connect-memcached 0.1.0 → 2.0.0

package/.tool-versions

@@ -0,0 +1 @@
+nodejs 18.2.0

package/Readme.md

@@ -1,54 +1,80 @@
 # connect-memcached
 
-  Memcached session store, using [node-memcached](http://github.com/3rd-Eden/node-memcached) for communication with cache server.
+Memcached session store, using [node-memcached](http://github.com/3rd-Eden/node-memcached) for communication with cache server.
 
 ## Installation
 
-  via npm:
+npm:
 
-```bash
-$ npm install connect-memcached
+```shell
+npm install connect-memcached express-session
+```
+
+yarn:
+
+```shell
+yarn add connect-memcached express-session
 ```
 
 ## Example
+
 ```javascript
-var express      = require('express')
-, session        = require('express-session')
-, cookieParser   = require('cookie-parser')
-, http           = require('http')
-, app            = express()
-, MemcachedStore = require('connect-memcached')(session);
-
-app.use(cookieParser());
-app.use(session({
-      secret  : 'CatOnKeyboard'
-    , key     : 'test'
-    , proxy   : 'true'
-    , store   : new MemcachedStore({
-        hosts: ['127.0.0.1:11211']
+var express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  MemcachedStore = require("connect-memcached")(session);
+
+app.use(
+  session({
+    secret: "CatOnKeyboard",
+    key: "test",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: new MemcachedStore({
+      hosts: ["127.0.0.1:11211"],
+      secret: "123, easy as ABC. ABC, easy as 123" // Optionally use transparent encryption for memcached session data
     })
-}));
-
-app.get('/', function(req, res){
-    if(req.session.views) {
-        ++req.session.views;
-    } else {
-        req.session.views = 1;
-    }
-    res.send('Viewed <strong>' + req.session.views + '</strong> times.');
+  })
+);
+
+app.get("/", function(req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.send("Viewed <strong>" + req.session.views + "</strong> times.");
 });
 
-http.createServer(app).listen(9341, function() {
-    console.log("Listening on %d", this.address().port);
+app.listen(9341, function() {
+  console.log("Listening on %d", this.address().port);
 });
 ```
 
 ## Options
-- `hosts` Memcached servers locations, can by string, array, hash.
-- `prefix` An optional prefix for each memcache key, in case you are sharing your memcached servers with something generating its own keys.
-- ...     Rest of given option will be passed directly to the node-memcached constructor.
 
-For details see [node-memcached](http://github.com/3rd-Eden/node-memcached).
+- `hosts` (Optional) Memcached servers locations, can be string, array or hash. Default is `127.0.0.1:11211`.
+- `prefix` (Optional) Prefix for each memcached key, in case you are sharing your memcached servers with something generating its own keys.
+- `ttl` (Optional) Default TTL parameter for the session data (in seconds).
+- `secret` (Optional) Secret used to encrypt/decrypt session contents. Setting it enables data encryption, which is handled by [kruptein](https://github.com/jas-/kruptein) module.
+- `algorithm` (Optional) Cipher algorithm from `crypto.getCiphers()`. Default is `aes-256-gcm`.
+- `hashing` (Optional) Hash algorithm from `crypto.getHashes()`. Default is `sha512`.
+- ... Rest of given options will be passed directly to the [node-memcached](http://github.com/3rd-Eden/node-memcached) and [kruptein](https://github.com/jas-/kruptein) constructors, see their appropriate docs for extra configurability.
+
+## Upgrading to v2.x.x
+
+When upgrading from pre v2 and using data encryption please flush all the session entries from memcached before rolling the update.
+
+Sessions without data encryption are not affected.
+
+## Upgrading from v0.x.x -> v1.x.x
+
+If You're upgrading from the pre v1.0.0 version of this library and use encryption for session data be sure to **remove all session entries created with previous version**. 
+
+Upgrading library without taking appropriate action will result in `SyntaxError` exceptions during JSON parsing of decoded entries. 
+
+Sessions without encryption are not affected.
 
 ## Contributors
 

package/index.js

@@ -1,2 +1 @@
-
-module.exports = require('./lib/connect-memcached');
+module.exports = require('./lib/connect-memcached');

package/lib/connect-memcached.js

@@ -2,13 +2,15 @@
  * connect-memcached
  * MIT Licensed
  */
+const bufferFrom = require('buffer-from');
 
-var Memcached = require('memcached');
+var Memcached = require("memcached");
 var oneDay = 86400;
+
 function ensureCallback(fn) {
-	return function() {
-		fn && fn.apply(null, arguments);
-	};
+  return function() {
+    fn && fn.apply(null, arguments);
+  };
 }
 
 /**
@@ -19,118 +21,163 @@ function ensureCallback(fn) {
  * @api public
  */
 module.exports = function(session) {
-	var Store = session.Store;
-
-	/**
-	 * Initialize MemcachedStore with the given `options`.
-	 *
-	 * @param {Object} options
-	 * @api public
-	 */
-	function MemcachedStore(options) {
-		options = options || {};
-		Store.call(this, options);
-
-		this.prefix = options.prefix || '';
-		if (!options.client) {
-			if (!options.hosts) {
-				options.hosts = '127.0.0.1:11211';
-			}
-
-			options.client = new Memcached(options.hosts, options);
-		}
-
-		this.client = options.client;
-	}
-
-	MemcachedStore.prototype.__proto__ = Store.prototype;
-
-	/**
-	 * Translates the given `sid` into a memcached key, optionally with prefix.
-	 *
-	 * @param {String} sid
-	 * @api private
-	 */
-	MemcachedStore.prototype.getKey = function getKey(sid) {
-		return this.prefix + sid;
-	};
-
-	/**
-	 * Attempt to fetch session by the given `sid`.
-	 *
-	 * @param {String} sid
-	 * @param {Function} fn
-	 * @api public
-	 */
-	MemcachedStore.prototype.get = function(sid, fn) {
-		sid = this.getKey(sid);
-
-		this.client.get(sid, function(err, data) {
-      if (err) { return fn(err, {}); }
-			try {
-				if (!data) {
-					return fn();
-				}
-				fn(null, JSON.parse(data.toString()));
-			} catch (e) {
-				fn(e);
-			}
-		});
-	};
-
-	/**
-	 * Commit the given `sess` object associated with the given `sid`.
-	 *
-	 * @param {String} sid
-	 * @param {Session} sess
-	 * @param {Function} fn
-	 * @api public
-	 */
-	MemcachedStore.prototype.set = function(sid, sess, fn) {
-		sid = this.getKey(sid);
-
-		try {
-			var maxAge = sess.cookie.maxAge;
-			var ttl = 'number' == typeof maxAge ? maxAge / 1000 | 0 : oneDay;
-			var sess = JSON.stringify(sess);
-
-			this.client.set(sid, sess, ttl, ensureCallback(fn));
-		} catch (err) {
-			fn && fn(err);
-		}
-	};
-
-	/**
-	 * Destroy the session associated with the given `sid`.
-	 *
-	 * @param {String} sid
-	 * @param {Function} fn
-	 * @api public
-	 */
-	MemcachedStore.prototype.destroy = function(sid, fn) {
-		sid = this.getKey(sid);
-		this.client.del(sid, ensureCallback(fn));
-	};
-
-	/**
-	 * Fetch number of sessions.
-	 *
-	 * @param {Function} fn
-	 * @api public
-	 */
-	MemcachedStore.prototype.length = function(fn) {
-		this.client.items(ensureCallback(fn));
-	};
-
-	/**
-	 * Clear all sessions.
-	 *
-	 * @param {Function} fn
-	 * @api public
-	 */
-	MemcachedStore.prototype.clear = function(fn) {
-		this.client.flush(ensureCallback(fn));
-	};
-
-	return MemcachedStore;
+  var Store = session.Store;
+
+  /**
+   * Initialize MemcachedStore with the given `options`.
+   *
+   * @param {Object} options
+   * @api public
+   */
+  function MemcachedStore(options) {
+    options = options || {};
+    Store.call(this, options);
+
+    this.prefix = options.prefix || "";
+    this.ttl = options.ttl;
+    if (!options.client) {
+      if (!options.hosts) {
+        options.hosts = "127.0.0.1:11211";
+      }
+
+      options.client = new Memcached(options.hosts, options);
+    }
+
+    if (options.secret) { 
+      options.algorithm = options.algorithm || 'aes-256-gcm';
+      options.hashing = options.hashing || 'sha512';
+      this.kruptein = require("kruptein")(options);
+      this.secret = options.secret;
+    }
+
+    this.client = options.client;
+  }
+
+  MemcachedStore.prototype.__proto__ = Store.prototype;
+
+  /**
+   * Translates the given `sid` into a memcached key, optionally with prefix.
+   *
+   * @param {String} sid
+   * @api private
+   */
+  MemcachedStore.prototype.getKey = function getKey(sid) {
+    return this.prefix + sid;
+  };
+
+  /**
+   * Attempt to fetch session by the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.get = function(sid, fn) {
+    var self = this, sid = this.getKey(sid),
+        parseable_string;
+
+    this.client.get(sid, function(err, data) {
+      if (err) {
+        return fn(err, {});
+      }
+      try {
+        if (!data) {
+          return fn();
+        }
+
+        if (self.secret) {
+          self.kruptein.get(self.secret, data, function(err, ct) {
+            if (err)
+              return fn(err, {});
+
+            parseable_string = JSON.parse(ct);
+          });
+        } else {
+          parseable_string = data;
+        }
+
+	fn(null, parseable_string);
+      } catch (e) {
+        fn(e);
+      }
+    });
+  };
+
+  /**
+   * Commit the given `sess` object associated with the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Session} sess
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.set = function(sid, sess, fn) {
+    sid = this.getKey(sid);
+
+    try {
+      var maxAge = sess.cookie.maxAge;
+      var ttl =
+        this.ttl || ("number" == typeof maxAge ? (maxAge / 1000) | 0 : oneDay);
+
+      if (this.secret) {
+        this.kruptein.set(this.secret, sess, function(err, ct) {
+          if (err)
+            return fn(err);
+
+          sess = ct;
+        });
+      }
+
+      this.client.set(sid, sess, ttl, ensureCallback(fn));
+    } catch (err) {
+      fn && fn(err);
+    }
+  };
+
+  /**
+   * Destroy the session associated with the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.destroy = function(sid, fn) {
+    sid = this.getKey(sid);
+    this.client.del(sid, ensureCallback(fn));
+  };
+
+  /**
+   * Fetch number of sessions.
+   *
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.length = function(fn) {
+    this.client.items(ensureCallback(fn));
+  };
+
+  /**
+   * Clear all sessions.
+   *
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.clear = function(fn) {
+    this.client.flush(ensureCallback(fn));
+  };
+
+  /**
+   * Refresh the time-to-live for the session with the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Session} sess
+   * @param {Function} fn
+   * @api public
+   */
+
+  MemcachedStore.prototype.touch = function(sid, sess, fn) {
+    this.set(sid, sess, fn);
+  };
+
+  return MemcachedStore;
 };

package/package.json

@@ -1,15 +1,44 @@
 {
-    "name": "connect-memcached"
-  , "version": "0.1.0"
-  , "description": "Memcached session store for Connect"
-  , "keywords": ["memcached", "connection", "session", "store", "cache"]
-  , "author": "Michał Thoma <me@balor.pl>"
-  , "repository": {
+  "name": "connect-memcached",
+  "version": "2.0.0",
+  "description": "Memcached session store for Connect",
+  "keywords": [
+    "memcached",
+    "connection",
+    "session",
+    "store",
+    "cache"
+  ],
+  "author": "Michał Thoma <me@balor.pl>",
+  "repository": {
     "type": "git",
     "url": "https://github.com/balor/connect-memcached"
+  },
+  "dependencies": {
+    "buffer-from": "1.1.0",
+    "kruptein": "3.0.x",
+    "memcached": "2.2.x"
+  },
+  "devDependencies": {
+    "express": "^4.17.3",
+    "express-session": "^1.17.2",
+    "jest": "^27.5.1",
+    "supertest": "^6.2.2"
+  },
+  "scripts": {
+    "test": "NODE_ENV=test jest --testTimeout=10000"
+  },
+  "jest": {
+    "testEnvironment": "node",
+    "coveragePathIgnorePatterns": [
+      "/node_modules/"
+    ]
+  },
+  "engines": {
+    "node": ">= 0.10.0"
+  },
+  "license": "MIT",
+  "directories": {
+    "lib": "./lib"
   }
-  , "dependencies": { "memcached": "0.2.x" }
-  , "engines": { "node": ">=0.4.7" }
-  , "license": "MIT"
-  , "directories": { "lib": "./lib" }
 }

package/test/.tool-versions

@@ -0,0 +1 @@
+nodejs 17.9.0

package/test/services/memcached_basic.js

@@ -0,0 +1,40 @@
+const express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  MemcachedStore = require("../../lib/connect-memcached")(session);
+
+const memcachedStore = new MemcachedStore({
+  hosts: ["127.0.0.1:11211"],
+  prefix: "testapp_",
+});
+
+app.use(
+  session({
+    secret: "TestSecret",
+    key: "test",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: memcachedStore,
+  })
+);
+
+app.get("/", function (req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.json({ pageviews: req.session.views });
+});
+
+if (process.env.NODE_ENV !== "test") {
+  app.listen(9341, function () {
+    console.log("Listening on %d", this.address().port);
+  });
+}
+
+module.exports = {
+  app: app,
+  memcachedStore: memcachedStore,
+};

package/test/services/memcached_crypt.js

@@ -0,0 +1,41 @@
+const express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  MemcachedStore = require("../../lib/connect-memcached")(session);
+
+const memcachedStore = new MemcachedStore({
+  hosts: ["127.0.0.1:11211"],
+  secret: "Hello there stranger!",
+  prefix: "testapp_encrypt_",
+});
+
+app.use(
+  session({
+    secret: "TestEncryptSecret",
+    key: "test_encrypt",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: memcachedStore,
+  })
+);
+
+app.get("/", function (req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.json({ pageviews: req.session.views });
+});
+
+if (process.env.NODE_ENV !== "test") {
+  app.listen(9341, function () {
+    console.log("Listening on %d", this.address().port);
+  });
+}
+
+module.exports = {
+  app: app,
+  memcachedStore: memcachedStore,
+};

package/test/services/memcached_preexisting_crypt_connection.js

@@ -0,0 +1,44 @@
+const express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  Memcached = require("memcached"),
+  MemcachedStore = require("../../lib/connect-memcached")(session);
+
+const memcachedClient = new Memcached("127.0.0.1:11211");
+
+const memcachedStore = new MemcachedStore({
+  client: memcachedClient,
+  prefix: "testapp_encrypt_",
+  secret: "Hello there stranger!",
+});
+
+app.use(
+  session({
+    secret: "TestEncryptSecret",
+    key: "test_encrypt",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: memcachedStore,
+  })
+);
+
+app.get("/", function (req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.json({ pageviews: req.session.views });
+});
+
+if (process.env.NODE_ENV !== "test") {
+  app.listen(9341, function () {
+    console.log("Listening on %d", this.address().port);
+  });
+}
+
+module.exports = {
+  app: app,
+  memcachedStore: memcachedStore,
+};

package/test/test.js

@@ -0,0 +1,63 @@
+const supertest = require("supertest");
+
+
+describe("Plain memcached session store", () => {
+  const { app, memcachedStore } = require("./services/memcached_basic.js");
+  const serverAgent = supertest.agent(app);
+
+  it("GET / should increment views value at each request", async () => {
+    let lastPageView = 0;
+    for (var i = 1; i < 50; i++) {
+      const res = await serverAgent.get("/");
+      expect(res.status).toEqual(200);
+      expect(res.type).toEqual(expect.stringContaining("json"));
+      expect(res.body.pageviews).toBeGreaterThan(lastPageView);
+      lastPageView = res.body.pageviews;
+    }
+  });
+
+  afterAll(() => {
+    memcachedStore.client.end();
+  });
+});
+
+describe("Encrypted memcached session store", () => {
+  const { app, memcachedStore } = require("./services/memcached_crypt.js");
+  const serverAgent = supertest.agent(app);
+
+  it("GET / should increment views value at each request", async () => {
+    let lastPageView = 0;
+    for (var i = 1; i < 50; i++) {
+      const res = await serverAgent.get("/");
+      expect(res.status).toEqual(200);
+      expect(res.type).toEqual(expect.stringContaining("json"));
+      expect(res.body.pageviews).toBeGreaterThan(lastPageView);
+      lastPageView = res.body.pageviews;
+    }
+  });
+
+  afterAll(() => {
+    memcachedStore.client.end();
+  });
+});
+
+describe("Encrypted session store using preexising memcached client", () => {
+  const { app, memcachedStore } = require("./services/memcached_preexisting_crypt_connection.js");
+  const serverAgent = supertest.agent(app);
+
+  it("GET / should increment views value at each request", async () => {
+    let lastPageView = 0;
+    for (var i = 1; i < 50; i++) {
+      const res = await serverAgent.get("/");
+      expect(res.status).toEqual(200);
+      expect(res.type).toEqual(expect.stringContaining("json"));
+      expect(res.body.pageviews).toBeGreaterThan(lastPageView);
+      expect(memcachedStore.kruptein.crypto).toBe(require("crypto"));
+      lastPageView = res.body.pageviews;
+    }
+  });
+
+  afterAll(() => {
+    memcachedStore.client.end();
+  });
+});

package/.npmignore

@@ -1,2 +0,0 @@
-.idea
-node_modules

package/tests/test.js

@@ -1,32 +0,0 @@
-var express      = require('express')
-, session        = require('express-session')
-, cookieParser   = require('cookie-parser')
-, http           = require('http')
-, app            = express()
-, MemcachedStore = require('../lib/connect-memcached')(session);
-
-app.use(cookieParser());
-app.use(session({
-      secret  : 'TestSecret'
-    , key     : 'test'
-    , proxy   : 'true'
-    , store   : new MemcachedStore({
-        hosts: [ '127.0.0.1:11211' ],
-        prefix: 'testapp_'
-    })
-}));
-
-app.get('/', function(req, res){
-    if(req.session.views) {
-        ++req.session.views;
-    } else {
-        req.session.views = 1;
-    }
-    res.send('Viewed <strong>' + req.session.views + '</strong> times.');
-});
-
-http.createServer(app).listen(9341, function() {
-    console.log("Listening on %d", this.address().port);
-});
-
-