hono-sessions 0.1.0

package/LICENSE

@@ -0,0 +1,7 @@
+Copyright 2023 Joe Sweeney
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,113 @@
+# Hono Sessions Middleware
+Use cookie-based sessions with the [Hono](https://hono.dev/) framework. Currently tested to work with Cloudflare Workers and Deno.
+
+## Usage
+
+### Cloudflare Workers
+
+```ts
+import { Hono } from 'hono'
+import { sessionMiddleware, CookieStore, Session } from 'hono-sessions'
+
+const store = new CookieStore()
+
+const app = new Hono()
+
+const sessionRoutes = new Hono<{
+  Variables: {
+    session: Session,
+    session_key_rotation: boolean
+  }
+}>()
+
+sessionRoutes.use('*', session({
+  store,
+  expireAfterSeconds: 900 // delete session after 15 minutes of inactivity
+}))
+
+sessionRoutes.post('/login', async (c) => {
+  const session = c.get('session')
+
+  const { email, password } = await c.req.parseBody()
+
+  if (password === 'correct') {
+    c.set('session_key_rotation', true)
+    session.set('email', email)
+    session.set('failed-login-attempts', null)
+    session.flash('message', 'Login Successful')
+  } else {
+    const failedLoginAttempts = (await session.get('failed-login-attempts') || 0) as number
+    session.set('failed-login-attempts', failedLoginAttempts + 1)
+    session.flash('error', 'Incorrect username or password')
+  }
+
+  return c.redirect('/')
+})
+
+sessionRoutes.post('/logout', async (c) => {
+  await c.get('session').deleteSession()
+  return c.redirect('/')
+})
+
+sessionRoutes.get('/', async (c) => {
+  const session = c.get('session')
+
+  const message = await session.get('message') || ''
+  const error = await session.get('error') || ''
+  const failedLoginAttempts = await session.get('failed-login-attempts')
+  const email = await session.get('email')
+
+  return c.html(`<!DOCTYPE html>
+  <html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Hono Sessions</title>
+  </head>
+  <body>
+        <p>
+            ${message}
+        </p>
+        <p>
+            ${error}
+        </p>
+        <p>
+            ${failedLoginAttempts ? `Failed login attempts: ${failedLoginAttempts}` : ''}
+        </p>
+
+        ${email ? 
+        `<form id="logout" action="/logout" method="post">
+            <button name="logout" type="submit">Log out ${email}</button>
+        </form>`
+        : 
+        `<form id="login" action="/login" method="post">
+            <p>
+                <input id="email" name="email" type="text" placeholder="you@email.com">
+            </p>
+            <p>
+                <input id="password" name="password" type="password" placeholder="password">
+            </p>
+            <button name="login" type="submit">Log in</button>
+        </form>` 
+    }
+    </body>
+  </html>`)
+})
+
+app.route('/', sessionRoutes)
+
+export default app
+```
+
+### Deno
+```ts
+import { Hono } from 'https://deno.land/x/hono/mod.ts'
+import { sessionMiddleware, CookieStore, Session } from 'https://deno.land/x/hono_sessions/mod.ts'
+
+// Same as CF Workers, however instead of:
+// export default app
+// use:
+
+Deno.serve(app.fetch)
+```

package/esm/deps/deno.land/std@0.198.0/encoding/base64.d.ts

@@ -0,0 +1,11 @@
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+export declare function encode(data: ArrayBuffer | string): string;
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+export declare function decode(b64: string): Uint8Array;

package/esm/deps/deno.land/std@0.198.0/encoding/base64.js

@@ -0,0 +1,140 @@
+// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+/**
+ * {@linkcode encode} and {@linkcode decode} for
+ * [base64](https://en.wikipedia.org/wiki/Base64) encoding.
+ *
+ * This module is browser compatible.
+ *
+ * @example
+ * ```ts
+ * import {
+ *   decode,
+ *   encode,
+ * } from "https://deno.land/std@$STD_VERSION/encoding/base64.ts";
+ *
+ * const b64Repr = "Zm9vYg==";
+ *
+ * const binaryData = decode(b64Repr);
+ * console.log(binaryData);
+ * // => Uint8Array [ 102, 111, 111, 98 ]
+ *
+ * console.log(encode(binaryData));
+ * // => Zm9vYg==
+ * ```
+ *
+ * @module
+ */
+const base64abc = [
+    "A",
+    "B",
+    "C",
+    "D",
+    "E",
+    "F",
+    "G",
+    "H",
+    "I",
+    "J",
+    "K",
+    "L",
+    "M",
+    "N",
+    "O",
+    "P",
+    "Q",
+    "R",
+    "S",
+    "T",
+    "U",
+    "V",
+    "W",
+    "X",
+    "Y",
+    "Z",
+    "a",
+    "b",
+    "c",
+    "d",
+    "e",
+    "f",
+    "g",
+    "h",
+    "i",
+    "j",
+    "k",
+    "l",
+    "m",
+    "n",
+    "o",
+    "p",
+    "q",
+    "r",
+    "s",
+    "t",
+    "u",
+    "v",
+    "w",
+    "x",
+    "y",
+    "z",
+    "0",
+    "1",
+    "2",
+    "3",
+    "4",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "+",
+    "/",
+];
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+export function encode(data) {
+    const uint8 = typeof data === "string"
+        ? new TextEncoder().encode(data)
+        : data instanceof Uint8Array
+            ? data
+            : new Uint8Array(data);
+    let result = "", i;
+    const l = uint8.length;
+    for (i = 2; i < l; i += 3) {
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)];
+        result += base64abc[uint8[i] & 0x3f];
+    }
+    if (i === l + 1) {
+        // 1 octet yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[(uint8[i - 2] & 0x03) << 4];
+        result += "==";
+    }
+    if (i === l) {
+        // 2 octets yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[(uint8[i - 1] & 0x0f) << 2];
+        result += "=";
+    }
+    return result;
+}
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+export function decode(b64) {
+    const binString = atob(b64);
+    const size = binString.length;
+    const bytes = new Uint8Array(size);
+    for (let i = 0; i < size; i++) {
+        bytes[i] = binString.charCodeAt(i);
+    }
+    return bytes;
+}

package/esm/deps.d.ts

@@ -0,0 +1,4 @@
+export { nanoid } from 'nanoid/async';
+export type { MiddlewareHandler, Context } from 'hono';
+export { getCookie, setCookie } from 'hono/cookie';
+export type { CookieOptions } from 'hono/utils/cookie';

package/esm/deps.js

@@ -0,0 +1,2 @@
+export { nanoid } from 'nanoid/async';
+export { getCookie, setCookie } from 'hono/cookie';

package/esm/mod.d.ts

@@ -0,0 +1,9 @@
+import MemoryStore from './src/store/MemoryStore.js';
+import CookieStore from './src/store/CookieStore.js';
+import { createKeyFromBase64, encryptToBase64, decryptFromBase64 } from './src/Crypto.js';
+import { sessionMiddleware } from './src/Middleware.js';
+import { Session } from './src/Session.js';
+import type { SessionData } from './src/Session.js';
+import Store from './src/store/Store.js';
+export { MemoryStore, CookieStore, sessionMiddleware, createKeyFromBase64, encryptToBase64, decryptFromBase64, Session, };
+export type { SessionData, Store };

package/esm/mod.js

@@ -0,0 +1,6 @@
+import MemoryStore from './src/store/MemoryStore.js';
+import CookieStore from './src/store/CookieStore.js';
+import { createKeyFromBase64, encryptToBase64, decryptFromBase64 } from './src/Crypto.js';
+import { sessionMiddleware } from './src/Middleware.js';
+import { Session } from './src/Session.js';
+export { MemoryStore, CookieStore, sessionMiddleware, createKeyFromBase64, encryptToBase64, decryptFromBase64, Session, };

package/esm/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

package/esm/src/Crypto.d.ts

@@ -0,0 +1,3 @@
+export declare function createKeyFromBase64(key_string: string): Promise<CryptoKey>;
+export declare function decryptFromBase64(key: CryptoKey, base64_string: string): Promise<string>;
+export declare function encryptToBase64(key: CryptoKey, raw_string: string): Promise<string>;

package/esm/src/Crypto.js

@@ -0,0 +1,29 @@
+import { decode, encode, } from "../deps/deno.land/std@0.198.0/encoding/base64.js";
+export async function createKeyFromBase64(key_string) {
+    const key_decoded = decode(key_string);
+    const key = await crypto.subtle.importKey('raw', key_decoded, 'AES-GCM', true, ['encrypt', 'decrypt']);
+    return key;
+}
+export async function decryptFromBase64(key, base64_string) {
+    const payload_bytes = decode(base64_string);
+    const iv = payload_bytes.slice(0, 12);
+    const encrypted_payload_bytes = payload_bytes.slice(12, payload_bytes.length);
+    const decrypted_payload = await crypto.subtle.decrypt({
+        'name': key.algorithm.name,
+        iv
+    }, key, encrypted_payload_bytes);
+    return (new TextDecoder).decode(decrypted_payload);
+}
+export async function encryptToBase64(key, raw_string) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encrypted_payload = await crypto.subtle.encrypt({
+        name: key.algorithm.name,
+        iv
+    }, key, (new TextEncoder).encode(raw_string));
+    const encrypted_payload_bytes = new Uint8Array(encrypted_payload);
+    const payload_bytes = new Uint8Array(encrypted_payload_bytes.length + iv.length);
+    payload_bytes.set(iv);
+    payload_bytes.set(encrypted_payload_bytes, iv.length);
+    const payload_string = encode(payload_bytes);
+    return payload_string;
+}

package/esm/src/Middleware.d.ts

@@ -0,0 +1,13 @@
+import { MiddlewareHandler } from '../deps.js';
+import Store from './store/Store.js';
+import CookieStore from './store/CookieStore.js';
+import { CookieOptions } from '../deps.js';
+interface SessionOptions {
+    store: Store | CookieStore;
+    encryptionKey?: CryptoKey;
+    expireAfterSeconds?: number;
+    cookieOptions?: CookieOptions;
+    sessionCookieName?: string;
+}
+export declare function sessionMiddleware(options: SessionOptions): MiddlewareHandler;
+export {};

package/esm/src/Middleware.js

@@ -0,0 +1,85 @@
+import { nanoid } from '../deps.js';
+import { getCookie, setCookie } from '../deps.js';
+import CookieStore from './store/CookieStore.js';
+import { Session, decryptFromBase64, encryptToBase64 } from '../mod.js';
+export function sessionMiddleware(options) {
+    const store = options.store;
+    const encryptionKey = options.encryptionKey;
+    const expireAfterSeconds = options.expireAfterSeconds;
+    const cookieOptions = options.cookieOptions;
+    const sessionCookieName = options.sessionCookieName || 'session';
+    if (store instanceof CookieStore) {
+        store.sessionCookieName = sessionCookieName;
+        if (encryptionKey) {
+            store.encryptionKey = encryptionKey;
+        }
+        if (cookieOptions) {
+            store.cookieOptions = cookieOptions;
+        }
+    }
+    const middleware = async (c, next) => {
+        const session = new Session;
+        let sid = '';
+        let session_data;
+        let createNewSession = false;
+        const sessionCookie = getCookie(c, sessionCookieName);
+        if (sessionCookie) { // If there is a session cookie present...
+            if (store instanceof CookieStore) {
+                session_data = await store.getSession(c);
+            }
+            else {
+                sid = encryptionKey ? await decryptFromBase64(encryptionKey, sessionCookie) : sessionCookie;
+                session_data = await store.getSessionById(sid);
+            }
+            if (session_data) {
+                session.setCache(session_data);
+                if (session.sessionValid()) {
+                    session.reupSession(expireAfterSeconds);
+                }
+                else {
+                    store instanceof CookieStore ? await store.deleteSession(c) : await store.deleteSession(sid);
+                    createNewSession = true;
+                }
+            }
+            else {
+                createNewSession = true;
+            }
+        }
+        else {
+            createNewSession = true;
+        }
+        if (createNewSession) {
+            const defaultData = {
+                _data: {},
+                _expire: null,
+                _delete: false,
+                _accessed: null,
+            };
+            if (store instanceof CookieStore) {
+                await store.createSession(c, defaultData);
+            }
+            else {
+                sid = await nanoid(21);
+                await store.createSession(sid, defaultData);
+            }
+            session.setCache(defaultData);
+        }
+        if (!(store instanceof CookieStore)) {
+            setCookie(c, sessionCookieName, encryptionKey ? await encryptToBase64(encryptionKey, sid) : sid, cookieOptions);
+        }
+        session.updateAccess();
+        c.set('session', session);
+        await next();
+        if (c.get('session_key_rotation') === true && !(store instanceof CookieStore)) {
+            await store.deleteSession(sid);
+            sid = await nanoid(21);
+            await store.createSession(sid, session.getCache());
+            setCookie(c, sessionCookieName, encryptionKey ? await encryptToBase64(encryptionKey, sid) : sid, cookieOptions);
+        }
+        store instanceof CookieStore ? await store.persistSessionData(c, session.getCache()) : store.persistSessionData(sid, session.getCache());
+        if (session.getCache()._delete) {
+            store instanceof CookieStore ? await store.deleteSession(c) : await store.deleteSession(sid);
+        }
+    };
+    return middleware;
+}

package/esm/src/Session.d.ts

@@ -0,0 +1,25 @@
+interface SessionDataEntry {
+    value: unknown;
+    flash: boolean;
+}
+export interface SessionData {
+    _data: Record<string, SessionDataEntry>;
+    _expire: string | null;
+    _delete: boolean;
+    _accessed: string | null;
+}
+export declare class Session {
+    private cache;
+    constructor();
+    setCache(cache_data: SessionData): void;
+    getCache(): SessionData;
+    setExpiration(expiration: string): void;
+    reupSession(expiration: number | null | undefined): void;
+    deleteSession(): void;
+    sessionValid(): boolean;
+    updateAccess(): void;
+    get(key: string): unknown;
+    set(key: string, value: unknown): void;
+    flash(key: string, value: unknown): void;
+}
+export {};

package/esm/src/Session.js

@@ -0,0 +1,64 @@
+export class Session {
+    constructor() {
+        Object.defineProperty(this, "cache", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.cache = {
+            _data: {},
+            _expire: null,
+            _delete: false,
+            _accessed: null,
+        };
+    }
+    setCache(cache_data) {
+        this.cache = cache_data;
+    }
+    getCache() {
+        return this.cache;
+    }
+    setExpiration(expiration) {
+        this.cache._expire = expiration;
+    }
+    reupSession(expiration) {
+        if (expiration) {
+            this.setExpiration(new Date(Date.now() + expiration * 1000).toISOString());
+        }
+    }
+    deleteSession() {
+        this.cache._delete = true;
+    }
+    sessionValid() {
+        return this.cache._expire == null || Date.now() < new Date(this.cache._expire).getTime();
+    }
+    updateAccess() {
+        this.cache._accessed = new Date().toISOString();
+    }
+    get(key) {
+        const entry = this.cache._data[key];
+        if (entry) {
+            const value = entry.value;
+            if (entry.flash) {
+                delete this.cache._data[key];
+            }
+            return value;
+        }
+        else {
+            return null;
+        }
+    }
+    set(key, value) {
+        this.cache._data[key] = {
+            value,
+            flash: false
+        };
+    }
+    flash(key, value) {
+        this.cache._data[key] = {
+            value,
+            flash: true
+        };
+    }
+}

package/esm/src/store/CookieStore.d.ts

@@ -0,0 +1,18 @@
+import { Context, CookieOptions } from '../../deps.js';
+import { SessionData } from '../../mod.js';
+interface CookieStoreOptions {
+    encryptionKey?: CryptoKey | null;
+    cookieOptions?: CookieOptions;
+    sessionCookieName: string;
+}
+declare class CookieStore {
+    encryptionKey: CryptoKey | null | undefined;
+    cookieOptions: CookieOptions | undefined;
+    sessionCookieName: string;
+    constructor(options?: CookieStoreOptions);
+    getSession(c: Context): Promise<any>;
+    createSession(c: Context, initial_data: SessionData): Promise<void>;
+    deleteSession(c: Context): Promise<void>;
+    persistSessionData(c: Context, session_data: SessionData): Promise<void>;
+}
+export default CookieStore;

package/esm/src/store/CookieStore.js

@@ -0,0 +1,52 @@
+import { getCookie, setCookie } from '../../deps.js';
+import { decryptFromBase64, encryptToBase64 } from '../../mod.js';
+class CookieStore {
+    constructor(options) {
+        Object.defineProperty(this, "encryptionKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "cookieOptions", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "sessionCookieName", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.encryptionKey = options?.encryptionKey;
+        this.cookieOptions = options?.cookieOptions;
+        this.sessionCookieName = options?.sessionCookieName || 'session';
+    }
+    async getSession(c) {
+        let session_data;
+        const sessionCookie = getCookie(c, this.sessionCookieName);
+        if (this.encryptionKey && sessionCookie) {
+            session_data = await decryptFromBase64(this.encryptionKey, sessionCookie);
+            if (session_data) {
+                return JSON.parse(session_data);
+            }
+        }
+        else {
+            return null;
+        }
+    }
+    async createSession(c, initial_data) {
+        const stringified_data = JSON.stringify(initial_data);
+        setCookie(c, this.sessionCookieName, this.encryptionKey ? await encryptToBase64(this.encryptionKey, stringified_data) : stringified_data, this.cookieOptions);
+    }
+    async deleteSession(c) {
+        setCookie(c, this.sessionCookieName, this.encryptionKey ? await encryptToBase64(this.encryptionKey, '') : '', this.cookieOptions);
+    }
+    async persistSessionData(c, session_data) {
+        const stringified_data = JSON.stringify(session_data);
+        setCookie(c, this.sessionCookieName, this.encryptionKey ? await encryptToBase64(this.encryptionKey, stringified_data) : stringified_data, this.cookieOptions);
+    }
+}
+export default CookieStore;

package/esm/src/store/MemoryStore.d.ts

@@ -0,0 +1,11 @@
+import Store from './Store.js';
+import { SessionData } from '../../mod.js';
+declare class MemoryStore implements Store {
+    private data;
+    constructor();
+    getSessionById(sid: string): SessionData | null | undefined;
+    createSession(sid: string, initial_data: SessionData): void;
+    deleteSession(sid: string): void;
+    persistSessionData(sid: string, session_data: SessionData): void;
+}
+export default MemoryStore;

package/esm/src/store/MemoryStore.js

@@ -0,0 +1,24 @@
+class MemoryStore {
+    constructor() {
+        Object.defineProperty(this, "data", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.data = new Map;
+    }
+    getSessionById(sid) {
+        return this.data.has(sid) ? this.data.get(sid) : null;
+    }
+    createSession(sid, initial_data) {
+        this.data.set(sid, initial_data);
+    }
+    deleteSession(sid) {
+        this.data.delete(sid);
+    }
+    persistSessionData(sid, session_data) {
+        this.data.set(sid, session_data);
+    }
+}
+export default MemoryStore;

package/esm/src/store/Store.d.ts

@@ -0,0 +1,7 @@
+import { SessionData } from "../../mod.js";
+export default interface Store {
+    getSessionById(sessionId?: string): SessionData | null | undefined | Promise<SessionData | null | undefined>;
+    createSession(sessionId: string, initialData: SessionData): Promise<void> | void;
+    persistSessionData(sessionId: string, sessionData: SessionData): Promise<void> | void;
+    deleteSession(sessionId: string): Promise<void> | void;
+}

package/esm/src/store/Store.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,31 @@
+{
+  "module": "./esm/mod.js",
+  "main": "./script/mod.js",
+  "name": "hono-sessions",
+  "version": "0.1.0",
+  "description": "Cookie-based sessions for Hono web framework",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jcs224/hono_sessions.git"
+  },
+  "bugs": {
+    "url": "https://github.com/jcs224/hono_sessions/issues"
+  },
+  "exports": {
+    ".": {
+      "import": "./esm/mod.js",
+      "require": "./script/mod.js"
+    }
+  },
+  "scripts": {
+    "test": "node test_runner.js"
+  },
+  "dependencies": {
+    "hono": "^3.5.1",
+    "nanoid": "4.0.0"
+  },
+  "devDependencies": {
+    "picocolors": "^1.0.0"
+  }
+}

package/script/deps/deno.land/std@0.198.0/encoding/base64.d.ts

@@ -0,0 +1,11 @@
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+export declare function encode(data: ArrayBuffer | string): string;
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+export declare function decode(b64: string): Uint8Array;

package/script/deps/deno.land/std@0.198.0/encoding/base64.js

@@ -0,0 +1,145 @@
+"use strict";
+// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decode = exports.encode = void 0;
+/**
+ * {@linkcode encode} and {@linkcode decode} for
+ * [base64](https://en.wikipedia.org/wiki/Base64) encoding.
+ *
+ * This module is browser compatible.
+ *
+ * @example
+ * ```ts
+ * import {
+ *   decode,
+ *   encode,
+ * } from "https://deno.land/std@$STD_VERSION/encoding/base64.ts";
+ *
+ * const b64Repr = "Zm9vYg==";
+ *
+ * const binaryData = decode(b64Repr);
+ * console.log(binaryData);
+ * // => Uint8Array [ 102, 111, 111, 98 ]
+ *
+ * console.log(encode(binaryData));
+ * // => Zm9vYg==
+ * ```
+ *
+ * @module
+ */
+const base64abc = [
+    "A",
+    "B",
+    "C",
+    "D",
+    "E",
+    "F",
+    "G",
+    "H",
+    "I",
+    "J",
+    "K",
+    "L",
+    "M",
+    "N",
+    "O",
+    "P",
+    "Q",
+    "R",
+    "S",
+    "T",
+    "U",
+    "V",
+    "W",
+    "X",
+    "Y",
+    "Z",
+    "a",
+    "b",
+    "c",
+    "d",
+    "e",
+    "f",
+    "g",
+    "h",
+    "i",
+    "j",
+    "k",
+    "l",
+    "m",
+    "n",
+    "o",
+    "p",
+    "q",
+    "r",
+    "s",
+    "t",
+    "u",
+    "v",
+    "w",
+    "x",
+    "y",
+    "z",
+    "0",
+    "1",
+    "2",
+    "3",
+    "4",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "+",
+    "/",
+];
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+function encode(data) {
+    const uint8 = typeof data === "string"
+        ? new TextEncoder().encode(data)
+        : data instanceof Uint8Array
+            ? data
+            : new Uint8Array(data);
+    let result = "", i;
+    const l = uint8.length;
+    for (i = 2; i < l; i += 3) {
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)];
+        result += base64abc[uint8[i] & 0x3f];
+    }
+    if (i === l + 1) {
+        // 1 octet yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[(uint8[i - 2] & 0x03) << 4];
+        result += "==";
+    }
+    if (i === l) {
+        // 2 octets yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[(uint8[i - 1] & 0x0f) << 2];
+        result += "=";
+    }
+    return result;
+}
+exports.encode = encode;
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+function decode(b64) {
+    const binString = atob(b64);
+    const size = binString.length;
+    const bytes = new Uint8Array(size);
+    for (let i = 0; i < size; i++) {
+        bytes[i] = binString.charCodeAt(i);
+    }
+    return bytes;
+}
+exports.decode = decode;

package/script/deps.d.ts

@@ -0,0 +1,4 @@
+export { nanoid } from 'nanoid/async';
+export type { MiddlewareHandler, Context } from 'hono';
+export { getCookie, setCookie } from 'hono/cookie';
+export type { CookieOptions } from 'hono/utils/cookie';

package/script/deps.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setCookie = exports.getCookie = exports.nanoid = void 0;
+var async_1 = require("nanoid/async");
+Object.defineProperty(exports, "nanoid", { enumerable: true, get: function () { return async_1.nanoid; } });
+var cookie_1 = require("hono/cookie");
+Object.defineProperty(exports, "getCookie", { enumerable: true, get: function () { return cookie_1.getCookie; } });
+Object.defineProperty(exports, "setCookie", { enumerable: true, get: function () { return cookie_1.setCookie; } });

package/script/mod.d.ts

@@ -0,0 +1,9 @@
+import MemoryStore from './src/store/MemoryStore.js';
+import CookieStore from './src/store/CookieStore.js';
+import { createKeyFromBase64, encryptToBase64, decryptFromBase64 } from './src/Crypto.js';
+import { sessionMiddleware } from './src/Middleware.js';
+import { Session } from './src/Session.js';
+import type { SessionData } from './src/Session.js';
+import Store from './src/store/Store.js';
+export { MemoryStore, CookieStore, sessionMiddleware, createKeyFromBase64, encryptToBase64, decryptFromBase64, Session, };
+export type { SessionData, Store };

package/script/mod.js

@@ -0,0 +1,18 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Session = exports.decryptFromBase64 = exports.encryptToBase64 = exports.createKeyFromBase64 = exports.sessionMiddleware = exports.CookieStore = exports.MemoryStore = void 0;
+const MemoryStore_js_1 = __importDefault(require("./src/store/MemoryStore.js"));
+exports.MemoryStore = MemoryStore_js_1.default;
+const CookieStore_js_1 = __importDefault(require("./src/store/CookieStore.js"));
+exports.CookieStore = CookieStore_js_1.default;
+const Crypto_js_1 = require("./src/Crypto.js");
+Object.defineProperty(exports, "createKeyFromBase64", { enumerable: true, get: function () { return Crypto_js_1.createKeyFromBase64; } });
+Object.defineProperty(exports, "encryptToBase64", { enumerable: true, get: function () { return Crypto_js_1.encryptToBase64; } });
+Object.defineProperty(exports, "decryptFromBase64", { enumerable: true, get: function () { return Crypto_js_1.decryptFromBase64; } });
+const Middleware_js_1 = require("./src/Middleware.js");
+Object.defineProperty(exports, "sessionMiddleware", { enumerable: true, get: function () { return Middleware_js_1.sessionMiddleware; } });
+const Session_js_1 = require("./src/Session.js");
+Object.defineProperty(exports, "Session", { enumerable: true, get: function () { return Session_js_1.Session; } });

package/script/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "commonjs"
+}

package/script/src/Crypto.d.ts

@@ -0,0 +1,3 @@
+export declare function createKeyFromBase64(key_string: string): Promise<CryptoKey>;
+export declare function decryptFromBase64(key: CryptoKey, base64_string: string): Promise<string>;
+export declare function encryptToBase64(key: CryptoKey, raw_string: string): Promise<string>;

package/script/src/Crypto.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptToBase64 = exports.decryptFromBase64 = exports.createKeyFromBase64 = void 0;
+const base64_js_1 = require("../deps/deno.land/std@0.198.0/encoding/base64.js");
+async function createKeyFromBase64(key_string) {
+    const key_decoded = (0, base64_js_1.decode)(key_string);
+    const key = await crypto.subtle.importKey('raw', key_decoded, 'AES-GCM', true, ['encrypt', 'decrypt']);
+    return key;
+}
+exports.createKeyFromBase64 = createKeyFromBase64;
+async function decryptFromBase64(key, base64_string) {
+    const payload_bytes = (0, base64_js_1.decode)(base64_string);
+    const iv = payload_bytes.slice(0, 12);
+    const encrypted_payload_bytes = payload_bytes.slice(12, payload_bytes.length);
+    const decrypted_payload = await crypto.subtle.decrypt({
+        'name': key.algorithm.name,
+        iv
+    }, key, encrypted_payload_bytes);
+    return (new TextDecoder).decode(decrypted_payload);
+}
+exports.decryptFromBase64 = decryptFromBase64;
+async function encryptToBase64(key, raw_string) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encrypted_payload = await crypto.subtle.encrypt({
+        name: key.algorithm.name,
+        iv
+    }, key, (new TextEncoder).encode(raw_string));
+    const encrypted_payload_bytes = new Uint8Array(encrypted_payload);
+    const payload_bytes = new Uint8Array(encrypted_payload_bytes.length + iv.length);
+    payload_bytes.set(iv);
+    payload_bytes.set(encrypted_payload_bytes, iv.length);
+    const payload_string = (0, base64_js_1.encode)(payload_bytes);
+    return payload_string;
+}
+exports.encryptToBase64 = encryptToBase64;

package/script/src/Middleware.d.ts

@@ -0,0 +1,13 @@
+import { MiddlewareHandler } from '../deps.js';
+import Store from './store/Store.js';
+import CookieStore from './store/CookieStore.js';
+import { CookieOptions } from '../deps.js';
+interface SessionOptions {
+    store: Store | CookieStore;
+    encryptionKey?: CryptoKey;
+    expireAfterSeconds?: number;
+    cookieOptions?: CookieOptions;
+    sessionCookieName?: string;
+}
+export declare function sessionMiddleware(options: SessionOptions): MiddlewareHandler;
+export {};

package/script/src/Middleware.js

@@ -0,0 +1,92 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sessionMiddleware = void 0;
+const deps_js_1 = require("../deps.js");
+const deps_js_2 = require("../deps.js");
+const CookieStore_js_1 = __importDefault(require("./store/CookieStore.js"));
+const mod_js_1 = require("../mod.js");
+function sessionMiddleware(options) {
+    const store = options.store;
+    const encryptionKey = options.encryptionKey;
+    const expireAfterSeconds = options.expireAfterSeconds;
+    const cookieOptions = options.cookieOptions;
+    const sessionCookieName = options.sessionCookieName || 'session';
+    if (store instanceof CookieStore_js_1.default) {
+        store.sessionCookieName = sessionCookieName;
+        if (encryptionKey) {
+            store.encryptionKey = encryptionKey;
+        }
+        if (cookieOptions) {
+            store.cookieOptions = cookieOptions;
+        }
+    }
+    const middleware = async (c, next) => {
+        const session = new mod_js_1.Session;
+        let sid = '';
+        let session_data;
+        let createNewSession = false;
+        const sessionCookie = (0, deps_js_2.getCookie)(c, sessionCookieName);
+        if (sessionCookie) { // If there is a session cookie present...
+            if (store instanceof CookieStore_js_1.default) {
+                session_data = await store.getSession(c);
+            }
+            else {
+                sid = encryptionKey ? await (0, mod_js_1.decryptFromBase64)(encryptionKey, sessionCookie) : sessionCookie;
+                session_data = await store.getSessionById(sid);
+            }
+            if (session_data) {
+                session.setCache(session_data);
+                if (session.sessionValid()) {
+                    session.reupSession(expireAfterSeconds);
+                }
+                else {
+                    store instanceof CookieStore_js_1.default ? await store.deleteSession(c) : await store.deleteSession(sid);
+                    createNewSession = true;
+                }
+            }
+            else {
+                createNewSession = true;
+            }
+        }
+        else {
+            createNewSession = true;
+        }
+        if (createNewSession) {
+            const defaultData = {
+                _data: {},
+                _expire: null,
+                _delete: false,
+                _accessed: null,
+            };
+            if (store instanceof CookieStore_js_1.default) {
+                await store.createSession(c, defaultData);
+            }
+            else {
+                sid = await (0, deps_js_1.nanoid)(21);
+                await store.createSession(sid, defaultData);
+            }
+            session.setCache(defaultData);
+        }
+        if (!(store instanceof CookieStore_js_1.default)) {
+            (0, deps_js_2.setCookie)(c, sessionCookieName, encryptionKey ? await (0, mod_js_1.encryptToBase64)(encryptionKey, sid) : sid, cookieOptions);
+        }
+        session.updateAccess();
+        c.set('session', session);
+        await next();
+        if (c.get('session_key_rotation') === true && !(store instanceof CookieStore_js_1.default)) {
+            await store.deleteSession(sid);
+            sid = await (0, deps_js_1.nanoid)(21);
+            await store.createSession(sid, session.getCache());
+            (0, deps_js_2.setCookie)(c, sessionCookieName, encryptionKey ? await (0, mod_js_1.encryptToBase64)(encryptionKey, sid) : sid, cookieOptions);
+        }
+        store instanceof CookieStore_js_1.default ? await store.persistSessionData(c, session.getCache()) : store.persistSessionData(sid, session.getCache());
+        if (session.getCache()._delete) {
+            store instanceof CookieStore_js_1.default ? await store.deleteSession(c) : await store.deleteSession(sid);
+        }
+    };
+    return middleware;
+}
+exports.sessionMiddleware = sessionMiddleware;

package/script/src/Session.d.ts

@@ -0,0 +1,25 @@
+interface SessionDataEntry {
+    value: unknown;
+    flash: boolean;
+}
+export interface SessionData {
+    _data: Record<string, SessionDataEntry>;
+    _expire: string | null;
+    _delete: boolean;
+    _accessed: string | null;
+}
+export declare class Session {
+    private cache;
+    constructor();
+    setCache(cache_data: SessionData): void;
+    getCache(): SessionData;
+    setExpiration(expiration: string): void;
+    reupSession(expiration: number | null | undefined): void;
+    deleteSession(): void;
+    sessionValid(): boolean;
+    updateAccess(): void;
+    get(key: string): unknown;
+    set(key: string, value: unknown): void;
+    flash(key: string, value: unknown): void;
+}
+export {};

package/script/src/Session.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Session = void 0;
+class Session {
+    constructor() {
+        Object.defineProperty(this, "cache", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.cache = {
+            _data: {},
+            _expire: null,
+            _delete: false,
+            _accessed: null,
+        };
+    }
+    setCache(cache_data) {
+        this.cache = cache_data;
+    }
+    getCache() {
+        return this.cache;
+    }
+    setExpiration(expiration) {
+        this.cache._expire = expiration;
+    }
+    reupSession(expiration) {
+        if (expiration) {
+            this.setExpiration(new Date(Date.now() + expiration * 1000).toISOString());
+        }
+    }
+    deleteSession() {
+        this.cache._delete = true;
+    }
+    sessionValid() {
+        return this.cache._expire == null || Date.now() < new Date(this.cache._expire).getTime();
+    }
+    updateAccess() {
+        this.cache._accessed = new Date().toISOString();
+    }
+    get(key) {
+        const entry = this.cache._data[key];
+        if (entry) {
+            const value = entry.value;
+            if (entry.flash) {
+                delete this.cache._data[key];
+            }
+            return value;
+        }
+        else {
+            return null;
+        }
+    }
+    set(key, value) {
+        this.cache._data[key] = {
+            value,
+            flash: false
+        };
+    }
+    flash(key, value) {
+        this.cache._data[key] = {
+            value,
+            flash: true
+        };
+    }
+}
+exports.Session = Session;

package/script/src/store/CookieStore.d.ts

@@ -0,0 +1,18 @@
+import { Context, CookieOptions } from '../../deps.js';
+import { SessionData } from '../../mod.js';
+interface CookieStoreOptions {
+    encryptionKey?: CryptoKey | null;
+    cookieOptions?: CookieOptions;
+    sessionCookieName: string;
+}
+declare class CookieStore {
+    encryptionKey: CryptoKey | null | undefined;
+    cookieOptions: CookieOptions | undefined;
+    sessionCookieName: string;
+    constructor(options?: CookieStoreOptions);
+    getSession(c: Context): Promise<any>;
+    createSession(c: Context, initial_data: SessionData): Promise<void>;
+    deleteSession(c: Context): Promise<void>;
+    persistSessionData(c: Context, session_data: SessionData): Promise<void>;
+}
+export default CookieStore;

package/script/src/store/CookieStore.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const deps_js_1 = require("../../deps.js");
+const mod_js_1 = require("../../mod.js");
+class CookieStore {
+    constructor(options) {
+        Object.defineProperty(this, "encryptionKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "cookieOptions", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "sessionCookieName", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.encryptionKey = options?.encryptionKey;
+        this.cookieOptions = options?.cookieOptions;
+        this.sessionCookieName = options?.sessionCookieName || 'session';
+    }
+    async getSession(c) {
+        let session_data;
+        const sessionCookie = (0, deps_js_1.getCookie)(c, this.sessionCookieName);
+        if (this.encryptionKey && sessionCookie) {
+            session_data = await (0, mod_js_1.decryptFromBase64)(this.encryptionKey, sessionCookie);
+            if (session_data) {
+                return JSON.parse(session_data);
+            }
+        }
+        else {
+            return null;
+        }
+    }
+    async createSession(c, initial_data) {
+        const stringified_data = JSON.stringify(initial_data);
+        (0, deps_js_1.setCookie)(c, this.sessionCookieName, this.encryptionKey ? await (0, mod_js_1.encryptToBase64)(this.encryptionKey, stringified_data) : stringified_data, this.cookieOptions);
+    }
+    async deleteSession(c) {
+        (0, deps_js_1.setCookie)(c, this.sessionCookieName, this.encryptionKey ? await (0, mod_js_1.encryptToBase64)(this.encryptionKey, '') : '', this.cookieOptions);
+    }
+    async persistSessionData(c, session_data) {
+        const stringified_data = JSON.stringify(session_data);
+        (0, deps_js_1.setCookie)(c, this.sessionCookieName, this.encryptionKey ? await (0, mod_js_1.encryptToBase64)(this.encryptionKey, stringified_data) : stringified_data, this.cookieOptions);
+    }
+}
+exports.default = CookieStore;

package/script/src/store/MemoryStore.d.ts

@@ -0,0 +1,11 @@
+import Store from './Store.js';
+import { SessionData } from '../../mod.js';
+declare class MemoryStore implements Store {
+    private data;
+    constructor();
+    getSessionById(sid: string): SessionData | null | undefined;
+    createSession(sid: string, initial_data: SessionData): void;
+    deleteSession(sid: string): void;
+    persistSessionData(sid: string, session_data: SessionData): void;
+}
+export default MemoryStore;

package/script/src/store/MemoryStore.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+class MemoryStore {
+    constructor() {
+        Object.defineProperty(this, "data", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.data = new Map;
+    }
+    getSessionById(sid) {
+        return this.data.has(sid) ? this.data.get(sid) : null;
+    }
+    createSession(sid, initial_data) {
+        this.data.set(sid, initial_data);
+    }
+    deleteSession(sid) {
+        this.data.delete(sid);
+    }
+    persistSessionData(sid, session_data) {
+        this.data.set(sid, session_data);
+    }
+}
+exports.default = MemoryStore;

package/script/src/store/Store.d.ts

@@ -0,0 +1,7 @@
+import { SessionData } from "../../mod.js";
+export default interface Store {
+    getSessionById(sessionId?: string): SessionData | null | undefined | Promise<SessionData | null | undefined>;
+    createSession(sessionId: string, initialData: SessionData): Promise<void> | void;
+    persistSessionData(sessionId: string, sessionData: SessionData): Promise<void> | void;
+    deleteSession(sessionId: string): Promise<void> | void;
+}

package/script/src/store/Store.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });