npm - elm-pages - Versions diffs - 3.0.0-beta.30 → 3.0.0-beta.31 - Mend

elm-pages 3.0.0-beta.30 → 3.0.0-beta.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/src/Server/Session.elm CHANGED Viewed

@@ -1,5 +1,5 @@
 module Server.Session exposing
-    ( withSession
+    ( withSession, withSessionResult
     , NotLoadedReason(..)
     , Session, empty, get, insert, remove, update, withFlash
     )
@@ -59,7 +59,7 @@ still be used to attempt to "unsign" the cookies. So if you have a single secret
         , secrets =
             BackendTask.map List.singleton
                 (Env.expect "SESSION_SECRET2022-09-01")
-        , options = cookieOptions
+        , options = Nothing
         }
 Then you add a second secret
@@ -71,7 +71,7 @@ Then you add a second secret
                 (\newSecret oldSecret -> [ newSecret, oldSecret ])
                 (Env.expect "SESSION_SECRET2022-12-01")
                 (Env.expect "SESSION_SECRET2022-09-01")
-        , options = cookieOptions
+        , options = Nothing
         }
 The new secret (`2022-12-01`) will be used to sign all requests. This API always re-signs using the newest secret in the list
@@ -89,14 +89,14 @@ it will invalidate all cookies signed with that. For example, if we remove our o
         , secrets =
             BackendTask.map List.singleton
                 (Env.expect "SESSION_SECRET2022-12-01")
-        , options = cookieOptions
+        , options = Nothing
         }
 And then a user makes a request but had a session signed with our old secret (`2022-09-01`), the session will be invalid
 (so `withSession` would parse the session for that request as `Nothing`). It's standard for cookies to have an expiration date,
 so there's nothing wrong with an old session expiring (and the browser will eventually delete old cookies), just be aware of that when rotating secrets.
-@docs withSession
+@docs withSession, withSessionResult
 @docs NotLoadedReason
@@ -243,12 +243,32 @@ flashPrefix =
 withSession :
     { name : String
     , secrets : BackendTask error (List String)
-    , options : SetCookie.Options
+    , options : Maybe SetCookie.Options
     }
-    -> (request -> Result NotLoadedReason Session -> BackendTask error ( Session, Response data errorPage ))
+    -> (request -> Session -> BackendTask error ( Session, Response data errorPage ))
     -> Server.Request.Parser request
     -> Server.Request.Parser (BackendTask error (Response data errorPage))
 withSession config toRequest userRequest =
+    withSessionResult config
+        (\request session ->
+            toRequest request
+                (session
+                    |> Result.withDefault empty
+                )
+        )
+        userRequest
+{-| -}
+withSessionResult :
+    { name : String
+    , secrets : BackendTask error (List String)
+    , options : Maybe SetCookie.Options
+    }
+    -> (request -> Result NotLoadedReason Session -> BackendTask error ( Session, Response data errorPage ))
+    -> Server.Request.Parser request
+    -> Server.Request.Parser (BackendTask error (Response data errorPage))
+withSessionResult config toRequest userRequest =
     Server.Request.map2
         (\maybeSessionCookie userRequestData ->
             let
@@ -283,7 +303,7 @@ withSession config toRequest userRequest =
 encodeSessionUpdate :
     { name : String
     , secrets : BackendTask error (List String)
-    , options : SetCookie.Options
+    , options : Maybe SetCookie.Options
     }
     -> (c -> d -> BackendTask error ( Session, Response data errorPage ))
     -> c
@@ -298,7 +318,7 @@ encodeSessionUpdate config toRequest userRequestData sessionResult =
                     (\encoded ->
                         response
                             |> Server.Response.withSetCookieHeader
-                                (SetCookie.setCookie config.name encoded config.options)
+                                (SetCookie.setCookie config.name encoded (config.options |> Maybe.withDefault SetCookie.initOptions))
                     )
                     (sign config.secrets
                         (encodeNonExpiringPairs sessionUpdate)

package/src/Server/SetCookie.elm CHANGED Viewed

@@ -2,7 +2,7 @@ module Server.SetCookie exposing
     ( SetCookie
     , SameSite(..)
     , Options, initOptions
-    , withImmediateExpiration, makeVisibleToJavaScript, nonSecure, setCookie, withDomain, withExpiration, withMaxAge, withPath, withSameSite
+    , withImmediateExpiration, makeVisibleToJavaScript, nonSecure, setCookie, withDomain, withExpiration, withMaxAge, withPath, withoutPath, withSameSite
     , toString
     )
@@ -29,7 +29,7 @@ You can learn more about the basics of cookies in the Web Platform in these help
 @docs Options, initOptions
-@docs withImmediateExpiration, makeVisibleToJavaScript, nonSecure, setCookie, withDomain, withExpiration, withMaxAge, withPath, withSameSite
+@docs withImmediateExpiration, makeVisibleToJavaScript, nonSecure, setCookie, withDomain, withExpiration, withMaxAge, withPath, withoutPath, withSameSite
 ## Internal
@@ -143,7 +143,7 @@ initOptions =
     { expiration = Nothing
     , visibleToJavaScript = False
     , maxAge = Nothing
-    , path = Nothing
+    , path = Just "/"
     , domain = Nothing
     , secure = True
     , sameSite = Nothing
@@ -200,6 +200,14 @@ withPath path builder =
     }
+{-| -}
+withoutPath : Options -> Options
+withoutPath builder =
+    { builder
+        | path = Nothing
+    }
 {-| -}
 withDomain : String -> Options -> Options
 withDomain domain builder =