Class<RestInterceptor>[] = [AuthContextInterceptor];
-  runsBefore: Class<RestInterceptor>[] = [];
+  category: WebInterceptorCategory = 'application';
+  dependsOn = [AuthContextInterceptor];
 
   @Inject()
   service: SessionService;
 
   @Inject()
-  config: RestSessionConfig;
+  context: SessionContext;
+
+  @Inject()
+  webAsyncContext: WebAsyncContext;
+
+  postConstruct(): void {
+    this.webAsyncContext.registerSource(toConcrete<Session>(), () => this.context.get(true));
+    this.webAsyncContext.registerSource(toConcrete<SessionData>(), () => this.context.get(true).data);
+  }
 
-  async intercept(ctx: FilterContext, next: FilterNext): Promise<unknown> {
+  async filter({ next }: WebChainedContext): Promise<WebResponse> {
     try {
       await this.service.load();
-      Object.defineProperty(ctx.req, 'session', { get: () => this.service.getOrCreate() });
       return await next();
     } finally {
       await this.service.persist();
@@ -58,7 +59,7 @@ export class AuthSessionInterceptor implements RestInterceptor {
 }
 ```
 
-The [SessionService](https://github.com/travetto/travetto/tree/main/module/auth-session/src/service.ts#L16) provides the basic integration with the [AuthContext](https://github.com/travetto/travetto/tree/main/module/auth/src/context.ts#L16) to authenticate and isolate session data.  The usage is fairly simple, but the import pattern to follow is:
+The [SessionService](https://github.com/travetto/travetto/tree/main/module/auth-session/src/service.ts#L14) provides the basic integration with the [AuthContext](https://github.com/travetto/travetto/tree/main/module/auth/src/context.ts#L14) to authenticate and isolate session data.  The usage is fairly simple, but the import pattern to follow is:
    *  load
    *  read/modify
    *  persist

package/__index__.ts

@@ -1,3 +1,4 @@
-export * from './src/service';
-export * from './src/model';
-export * from './src/session';
+export * from './src/service.ts';
+export * from './src/context.ts';
+export * from './src/model.ts';
+export * from './src/session.ts';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/auth-session",
-  "version": "6.0.0-rc.0",
+  "version": "6.0.0-rc.2",
   "description": "Session provider for the travetto auth module.",
   "keywords": [
     "auth",
@@ -25,12 +25,12 @@
     "directory": "module/auth-session"
   },
   "dependencies": {
-    "@travetto/auth": "^6.0.0-rc.0",
-    "@travetto/config": "^6.0.0-rc.0",
-    "@travetto/model": "^6.0.0-rc.0"
+    "@travetto/auth": "^6.0.0-rc.2",
+    "@travetto/config": "^6.0.0-rc.2",
+    "@travetto/model": "^6.0.0-rc.2"
   },
   "peerDependencies": {
-    "@travetto/test": "^6.0.0-rc.0"
+    "@travetto/test": "^6.0.0-rc.2"
   },
   "peerDependenciesMeta": {
     "@travetto/test": {

package/src/context.ts

@@ -0,0 +1,62 @@
+import { Injectable, Inject } from '@travetto/di';
+import { AsyncContext, AsyncContextValue } from '@travetto/context';
+import { AuthContext, AuthenticationError } from '@travetto/auth';
+
+import { Session } from './session.ts';
+
+/**
+ * Session context, injectable wherever needed
+ */
+@Injectable()
+export class SessionContext {
+
+  @Inject()
+  context: AsyncContext;
+
+  @Inject()
+  authContext: AuthContext;
+
+  #value = new AsyncContextValue<Session>(this, { failIfUnbound: { write: true } });
+
+  #create(): Session {
+    const principal = this.authContext.principal;
+    if (!principal) {
+      throw new AuthenticationError('Unable to establish session without first authenticating');
+    }
+    return new Session({
+      id: principal.sessionId,
+      expiresAt: principal.expiresAt,
+      issuedAt: principal.issuedAt,
+      action: 'create',
+      data: {},
+    });
+  }
+
+  /**
+   * Get session if defined
+   */
+  get(createIfMissing: true): Session;
+  get(): Session | undefined;
+  get(createIfMissing?: boolean): Session | undefined {
+    let val = this.#value.get();
+    if (!val && createIfMissing) {
+      this.set(val = this.#create());
+    }
+    return val;
+  }
+
+  /**
+   * Set the session state directly
+   */
+  set(session: Session | undefined): void {
+    this.#value.set(session);
+  }
+
+  /**
+   * Destroy
+   */
+  destroy(): void {
+    this.get()?.destroy();
+    this.set(undefined);
+  }
+}

package/src/service.ts

@@ -1,22 +1,20 @@
 import { Injectable, Inject } from '@travetto/di';
-import { isStorageSupported } from '@travetto/model/src/internal/service/common';
 import { Runtime, Util } from '@travetto/runtime';
-import { ModelExpirySupport, NotFoundError } from '@travetto/model';
-import { AsyncContext, AsyncContextValue } from '@travetto/context';
-import { AuthContext, AuthenticationError, AuthService } from '@travetto/auth';
+import { ModelExpirySupport, NotFoundError, ModelStorageUtil } from '@travetto/model';
+import { AuthContext, AuthService } from '@travetto/auth';
 
-import { Session } from './session';
-import { SessionEntry, SessionModelSymbol } from './model';
+import { Session } from './session.ts';
+import { SessionEntry, SessionModelSymbol } from './model.ts';
+import { SessionContext } from './context.ts';
 
 /**
- * Rest service for supporting the session and managing the session state
- * during the normal lifecycle of requests.
+ * Service for supporting the session and managing the session state
  */
 @Injectable()
 export class SessionService {
 
   @Inject()
-  context: AsyncContext;
+  context: SessionContext;
 
   @Inject()
   authContext: AuthContext;
@@ -26,24 +24,15 @@ export class SessionService {
 
   #modelService: ModelExpirySupport;
 
-  #session = new AsyncContextValue<Session>(this);
-
   constructor(@Inject(SessionModelSymbol) service: ModelExpirySupport) {
     this.#modelService = service;
   }
 
-  /**
-   * Disconnect active session
-   */
-  clear(): void {
-    this.#session.set(undefined);
-  }
-
   /**
    * Initialize service if none defined
    */
   async postConstruct(): Promise<void> {
-    if (isStorageSupported(this.#modelService) && Runtime.dynamic) {
+    if (ModelStorageUtil.isSupported(this.#modelService) && Runtime.dynamic) {
       await this.#modelService.createModel?.(SessionEntry);
     }
   }
@@ -79,7 +68,7 @@ export class SessionService {
    * Persist session
    */
   async persist(): Promise<void> {
-    const session = this.#session.get();
+    const session = this.context.get();
 
     // If missing or new and no data
     if (!session || (session.action === 'create' && session.isEmpty())) {
@@ -110,48 +99,15 @@ export class SessionService {
   }
 
   /**
-   * Get or recreate session
-   */
-  getOrCreate(): Session {
-    const principal = this.authContext.principal;
-    if (!principal) {
-      throw new AuthenticationError('Unable to establish session without first authenticating');
-    }
-    const existing = this.#session.get();
-    const val = (existing?.action === 'destroy' ? undefined : existing) ??
-      new Session({
-        id: principal.sessionId,
-        expiresAt: principal.expiresAt,
-        issuedAt: principal.issuedAt,
-        action: 'create',
-        data: {},
-      });
-    this.#session.set(val);
-    return val;
-  }
-
-  /**
-   * Get session if defined
-   */
-  get(): Session | undefined {
-    return this.#session.get();
-  }
-
-  /**
-   * Load from request
+   * Load from principal
    */
   async load(): Promise<Session | undefined> {
-    if (!this.#session.get()) {
+    if (!this.context.get()) {
       const principal = this.authContext.principal;
       if (principal?.sessionId) {
-        this.#session.set(await this.#load(principal.sessionId));
+        this.context.set(await this.#load(principal.sessionId));
       }
     }
-    return this.#session.get();
-  }
-
-  destroy(): void {
-    this.get()?.destroy();
-    this.clear();
+    return this.context.get();
   }
 }

package/src/session.ts

@@ -1,14 +1,12 @@
 import { AnyMap, castKey, castTo } from '@travetto/runtime';
 
 /**
- * @concrete ./internal/types#SessionDataTarget
- * @augments `@travetto/rest:Context`
+ * @concrete
  */
 export interface SessionData extends AnyMap { }
 
 /**
  * Full session object, with metadata
- * @augments `@travetto/rest:Context`
  */
 export class Session<T extends SessionData = SessionData> {
   /**

package/support/test/server.ts

@@ -2,17 +2,16 @@ import assert from 'node:assert';
 
 import { Suite, Test } from '@travetto/test';
 import { Inject } from '@travetto/di';
-import { SessionService } from '@travetto/auth-session';
+import { SessionContext, SessionService } from '@travetto/auth-session';
 import { AuthContext, AuthenticationError } from '@travetto/auth';
 import { AsyncContext, WithAsyncContext } from '@travetto/context';
 import { Util } from '@travetto/runtime';
 
-import { InjectableSuite } from '@travetto/di/support/test/suite';
-import { BaseRestSuite } from '@travetto/rest/support/test/base';
+import { InjectableSuite } from '@travetto/di/support/test/suite.ts';
 
 @Suite()
 @InjectableSuite()
-export abstract class AuthSessionServerSuite extends BaseRestSuite {
+export abstract class AuthSessionServerSuite {
 
   timeScale = 1;
 
@@ -22,33 +21,34 @@ export abstract class AuthSessionServerSuite extends BaseRestSuite {
   @Inject()
   session: SessionService;
 
+  @Inject()
+  sessionContext: SessionContext;
+
   @Inject()
   context: AsyncContext;
 
   @WithAsyncContext()
   @Test()
   async testSessionEstablishment() {
-    await this.auth.init();
-
     this.auth.principal = {
       id: 'orange',
       details: {},
       sessionId: Util.uuid()
     };
 
-    assert(this.session.get() === undefined);
+    assert(this.sessionContext.get() === undefined);
     assert(await this.session.load() === undefined);
 
-    const sess = this.session.getOrCreate();
-    assert(sess.id === this.auth.principal.sessionId);
-    sess.data = { name: 'bob' };
+    const session = this.sessionContext.get(true);
+    assert(session.id === this.auth.principal.sessionId);
+    session.data = { name: 'bob' };
     await this.session.persist();
 
-    this.session.clear(); // Disconnect
+    this.sessionContext.set(undefined); // Disconnect
 
     assert(await this.session.load() !== undefined);
-    const sess2 = this.session.getOrCreate();
-    assert(sess2.data?.name === 'bob');
+    const session2 = this.sessionContext.get(true);
+    assert(session2.data?.name === 'bob');
 
     this.auth.principal = {
       id: 'orange',
@@ -56,17 +56,17 @@ export abstract class AuthSessionServerSuite extends BaseRestSuite {
       sessionId: Util.uuid()
     };
 
-    this.session.clear(); // Disconnect
+    this.sessionContext.set(undefined); // Disconnect
 
     assert(await this.session.load() === undefined);
-    const sess3 = this.session.getOrCreate();
-    assert.deepStrictEqual(sess3.data, {});
+    const session3 = this.sessionContext.get(true);
+    assert.deepStrictEqual(session3.data, {});
   }
 
   @WithAsyncContext()
   @Test()
   async testUnauthenticatedSession() {
-    await assert.throws(() => this.session.getOrCreate(), AuthenticationError);
+    await assert.throws(() => this.sessionContext.get(true), AuthenticationError);
 
   }
 }

package/src/internal/types.ts

@@ -1,4 +0,0 @@
-/**
- * Session data, will basically be a key/value map
- */
-export class SessionDataTarget { }