hono-sessions 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -8
- package/esm/src/Middleware.js +1 -1
- package/package.json +1 -1
- package/script/src/Middleware.js +1 -1
package/README.md
CHANGED
|
@@ -6,6 +6,8 @@ Use cookie-based sessions with the [Hono](https://hono.dev/) framework. Currentl
|
|
|
6
6
|
- Flash messages — data that is deleted once it's read (one-off error messages, etc.)
|
|
7
7
|
- Built-in Memory and Cookie storage drivers (more coming soon)
|
|
8
8
|
- Encrypted cookies thanks to [iron-webcrypto](https://github.com/brc-dd/iron-webcrypto)
|
|
9
|
+
- Session expiration after inactivity
|
|
10
|
+
- Session key rotation, for mitigating session fixation attacks
|
|
9
11
|
|
|
10
12
|
## Usage
|
|
11
13
|
|
|
@@ -50,7 +52,7 @@ sessionRoutes.post('/login', async (c) => {
|
|
|
50
52
|
session.set('failed-login-attempts', null)
|
|
51
53
|
session.flash('message', 'Login Successful')
|
|
52
54
|
} else {
|
|
53
|
-
const failedLoginAttempts = (
|
|
55
|
+
const failedLoginAttempts = (session.get('failed-login-attempts') || 0) as number
|
|
54
56
|
session.set('failed-login-attempts', failedLoginAttempts + 1)
|
|
55
57
|
session.flash('error', 'Incorrect username or password')
|
|
56
58
|
}
|
|
@@ -58,18 +60,18 @@ sessionRoutes.post('/login', async (c) => {
|
|
|
58
60
|
return c.redirect('/')
|
|
59
61
|
})
|
|
60
62
|
|
|
61
|
-
sessionRoutes.post('/logout',
|
|
62
|
-
|
|
63
|
+
sessionRoutes.post('/logout', (c) => {
|
|
64
|
+
c.get('session').deleteSession()
|
|
63
65
|
return c.redirect('/')
|
|
64
66
|
})
|
|
65
67
|
|
|
66
|
-
sessionRoutes.get('/',
|
|
68
|
+
sessionRoutes.get('/', (c) => {
|
|
67
69
|
const session = c.get('session')
|
|
68
70
|
|
|
69
|
-
const message =
|
|
70
|
-
const error =
|
|
71
|
-
const failedLoginAttempts =
|
|
72
|
-
const email =
|
|
71
|
+
const message = session.get('message') || ''
|
|
72
|
+
const error = session.get('error') || ''
|
|
73
|
+
const failedLoginAttempts = session.get('failed-login-attempts')
|
|
74
|
+
const email = session.get('email')
|
|
73
75
|
|
|
74
76
|
return c.html(`<!DOCTYPE html>
|
|
75
77
|
<html lang="en">
|
|
@@ -127,4 +129,14 @@ import { sessionMiddleware, CookieStore, Session } from 'https://deno.land/x/hon
|
|
|
127
129
|
// use:
|
|
128
130
|
|
|
129
131
|
Deno.serve(app.fetch)
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
## Contributing
|
|
135
|
+
|
|
136
|
+
This package is built Deno-first, so you'll need to have Deno installed in your development environment. See their [website](https://deno.com/) for installation instructions specific to your platform.
|
|
137
|
+
|
|
138
|
+
Once Deno is installed, there is a test server you can run a basic web server to check your changes:
|
|
139
|
+
|
|
140
|
+
```
|
|
141
|
+
deno run --allow-net --watch test/server_deno.ts
|
|
130
142
|
```
|
package/esm/src/Middleware.js
CHANGED
|
@@ -79,7 +79,7 @@ export function sessionMiddleware(options) {
|
|
|
79
79
|
await store.createSession(sid, session.getCache());
|
|
80
80
|
setCookie(c, sessionCookieName, encryptionKey ? await encrypt(encryptionKey, sid) : sid, cookieOptions);
|
|
81
81
|
}
|
|
82
|
-
store instanceof CookieStore ? await store.persistSessionData(c, session.getCache()) : store.persistSessionData(sid, session.getCache());
|
|
82
|
+
store instanceof CookieStore ? await store.persistSessionData(c, session.getCache()) : await store.persistSessionData(sid, session.getCache());
|
|
83
83
|
if (session.getCache()._delete) {
|
|
84
84
|
store instanceof CookieStore ? await store.deleteSession(c) : await store.deleteSession(sid);
|
|
85
85
|
}
|
package/package.json
CHANGED
package/script/src/Middleware.js
CHANGED
|
@@ -85,7 +85,7 @@ function sessionMiddleware(options) {
|
|
|
85
85
|
await store.createSession(sid, session.getCache());
|
|
86
86
|
(0, deps_js_2.setCookie)(c, sessionCookieName, encryptionKey ? await (0, mod_js_1.encrypt)(encryptionKey, sid) : sid, cookieOptions);
|
|
87
87
|
}
|
|
88
|
-
store instanceof CookieStore_js_1.default ? await store.persistSessionData(c, session.getCache()) : store.persistSessionData(sid, session.getCache());
|
|
88
|
+
store instanceof CookieStore_js_1.default ? await store.persistSessionData(c, session.getCache()) : await store.persistSessionData(sid, session.getCache());
|
|
89
89
|
if (session.getCache()._delete) {
|
|
90
90
|
store instanceof CookieStore_js_1.default ? await store.deleteSession(c) : await store.deleteSession(sid);
|
|
91
91
|
}
|