adapt-authoring-sessions 0.0.1

package/.eslintignore

@@ -0,0 +1 @@
+node_modules

package/.eslintrc

@@ -0,0 +1,14 @@
+{
+  "env": {
+      "browser": false,
+      "node": true,
+      "commonjs": false,
+      "es2020": true
+  },
+  "extends": [
+      "standard"
+  ],
+  "parserOptions": {
+      "ecmaVersion": 2020
+  }
+}

package/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,55 @@
+name: Bug Report
+description: File a bug report
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: description
+    attributes:
+      label: What happened?
+      description: Please describe the issue
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behaviour
+      description: Tell us what should have happened
+  - type: textarea
+    id: repro-steps
+    attributes:
+      label: Steps to reproduce
+      description: Tell us how to reproduce the issue
+    validations:
+      required: true
+  - type: input
+    id: aat-version
+    attributes:
+      label: Authoring tool version
+      description: What version of the Adapt authoring tool are you running?
+    validations:
+      required: true
+  - type: input
+    id: fw-version
+    attributes:
+      label: Framework version
+      description: What version of the Adapt framework are you running?
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: What browsers are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: sh

package/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

package/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,22 @@
+name: Feature request
+description: Request a new feature
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to request a new feature in the Adapt authoring tool! The Adapt team will consider all new feature requests, but unfortunately cannot commit to every one.
+  - type: textarea
+    id: description
+    attributes:
+      label: Feature description
+      description: Please describe your feature request
+    validations:
+      required: true
+  - type: checkboxes
+    id: contribute
+    attributes:
+      label: Can you work on this feature?
+      description: If you are able to commit your own time to work on this feature, it will greatly increase the liklihood of it being implemented by the core dev team. Otherwise, it will be triaged and prioritised alongside the core team's current priorities.
+      options:
+        - label: I can contribute

package/.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

package/.github/pull_request_template.md

@@ -0,0 +1,25 @@
+[//]: # (Please title your PR according to eslint commit conventions)
+[//]: # (See https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-changelog-eslint#eslint-convention for details)
+
+[//]: # (Add a link to the original issue)
+
+[//]: # (Delete as appropriate)
+### Fix
+* A sentence describing each fix
+
+### Update
+* A sentence describing each udpate
+
+### New
+* A sentence describing each new feature
+
+### Breaking
+* A sentence describing each breaking change
+
+[//]: # (List appropriate steps for testing if needed)
+### Testing
+1. Steps for testing
+
+[//]: # (Mention any other dependencies)
+
+

package/.github/workflows/labelled_prs.yml

@@ -0,0 +1,16 @@
+name: Add labelled PRs to project
+
+on:
+  pull_request:
+    types: [ labeled ]
+
+jobs:
+  add-to-project:
+    if: ${{ github.event.label.name == 'dependencies' }}
+    name: Add to main project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v0.1.0
+        with:
+          project-url: https://github.com/orgs/adapt-security/projects/5
+          github-token: ${{ secrets.PROJECTS_SECRET }}

package/.github/workflows/new.yml

@@ -0,0 +1,19 @@
+name: Add to main project
+
+on:
+  issues:
+    types:
+      - opened
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add to main project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v0.1.0
+        with:
+          project-url: https://github.com/orgs/adapt-security/projects/5
+          github-token: ${{ secrets.PROJECTS_SECRET }}

package/adapt-authoring.json

@@ -0,0 +1,5 @@
+{
+  "documentation": {
+    "enable": true
+  }
+}

package/conf/config.schema.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "type": "object",
+  "properties": {
+    "collectionName": {
+      "description": "Name of the database collection used to store user session data",
+      "type": "string",
+      "default": "usersessions"
+    },
+    "lifespan": {
+      "description": "The amount of time a session should remain valid",
+      "type": "string",
+      "isTimeMs": true,
+      "default": "1h"
+    },
+    "rolling": {
+      "description": "Determines whether sessions should only expire after a period of inactivity (max age determined by the lifespan option)",
+      "type": "boolean",
+      "default": true
+    },
+    "sameSite": {
+      "description": "Asserts that a cookie must not be sent with cross-origin requests",
+      "type": "string",
+      "default": "strict"
+    },
+    "secret": {
+      "description": "A secret used to encode/decode user sessions",
+      "type": "string",
+      "minLength": 10,
+      "_adapt": { 
+        "isSecret": true 
+      }
+    },
+    "secure": {
+      "description": "If true, cookie is only sent to the server when a request is made with the https scheme",
+      "type": ["boolean", "string"],
+      "default": false
+    }
+  },
+  "required": ["secret"]
+}

package/errors/errors.json

@@ -0,0 +1,9 @@
+{
+  "DESTROY_SESSION_FAIL": {
+    "data": {
+      "error": "The error message"
+    },
+    "description": "Failed to terminate user session",
+    "statusCode": 500
+  }
+}

package/index.js

@@ -0,0 +1,5 @@
+/**
+ * User sessions functionality
+ * @namespace sessions
+ */
+export { default } from './lib/SessionsModule.js'

package/lib/SessionsModule.js

@@ -0,0 +1,73 @@
+import { AbstractModule } from 'adapt-authoring-core'
+import MongoDBStore from 'connect-mongo'
+import session from 'express-session'
+/**
+ * Module which implements user sessions
+ * @memberof sessions
+ * @extends {AbstractModule}
+ */
+class SessionsModule extends AbstractModule {
+  /** @override */
+  async init () {
+    await super.init()
+
+    const [auth, mongodb, server] = await this.app.waitForModule('auth', 'mongodb', 'server')
+
+    server.expressApp.use(
+      session({
+        name: 'adapt.user_session',
+        resave: false,
+        rolling: this.getConfig('rolling'),
+        saveUninitialized: true,
+        secret: this.getConfig('secret'),
+        unset: 'destroy',
+        cookie: {
+          domain: this.getConfig('host'),
+          maxAge: this.getConfig('lifespan'),
+          sameSite: this.getConfig('sameSite'),
+          secure: this.getConfig('secure')
+        },
+        store: MongoDBStore.create({
+          client: mongodb.client,
+          collection: this.getConfig('collectionName'),
+          stringify: false
+        })
+      }),
+      this.storeAuthHeader
+    )
+    auth.secureRoute('/api/session/clear', 'post', ['clear:session'])
+  }
+
+  /**
+   * Stores the session token as an auth header if none present
+   * @param {external:ExpressRequest} req
+   * @param {external:ExpressResponse} res
+   * @param {function} next
+   */
+  storeAuthHeader (req, res, next) {
+    const token = req?.session?.token
+    if (token && !req.headers.Authorization) {
+      req.headers.Authorization = `Bearer ${token}`
+    }
+    next()
+  }
+
+  /**
+   * Handles clearing of the current request session
+   * @param {external:ExpressRequest} req
+   * @return {Promise} Resolves when the session has been cleared
+   */
+  async clearSession (req) {
+    if (!req.session) {
+      return
+    }
+    return new Promise((resolve, reject) => {
+      req.session.destroy(e => {
+        if (e) return reject(this.app.errors.DESTROY_SESSION_FAIL.setData({ error: e.message }))
+        resolve()
+      })
+    })
+  }
+}
+
+export default SessionsModule

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "adapt-authoring-sessions",
+  "version": "0.0.1",
+  "description": "Module which stores users sessions in the MongoDB",
+  "homepage": "https://github.com/adapt-security/adapt-authoring-sessions",
+  "license": "GPL-3.0",
+  "type": "module",
+  "main": "index.js",
+  "repository": "github:adapt-security/adapt-authoring-sessions",
+  "dependencies": {
+    "connect-mongo": "^5.1.0",
+    "express-session": "^1.18.0"
+  },
+  "peerDependencies": {
+    "adapt-authoring-auth": "github:adapt-security/adapt-authoring-auth",
+    "adapt-authoring-core": "github:adapt-security/adapt-authoring-core"
+  },
+  "devDependencies": {
+    "eslint": "^9.12.0",
+    "standard": "^17.1.0"
+  }
+}