connect-memcached 0.2.0 → 1.0.0

package/Readme.md

@@ -1,59 +1,73 @@
 # connect-memcached
 
-  Memcached session store, using [node-memcached](http://github.com/3rd-Eden/node-memcached) for communication with cache server.
+Memcached session store, using [node-memcached](http://github.com/3rd-Eden/node-memcached) for communication with cache server.
 
 ## Installation
 
-  via npm:
+via npm:
 
 ```bash
 $ npm install connect-memcached
 ```
 
 ## Example
+
 ```javascript
-var express      = require('express')
-, session        = require('express-session')
-, cookieParser   = require('cookie-parser')
-, http           = require('http')
-, app            = express()
-, MemcachedStore = require('connect-memcached')(session);
+var express = require("express"),
+  session = require("express-session"),
+  cookieParser = require("cookie-parser"),
+  http = require("http"),
+  app = express(),
+  MemcachedStore = require("connect-memcached")(session);
 
 app.use(cookieParser());
-app.use(session({
-      secret  : 'CatOnKeyboard'
-    , key     : 'test'
-    , proxy   : 'true'
-    , store   : new MemcachedStore({
-        hosts: ['127.0.0.1:11211'],
-        secret: '123, easy as ABC. ABC, easy as 123' // Optionally use transparent encryption for memcache session data
+app.use(
+  session({
+    secret: "CatOnKeyboard",
+    key: "test",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: new MemcachedStore({
+      hosts: ["127.0.0.1:11211"],
+      secret: "123, easy as ABC. ABC, easy as 123" // Optionally use transparent encryption for memcache session data
     })
-}));
-
-app.get('/', function(req, res){
-    if(req.session.views) {
-        ++req.session.views;
-    } else {
-        req.session.views = 1;
-    }
-    res.send('Viewed <strong>' + req.session.views + '</strong> times.');
+  })
+);
+
+app.get("/", function(req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.send("Viewed <strong>" + req.session.views + "</strong> times.");
 });
 
 http.createServer(app).listen(9341, function() {
-    console.log("Listening on %d", this.address().port);
+  console.log("Listening on %d", this.address().port);
 });
 ```
 
 ## Options
+
 - `hosts` Memcached servers locations, can be string, array, hash.
 - `prefix` An optional prefix for each memcache key, in case you are sharing your memcached servers with something generating its own keys.
-- `ttl` An optional parameter used for setting the default TTL
+- `ttl` An optional parameter used for setting the default TTL (in seconds)
 - `secret` An optional secret can be used to encrypt/decrypt session contents.
 - `algorithm` An optional algorithm parameter may be used, but must be valid based on returned `crypto.getCiphers()`. The current default is `aes-256-ctr` and was chosen based on the following [information](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html)
-- ...     Rest of given option will be passed directly to the node-memcached constructor.
+- ... Rest of given option will be passed directly to the node-memcached constructor.
 
 For details see [node-memcached](http://github.com/3rd-Eden/node-memcached).
 
+## Upgrading from v0.x.x -> v1.x.x
+
+If You're upgrading from the pre v1.0.0 version of this library and use encryption for session data be sure to **remove all session entries created with previous version**. 
+
+Upgrading library without taking appropriate action will result in `SyntaxError` exceptions during JSON parsing of decoded entries. 
+
+Sessions without encryption are not affected.
+
 ## Contributors
 
 Big thanks for the contributors! See the actual list [here](https://github.com/balor/connect-memcached/graphs/contributors)!

package/lib/connect-memcached.js

@@ -2,13 +2,15 @@
  * connect-memcached
  * MIT Licensed
  */
+const bufferFrom = require('buffer-from');
 
-var Memcached = require('memcached');
+var Memcached = require("memcached");
 var oneDay = 86400;
+
 function ensureCallback(fn) {
-    return function() {
-        fn && fn.apply(null, arguments);
-    };
+  return function() {
+    fn && fn.apply(null, arguments);
+  };
 }
 
 /**
@@ -19,202 +21,221 @@ function ensureCallback(fn) {
  * @api public
  */
 module.exports = function(session) {
-    var Store = session.Store;
-
-    /**
-     * Initialize MemcachedStore with the given `options`.
-     *
-     * @param {Object} options
-     * @api public
-     */
-    function MemcachedStore(options) {
-        options = options || {};
-        Store.call(this, options);
-
-        this.prefix = options.prefix || '';
-        this.ttl = options.ttl;
-        if (!options.client) {
-            if (!options.hosts) {
-                options.hosts = '127.0.0.1:11211';
-            }
-            if (options.secret) {
-                this.crypto = require('crypto'),
-                this.secret = options.secret;
-            }
-            if (options.algorithm) {
-                this.algorithm = options.algorithm;
-            }
-
-            options.client = new Memcached(options.hosts, options);
-        }
-
-        this.client = options.client;
+  var Store = session.Store;
+
+  /**
+   * Initialize MemcachedStore with the given `options`.
+   *
+   * @param {Object} options
+   * @api public
+   */
+  function MemcachedStore(options) {
+    options = options || {};
+    Store.call(this, options);
+
+    this.prefix = options.prefix || "";
+    this.ttl = options.ttl;
+    if (!options.client) {
+      if (!options.hosts) {
+        options.hosts = "127.0.0.1:11211";
+      }
+      if (options.secret) {
+        (this.crypto = require("crypto")), (this.secret = options.secret);
+      }
+      if (options.algorithm) {
+        this.algorithm = options.algorithm;
+      }
+
+      options.client = new Memcached(options.hosts, options);
     }
 
-    MemcachedStore.prototype.__proto__ = Store.prototype;
-
-    /**
-     * Translates the given `sid` into a memcached key, optionally with prefix.
-     *
-     * @param {String} sid
-     * @api private
-     */
-    MemcachedStore.prototype.getKey = function getKey(sid) {
-        return this.prefix + sid;
-    };
-
-    /**
-     * Attempt to fetch session by the given `sid`.
-     *
-     * @param {String} sid
-     * @param {Function} fn
-     * @api public
-     */
-    MemcachedStore.prototype.get = function(sid, fn) {
-    	secret = this.secret, self = this, sid = this.getKey(sid);
-
-        this.client.get(sid, function(err, data) {
-            if (err) {
-                return fn(err, {}); 
-            }
-            try {
-                if (!data) {
-                    return fn();
-                }
-                if (secret) {
-                    parseable_string = decryptData.call(self, data.toString());
-                }
-                else {
-                    parseable_string = data.toString();
-                }
-
-                fn(null, JSON.parse(parseable_string));
-            } catch (e) {
-                fn(e);
-            }
-        });
-    };
-
-    /**
-     * Commit the given `sess` object associated with the given `sid`.
-     *
-     * @param {String} sid
-     * @param {Session} sess
-     * @param {Function} fn
-     * @api public
-     */
-    MemcachedStore.prototype.set = function(sid, sess, fn) {
-        sid = this.getKey(sid);
-
-        try {
-            var maxAge = sess.cookie.maxAge;
-            var ttl = this.ttl || ('number' == typeof maxAge ? maxAge / 1000 | 0 : oneDay);
-            var sess = JSON.stringify((this.secret) ?
-                                encryptData.call(this, JSON.stringify(sess),
-                                                 this.secret, this.algorithm) :
-                                sess);
-
-            this.client.set(sid, sess, ttl, ensureCallback(fn));
-        } catch (err) {
-            fn && fn(err);
+    this.client = options.client;
+  }
+
+  MemcachedStore.prototype.__proto__ = Store.prototype;
+
+  /**
+   * Translates the given `sid` into a memcached key, optionally with prefix.
+   *
+   * @param {String} sid
+   * @api private
+   */
+  MemcachedStore.prototype.getKey = function getKey(sid) {
+    return this.prefix + sid;
+  };
+
+  /**
+   * Attempt to fetch session by the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.get = function(sid, fn) {
+    (secret = this.secret), (self = this), (sid = this.getKey(sid));
+
+    this.client.get(sid, function(err, data) {
+      if (err) {
+        return fn(err, {});
+      }
+      try {
+        if (!data) {
+          return fn();
         }
-    };
-
-    /**
-     * Destroy the session associated with the given `sid`.
-     *
-     * @param {String} sid
-     * @param {Function} fn
-     * @api public
-     */
-    MemcachedStore.prototype.destroy = function(sid, fn) {
-        sid = this.getKey(sid);
-        this.client.del(sid, ensureCallback(fn));
-    };
-
-    /**
-     * Fetch number of sessions.
-     *
-     * @param {Function} fn
-     * @api public
-     */
-    MemcachedStore.prototype.length = function(fn) {
-        this.client.items(ensureCallback(fn));
-    };
-
-    /**
-     * Clear all sessions.
-     *
-     * @param {Function} fn
-     * @api public
-     */
-    MemcachedStore.prototype.clear = function(fn) {
-        this.client.flush(ensureCallback(fn));
-    };
-
-	/**
-	 * Refresh the time-to-live for the session with the given `sid`.
-	 *
-	 * @param {String} sid
-	 * @param {Session} sess
-	 * @param {Function} fn
-	 * @api public
- 	 */
-
-	MemcachedStore.prototype.touch = function (sid, sess, fn) {
-		this.set(sid, sess, fn);
-	}
-
-
-    function encryptData(plaintext){
-        var pt = encrypt.call(this, this.secret, plaintext, this.algo)
-            , hmac = digest.call(this, this.secret, pt);
-
-        return {
-            ct: pt,
-            mac: hmac
-        };
-    }
-
-    function decryptData(ciphertext){
-        ciphertext = JSON.parse(ciphertext)
-        var hmac = digest.call(this, this.secret, ciphertext.ct);
-
-        if (hmac != ciphertext.mac) {
-            throw 'Encrypted session was tampered with!';
+        if (secret) {
+          parseable_string = decryptData.call(self, data.toString());
+        } else {
+          parseable_string = data.toString();
         }
 
-        return decrypt.call(this, this.secret, ciphertext.ct, this.algo);
-    }
-
-    function digest(key, obj) {
-        var hmac = this.crypto.createHmac('sha512', key);
-        hmac.setEncoding('hex');
-        hmac.write(obj);
-        hmac.end();
-        return hmac.read();
-    }
-
-    function encrypt(key, pt, algo) {
-        algo = algo || 'aes-256-ctr';
-        pt = (Buffer.isBuffer(pt)) ? pt : new Buffer(pt);
-
-        var cipher = this.crypto.createCipher(algo, key), ct = [];
-        ct.push(cipher.update(pt, 'buffer', 'hex'));
-        ct.push(cipher.final('hex'));
-
-        return ct.join('');
+        fn(null, JSON.parse(parseable_string));
+      } catch (e) {
+        fn(e);
+      }
+    });
+  };
+
+  /**
+   * Commit the given `sess` object associated with the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Session} sess
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.set = function(sid, sess, fn) {
+    sid = this.getKey(sid);
+
+    try {
+      var maxAge = sess.cookie.maxAge;
+      var ttl =
+        this.ttl || ("number" == typeof maxAge ? (maxAge / 1000) | 0 : oneDay);
+      var sess = JSON.stringify(
+        this.secret
+          ? encryptData.call(
+              this,
+              JSON.stringify(sess),
+              this.secret,
+              this.algorithm
+            )
+          : sess
+      );
+
+      this.client.set(sid, sess, ttl, ensureCallback(fn));
+    } catch (err) {
+      fn && fn(err);
     }
+  };
+
+  /**
+   * Destroy the session associated with the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.destroy = function(sid, fn) {
+    sid = this.getKey(sid);
+    this.client.del(sid, ensureCallback(fn));
+  };
+
+  /**
+   * Fetch number of sessions.
+   *
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.length = function(fn) {
+    this.client.items(ensureCallback(fn));
+  };
+
+  /**
+   * Clear all sessions.
+   *
+   * @param {Function} fn
+   * @api public
+   */
+  MemcachedStore.prototype.clear = function(fn) {
+    this.client.flush(ensureCallback(fn));
+  };
+
+  /**
+   * Refresh the time-to-live for the session with the given `sid`.
+   *
+   * @param {String} sid
+   * @param {Session} sess
+   * @param {Function} fn
+   * @api public
+   */
+
+  MemcachedStore.prototype.touch = function(sid, sess, fn) {
+    this.set(sid, sess, fn);
+  };
+
+  function encryptData(plaintext) {
+    var pt = encrypt.call(this, this.secret, plaintext, this.algo),
+      hmac = digest.call(this, this.secret, pt);
+
+    return {
+      ct: pt,
+      mac: hmac
+    };
+  }
 
-    function decrypt(key, ct, algo) {
-        algo = algo || 'aes-256-ctr';
-        var cipher = this.crypto.createDecipher(algo, key), pt = [];
+  function decryptData(ciphertext) {
+    ciphertext = JSON.parse(ciphertext);
 
-        pt.push(cipher.update(ct, 'hex', 'utf8'));
-        pt.push(cipher.final('utf8'));
+    var hmac = digest.call(this, this.secret, ciphertext.ct);
 
-        return pt.join('');
+    if (hmac != ciphertext.mac) {
+      throw "Encrypted session was tampered with!";
     }
 
-    return MemcachedStore;
+    return decrypt.call(this, this.secret, ciphertext.ct, this.algo);
+  }
+
+  function digest(key, obj) {
+    var hmac = this.crypto.createHmac("sha512", key);
+    hmac.setEncoding("hex");
+    hmac.write(obj);
+    hmac.end();
+    return hmac.read();
+  }
+
+  function encrypt(key, pt, algo) {
+    algo = algo || "aes-256-ctr";
+    pt = Buffer.isBuffer(pt) ? pt : new bufferFrom(pt);
+    var iv = this.crypto.randomBytes(16);
+    var hashedKey = this.crypto
+      .createHash("sha256")
+      .update(key)
+      .digest();
+    var cipher = this.crypto.createCipheriv(algo, hashedKey, iv),
+      ct = [];
+    ct.push(iv.toString("hex"));
+    ct.push(cipher.update(pt, "buffer", "hex"));
+    ct.push(cipher.final("hex"));
+
+    return ct.join("");
+  }
+
+  function decrypt(key, ct, algo) {
+    algo = algo || "aes-256-ctr";
+    var dataBuffer = bufferFrom(ct, "hex");
+    var iv = dataBuffer.slice(0, 16);
+    var hashedKey = this.crypto
+      .createHash("sha256")
+      .update(key)
+      .digest();
+
+    var cipher = this.crypto.createDecipheriv(algo, hashedKey, iv),
+      pt = [];
+
+    pt.push(cipher.update(dataBuffer.slice(16), "hex", "utf8"));
+    pt.push(cipher.final("utf8"));
+
+    return pt.join("");
+  }
+
+  return MemcachedStore;
 };

package/package.json

@@ -1,15 +1,28 @@
 {
-    "name": "connect-memcached"
-  , "version": "0.2.0"
-  , "description": "Memcached session store for Connect"
-  , "keywords": ["memcached", "connection", "session", "store", "cache"]
-  , "author": "Michał Thoma <me@balor.pl>"
-  , "repository": {
+  "name": "connect-memcached",
+  "version": "1.0.0",
+  "description": "Memcached session store for Connect",
+  "keywords": [
+    "memcached",
+    "connection",
+    "session",
+    "store",
+    "cache"
+  ],
+  "author": "Michał Thoma <me@balor.pl>",
+  "repository": {
     "type": "git",
     "url": "https://github.com/balor/connect-memcached"
+  },
+  "dependencies": {
+    "buffer-from": "1.1.0",
+    "memcached": "2.2.x"
+  },
+  "engines": {
+    "node": ">= 0.10.0"
+  },
+  "license": "MIT",
+  "directories": {
+    "lib": "./lib"
   }
-  , "dependencies": { "memcached": "2.2.x" }
-  , "engines": { "node": ">=0.4.7" }
-  , "license": "MIT"
-  , "directories": { "lib": "./lib" }
 }

package/tests/test.js

@@ -1,32 +1,34 @@
-var express      = require('express')
-, session        = require('express-session')
-, cookieParser   = require('cookie-parser')
-, http           = require('http')
-, app            = express()
-, MemcachedStore = require('../lib/connect-memcached')(session);
+var express = require("express"),
+  session = require("express-session"),
+  cookieParser = require("cookie-parser"),
+  http = require("http"),
+  app = express(),
+  MemcachedStore = require("../lib/connect-memcached")(session);
 
 app.use(cookieParser());
-app.use(session({
-      secret  : 'TestSecret'
-    , key     : 'test'
-    , proxy   : 'true'
-    , store   : new MemcachedStore({
-        hosts: [ '127.0.0.1:11211' ],
-        prefix: 'testapp_'
+app.use(
+  session({
+    secret: "TestSecret",
+    key: "test",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: new MemcachedStore({
+      hosts: ["127.0.0.1:11211"],
+      prefix: "testapp_"
     })
-}));
+  })
+);
 
-app.get('/', function(req, res){
-    if(req.session.views) {
-        ++req.session.views;
-    } else {
-        req.session.views = 1;
-    }
-    res.send('Viewed <strong>' + req.session.views + '</strong> times.');
+app.get("/", function(req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.send("Viewed <strong>" + req.session.views + "</strong> times.");
 });
 
 http.createServer(app).listen(9341, function() {
-    console.log("Listening on %d", this.address().port);
-});
-
-
+  console.log("Listening on %d", this.address().port);
+});

package/tests/test_encrypt.js

@@ -1,33 +1,35 @@
-var express      = require('express')
-, session        = require('express-session')
-, cookieParser   = require('cookie-parser')
-, http           = require('http')
-, app            = express()
-, MemcachedStore = require('../lib/connect-memcached')(session);
+var express = require("express"),
+  session = require("express-session"),
+  cookieParser = require("cookie-parser"),
+  http = require("http"),
+  app = express(),
+  MemcachedStore = require("../lib/connect-memcached")(session);
 
 app.use(cookieParser());
-app.use(session({
-      secret  : 'TestEncryptSecret'
-    , key     : 'test_encrypt'
-    , proxy   : 'true'
-    , store   : new MemcachedStore({
-        hosts: [ '127.0.0.1:11211' ],
-        secret: 'Keep quiet, Im working!',
-        prefix: 'testapp_encrypt_'
+app.use(
+  session({
+    secret: "TestEncryptSecret",
+    key: "test_encrypt",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: new MemcachedStore({
+      hosts: ["127.0.0.1:11211"],
+      secret: "Hello there stranger!",
+      prefix: "testapp_encrypt_"
     })
-}));
+  })
+);
 
-app.get('/', function(req, res){
-    if(req.session.views) {
-        ++req.session.views;
-    } else {
-        req.session.views = 1;
-    }
-    res.send('Viewed <strong>' + req.session.views + '</strong> times.');
+app.get("/", function(req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.send("Viewed <strong>" + req.session.views + "</strong> times.");
 });
 
 http.createServer(app).listen(9341, function() {
-    console.log("Listening on %d", this.address().port);
+  console.log("Listening on %d", this.address().port);
 });
-
-