connect-memcached 1.0.0 → 2.0.0

package/.tool-versions

@@ -0,0 +1 @@
+nodejs 18.2.0

package/Readme.md

@@ -4,10 +4,16 @@ Memcached session store, using [node-memcached](http://github.com/3rd-Eden/node-
 
 ## Installation
 
-via npm:
+npm:
 
-```bash
-$ npm install connect-memcached
+```shell
+npm install connect-memcached express-session
+```
+
+yarn:
+
+```shell
+yarn add connect-memcached express-session
 ```
 
 ## Example
@@ -15,12 +21,9 @@ $ npm install connect-memcached
 ```javascript
 var express = require("express"),
   session = require("express-session"),
-  cookieParser = require("cookie-parser"),
-  http = require("http"),
   app = express(),
   MemcachedStore = require("connect-memcached")(session);
 
-app.use(cookieParser());
 app.use(
   session({
     secret: "CatOnKeyboard",
@@ -30,7 +33,7 @@ app.use(
     saveUninitialized: false,
     store: new MemcachedStore({
       hosts: ["127.0.0.1:11211"],
-      secret: "123, easy as ABC. ABC, easy as 123" // Optionally use transparent encryption for memcache session data
+      secret: "123, easy as ABC. ABC, easy as 123" // Optionally use transparent encryption for memcached session data
     })
   })
 );
@@ -44,21 +47,26 @@ app.get("/", function(req, res) {
   res.send("Viewed <strong>" + req.session.views + "</strong> times.");
 });
 
-http.createServer(app).listen(9341, function() {
+app.listen(9341, function() {
   console.log("Listening on %d", this.address().port);
 });
 ```
 
 ## Options
 
-- `hosts` Memcached servers locations, can be string, array, hash.
-- `prefix` An optional prefix for each memcache key, in case you are sharing your memcached servers with something generating its own keys.
-- `ttl` An optional parameter used for setting the default TTL (in seconds)
-- `secret` An optional secret can be used to encrypt/decrypt session contents.
-- `algorithm` An optional algorithm parameter may be used, but must be valid based on returned `crypto.getCiphers()`. The current default is `aes-256-ctr` and was chosen based on the following [information](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html)
-- ... Rest of given option will be passed directly to the node-memcached constructor.
+- `hosts` (Optional) Memcached servers locations, can be string, array or hash. Default is `127.0.0.1:11211`.
+- `prefix` (Optional) Prefix for each memcached key, in case you are sharing your memcached servers with something generating its own keys.
+- `ttl` (Optional) Default TTL parameter for the session data (in seconds).
+- `secret` (Optional) Secret used to encrypt/decrypt session contents. Setting it enables data encryption, which is handled by [kruptein](https://github.com/jas-/kruptein) module.
+- `algorithm` (Optional) Cipher algorithm from `crypto.getCiphers()`. Default is `aes-256-gcm`.
+- `hashing` (Optional) Hash algorithm from `crypto.getHashes()`. Default is `sha512`.
+- ... Rest of given options will be passed directly to the [node-memcached](http://github.com/3rd-Eden/node-memcached) and [kruptein](https://github.com/jas-/kruptein) constructors, see their appropriate docs for extra configurability.
+
+## Upgrading to v2.x.x
+
+When upgrading from pre v2 and using data encryption please flush all the session entries from memcached before rolling the update.
 
-For details see [node-memcached](http://github.com/3rd-Eden/node-memcached).
+Sessions without data encryption are not affected.
 
 ## Upgrading from v0.x.x -> v1.x.x
 

package/index.js

@@ -1,2 +1 @@
-
-module.exports = require('./lib/connect-memcached');
+module.exports = require('./lib/connect-memcached');

package/lib/connect-memcached.js

@@ -39,16 +39,17 @@ module.exports = function(session) {
       if (!options.hosts) {
         options.hosts = "127.0.0.1:11211";
       }
-      if (options.secret) {
-        (this.crypto = require("crypto")), (this.secret = options.secret);
-      }
-      if (options.algorithm) {
-        this.algorithm = options.algorithm;
-      }
 
       options.client = new Memcached(options.hosts, options);
     }
 
+    if (options.secret) { 
+      options.algorithm = options.algorithm || 'aes-256-gcm';
+      options.hashing = options.hashing || 'sha512';
+      this.kruptein = require("kruptein")(options);
+      this.secret = options.secret;
+    }
+
     this.client = options.client;
   }
 
@@ -72,7 +73,8 @@ module.exports = function(session) {
    * @api public
    */
   MemcachedStore.prototype.get = function(sid, fn) {
-    (secret = this.secret), (self = this), (sid = this.getKey(sid));
+    var self = this, sid = this.getKey(sid),
+        parseable_string;
 
     this.client.get(sid, function(err, data) {
       if (err) {
@@ -82,13 +84,19 @@ module.exports = function(session) {
         if (!data) {
           return fn();
         }
-        if (secret) {
-          parseable_string = decryptData.call(self, data.toString());
+
+        if (self.secret) {
+          self.kruptein.get(self.secret, data, function(err, ct) {
+            if (err)
+              return fn(err, {});
+
+            parseable_string = JSON.parse(ct);
+          });
         } else {
-          parseable_string = data.toString();
+          parseable_string = data;
         }
 
-        fn(null, JSON.parse(parseable_string));
+	fn(null, parseable_string);
       } catch (e) {
         fn(e);
       }
@@ -110,16 +118,15 @@ module.exports = function(session) {
       var maxAge = sess.cookie.maxAge;
       var ttl =
         this.ttl || ("number" == typeof maxAge ? (maxAge / 1000) | 0 : oneDay);
-      var sess = JSON.stringify(
-        this.secret
-          ? encryptData.call(
-              this,
-              JSON.stringify(sess),
-              this.secret,
-              this.algorithm
-            )
-          : sess
-      );
+
+      if (this.secret) {
+        this.kruptein.set(this.secret, sess, function(err, ct) {
+          if (err)
+            return fn(err);
+
+          sess = ct;
+        });
+      }
 
       this.client.set(sid, sess, ttl, ensureCallback(fn));
     } catch (err) {
@@ -172,70 +179,5 @@ module.exports = function(session) {
     this.set(sid, sess, fn);
   };
 
-  function encryptData(plaintext) {
-    var pt = encrypt.call(this, this.secret, plaintext, this.algo),
-      hmac = digest.call(this, this.secret, pt);
-
-    return {
-      ct: pt,
-      mac: hmac
-    };
-  }
-
-  function decryptData(ciphertext) {
-    ciphertext = JSON.parse(ciphertext);
-
-    var hmac = digest.call(this, this.secret, ciphertext.ct);
-
-    if (hmac != ciphertext.mac) {
-      throw "Encrypted session was tampered with!";
-    }
-
-    return decrypt.call(this, this.secret, ciphertext.ct, this.algo);
-  }
-
-  function digest(key, obj) {
-    var hmac = this.crypto.createHmac("sha512", key);
-    hmac.setEncoding("hex");
-    hmac.write(obj);
-    hmac.end();
-    return hmac.read();
-  }
-
-  function encrypt(key, pt, algo) {
-    algo = algo || "aes-256-ctr";
-    pt = Buffer.isBuffer(pt) ? pt : new bufferFrom(pt);
-    var iv = this.crypto.randomBytes(16);
-    var hashedKey = this.crypto
-      .createHash("sha256")
-      .update(key)
-      .digest();
-    var cipher = this.crypto.createCipheriv(algo, hashedKey, iv),
-      ct = [];
-    ct.push(iv.toString("hex"));
-    ct.push(cipher.update(pt, "buffer", "hex"));
-    ct.push(cipher.final("hex"));
-
-    return ct.join("");
-  }
-
-  function decrypt(key, ct, algo) {
-    algo = algo || "aes-256-ctr";
-    var dataBuffer = bufferFrom(ct, "hex");
-    var iv = dataBuffer.slice(0, 16);
-    var hashedKey = this.crypto
-      .createHash("sha256")
-      .update(key)
-      .digest();
-
-    var cipher = this.crypto.createDecipheriv(algo, hashedKey, iv),
-      pt = [];
-
-    pt.push(cipher.update(dataBuffer.slice(16), "hex", "utf8"));
-    pt.push(cipher.final("utf8"));
-
-    return pt.join("");
-  }
-
   return MemcachedStore;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "connect-memcached",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Memcached session store for Connect",
   "keywords": [
     "memcached",
@@ -16,8 +16,24 @@
   },
   "dependencies": {
     "buffer-from": "1.1.0",
+    "kruptein": "3.0.x",
     "memcached": "2.2.x"
   },
+  "devDependencies": {
+    "express": "^4.17.3",
+    "express-session": "^1.17.2",
+    "jest": "^27.5.1",
+    "supertest": "^6.2.2"
+  },
+  "scripts": {
+    "test": "NODE_ENV=test jest --testTimeout=10000"
+  },
+  "jest": {
+    "testEnvironment": "node",
+    "coveragePathIgnorePatterns": [
+      "/node_modules/"
+    ]
+  },
   "engines": {
     "node": ">= 0.10.0"
   },

package/test/.tool-versions

@@ -0,0 +1 @@
+nodejs 17.9.0

package/test/services/memcached_basic.js

@@ -0,0 +1,40 @@
+const express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  MemcachedStore = require("../../lib/connect-memcached")(session);
+
+const memcachedStore = new MemcachedStore({
+  hosts: ["127.0.0.1:11211"],
+  prefix: "testapp_",
+});
+
+app.use(
+  session({
+    secret: "TestSecret",
+    key: "test",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: memcachedStore,
+  })
+);
+
+app.get("/", function (req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.json({ pageviews: req.session.views });
+});
+
+if (process.env.NODE_ENV !== "test") {
+  app.listen(9341, function () {
+    console.log("Listening on %d", this.address().port);
+  });
+}
+
+module.exports = {
+  app: app,
+  memcachedStore: memcachedStore,
+};

package/test/services/memcached_crypt.js

@@ -0,0 +1,41 @@
+const express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  MemcachedStore = require("../../lib/connect-memcached")(session);
+
+const memcachedStore = new MemcachedStore({
+  hosts: ["127.0.0.1:11211"],
+  secret: "Hello there stranger!",
+  prefix: "testapp_encrypt_",
+});
+
+app.use(
+  session({
+    secret: "TestEncryptSecret",
+    key: "test_encrypt",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: memcachedStore,
+  })
+);
+
+app.get("/", function (req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.json({ pageviews: req.session.views });
+});
+
+if (process.env.NODE_ENV !== "test") {
+  app.listen(9341, function () {
+    console.log("Listening on %d", this.address().port);
+  });
+}
+
+module.exports = {
+  app: app,
+  memcachedStore: memcachedStore,
+};

package/test/services/memcached_preexisting_crypt_connection.js

@@ -0,0 +1,44 @@
+const express = require("express"),
+  session = require("express-session"),
+  app = express(),
+  Memcached = require("memcached"),
+  MemcachedStore = require("../../lib/connect-memcached")(session);
+
+const memcachedClient = new Memcached("127.0.0.1:11211");
+
+const memcachedStore = new MemcachedStore({
+  client: memcachedClient,
+  prefix: "testapp_encrypt_",
+  secret: "Hello there stranger!",
+});
+
+app.use(
+  session({
+    secret: "TestEncryptSecret",
+    key: "test_encrypt",
+    proxy: "true",
+    resave: false,
+    saveUninitialized: false,
+    store: memcachedStore,
+  })
+);
+
+app.get("/", function (req, res) {
+  if (req.session.views) {
+    ++req.session.views;
+  } else {
+    req.session.views = 1;
+  }
+  res.json({ pageviews: req.session.views });
+});
+
+if (process.env.NODE_ENV !== "test") {
+  app.listen(9341, function () {
+    console.log("Listening on %d", this.address().port);
+  });
+}
+
+module.exports = {
+  app: app,
+  memcachedStore: memcachedStore,
+};

package/test/test.js

@@ -0,0 +1,63 @@
+const supertest = require("supertest");
+
+
+describe("Plain memcached session store", () => {
+  const { app, memcachedStore } = require("./services/memcached_basic.js");
+  const serverAgent = supertest.agent(app);
+
+  it("GET / should increment views value at each request", async () => {
+    let lastPageView = 0;
+    for (var i = 1; i < 50; i++) {
+      const res = await serverAgent.get("/");
+      expect(res.status).toEqual(200);
+      expect(res.type).toEqual(expect.stringContaining("json"));
+      expect(res.body.pageviews).toBeGreaterThan(lastPageView);
+      lastPageView = res.body.pageviews;
+    }
+  });
+
+  afterAll(() => {
+    memcachedStore.client.end();
+  });
+});
+
+describe("Encrypted memcached session store", () => {
+  const { app, memcachedStore } = require("./services/memcached_crypt.js");
+  const serverAgent = supertest.agent(app);
+
+  it("GET / should increment views value at each request", async () => {
+    let lastPageView = 0;
+    for (var i = 1; i < 50; i++) {
+      const res = await serverAgent.get("/");
+      expect(res.status).toEqual(200);
+      expect(res.type).toEqual(expect.stringContaining("json"));
+      expect(res.body.pageviews).toBeGreaterThan(lastPageView);
+      lastPageView = res.body.pageviews;
+    }
+  });
+
+  afterAll(() => {
+    memcachedStore.client.end();
+  });
+});
+
+describe("Encrypted session store using preexising memcached client", () => {
+  const { app, memcachedStore } = require("./services/memcached_preexisting_crypt_connection.js");
+  const serverAgent = supertest.agent(app);
+
+  it("GET / should increment views value at each request", async () => {
+    let lastPageView = 0;
+    for (var i = 1; i < 50; i++) {
+      const res = await serverAgent.get("/");
+      expect(res.status).toEqual(200);
+      expect(res.type).toEqual(expect.stringContaining("json"));
+      expect(res.body.pageviews).toBeGreaterThan(lastPageView);
+      expect(memcachedStore.kruptein.crypto).toBe(require("crypto"));
+      lastPageView = res.body.pageviews;
+    }
+  });
+
+  afterAll(() => {
+    memcachedStore.client.end();
+  });
+});

package/.npmignore

@@ -1,2 +0,0 @@
-.idea
-node_modules

package/tests/test.js

@@ -1,34 +0,0 @@
-var express = require("express"),
-  session = require("express-session"),
-  cookieParser = require("cookie-parser"),
-  http = require("http"),
-  app = express(),
-  MemcachedStore = require("../lib/connect-memcached")(session);
-
-app.use(cookieParser());
-app.use(
-  session({
-    secret: "TestSecret",
-    key: "test",
-    proxy: "true",
-    resave: false,
-    saveUninitialized: false,
-    store: new MemcachedStore({
-      hosts: ["127.0.0.1:11211"],
-      prefix: "testapp_"
-    })
-  })
-);
-
-app.get("/", function(req, res) {
-  if (req.session.views) {
-    ++req.session.views;
-  } else {
-    req.session.views = 1;
-  }
-  res.send("Viewed <strong>" + req.session.views + "</strong> times.");
-});
-
-http.createServer(app).listen(9341, function() {
-  console.log("Listening on %d", this.address().port);
-});

package/tests/test_encrypt.js

@@ -1,35 +0,0 @@
-var express = require("express"),
-  session = require("express-session"),
-  cookieParser = require("cookie-parser"),
-  http = require("http"),
-  app = express(),
-  MemcachedStore = require("../lib/connect-memcached")(session);
-
-app.use(cookieParser());
-app.use(
-  session({
-    secret: "TestEncryptSecret",
-    key: "test_encrypt",
-    proxy: "true",
-    resave: false,
-    saveUninitialized: false,
-    store: new MemcachedStore({
-      hosts: ["127.0.0.1:11211"],
-      secret: "Hello there stranger!",
-      prefix: "testapp_encrypt_"
-    })
-  })
-);
-
-app.get("/", function(req, res) {
-  if (req.session.views) {
-    ++req.session.views;
-  } else {
-    req.session.views = 1;
-  }
-  res.send("Viewed <strong>" + req.session.views + "</strong> times.");
-});
-
-http.createServer(app).listen(9341, function() {
-  console.log("Listening on %d", this.address().port);
-});