hono-sessions 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -9
- package/esm/src/Crypto.d.ts +1 -1
- package/package.json +2 -2
- package/script/src/Crypto.d.ts +1 -1
package/README.md
CHANGED
|
@@ -1,15 +1,30 @@
|
|
|
1
1
|
# Hono Sessions Middleware
|
|
2
|
-
Use cookie-based sessions with the [Hono](https://hono.dev/) framework.
|
|
2
|
+
Use cookie-based sessions with the [Hono](https://hono.dev/) framework.
|
|
3
|
+
|
|
4
|
+
### Supported runtimes
|
|
5
|
+
|
|
6
|
+
Hono Sessions is currently tested on these runtimes:
|
|
7
|
+
|
|
8
|
+
- Deno
|
|
9
|
+
- Cloudflare Workers
|
|
10
|
+
- Bun
|
|
11
|
+
- Node (v20+)
|
|
12
|
+
|
|
13
|
+
Other runtimes may work, but are untested. In addition to Hono's requirements, the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) is required for this library.
|
|
14
|
+
|
|
15
|
+
If you want to use a backend storage driver (instead of just storing session data in an encrypted cookie), you'll need to use a storage engine provided by Hono Sessions. Right now, those include:
|
|
16
|
+
|
|
17
|
+
- Deno KV
|
|
18
|
+
- Bun SQLite
|
|
3
19
|
|
|
4
20
|
### 🛠️ Features
|
|
5
|
-
- Runs in Deno, Cloudflare Workers, and Bun (possibly others, currently untested)
|
|
6
21
|
- Flash messages — data that is deleted once it's read (one-off error messages, etc.)
|
|
7
22
|
- Built-in Memory and Cookie storage drivers (more coming soon)
|
|
8
23
|
- Encrypted cookies thanks to [iron-webcrypto](https://github.com/brc-dd/iron-webcrypto)
|
|
9
24
|
- Session expiration after inactivity
|
|
10
25
|
- Session key rotation*
|
|
11
26
|
|
|
12
|
-
> *
|
|
27
|
+
> *It is not necessary to rotate CookieStore sessions because of how a pure cookie session works (no server-side state). Therefore, using session key rotation will have no effect while using CookieStore.
|
|
13
28
|
|
|
14
29
|
## Installation and Usage
|
|
15
30
|
|
|
@@ -21,7 +36,7 @@ Simply include the package from `deno.land/x`
|
|
|
21
36
|
import { sessionMiddleware } from 'https://deno.land/x/hono_sessions/mod.ts'
|
|
22
37
|
```
|
|
23
38
|
|
|
24
|
-
### Bun, Cloudflare Workers
|
|
39
|
+
### Node, Bun, Cloudflare Workers, etc.
|
|
25
40
|
|
|
26
41
|
Install the NPM package
|
|
27
42
|
```
|
|
@@ -32,7 +47,7 @@ npm install hono-sessions
|
|
|
32
47
|
|
|
33
48
|
### Deno
|
|
34
49
|
```ts
|
|
35
|
-
import { Hono } from 'https://deno.land/x/hono@v3.
|
|
50
|
+
import { Hono } from 'https://deno.land/x/hono@v3.12.8/mod.ts'
|
|
36
51
|
import {
|
|
37
52
|
Session,
|
|
38
53
|
sessionMiddleware,
|
|
@@ -51,9 +66,11 @@ const store = new CookieStore()
|
|
|
51
66
|
app.use('*', sessionMiddleware({
|
|
52
67
|
store,
|
|
53
68
|
encryptionKey: 'password_at_least_32_characters_long', // Required for CookieStore, recommended for others
|
|
54
|
-
expireAfterSeconds: 900, // Expire session after 15 minutes
|
|
69
|
+
expireAfterSeconds: 900, // Expire session after 15 minutes of inactivity
|
|
55
70
|
cookieOptions: {
|
|
56
|
-
sameSite: 'Lax',
|
|
71
|
+
sameSite: 'Lax', // Recommended for basic CSRF protection in modern browsers
|
|
72
|
+
path: '/', // Required for this library to work properly
|
|
73
|
+
httpOnly: true, // Recommended to avoid XSS attacks
|
|
57
74
|
},
|
|
58
75
|
}))
|
|
59
76
|
|
|
@@ -75,7 +92,7 @@ Deno.serve(app.fetch)
|
|
|
75
92
|
#### Using Deno KV storage driver
|
|
76
93
|
|
|
77
94
|
```ts
|
|
78
|
-
import { Hono } from 'https://deno.land/x/hono@v3.
|
|
95
|
+
import { Hono } from 'https://deno.land/x/hono@v3.12.8/mod.ts'
|
|
79
96
|
import { sessionMiddleware } from 'https://deno.land/x/hono_sessions/mod.ts'
|
|
80
97
|
import { DenoKvStore } from 'https://deno.land/x/hono_sessions/src/store/deno/DenoKvStore.ts'
|
|
81
98
|
|
|
@@ -168,4 +185,4 @@ There's also a [Playwright](https://playwright.dev/) test suite. By default, it
|
|
|
168
185
|
cd playwright
|
|
169
186
|
npm install
|
|
170
187
|
npx playwright test
|
|
171
|
-
```
|
|
188
|
+
```
|
package/esm/src/Crypto.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare function encrypt(password: string, payload:
|
|
1
|
+
export declare function encrypt(password: string, payload: object | string): Promise<string>;
|
|
2
2
|
export declare function decrypt(password: string, encrypted: string): Promise<unknown>;
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"module": "./esm/mod.js",
|
|
3
3
|
"main": "./script/mod.js",
|
|
4
4
|
"name": "hono-sessions",
|
|
5
|
-
"version": "0.3.
|
|
5
|
+
"version": "0.3.4",
|
|
6
6
|
"description": "Cookie-based sessions for Hono web framework",
|
|
7
7
|
"license": "MIT",
|
|
8
8
|
"repository": {
|
|
@@ -27,7 +27,7 @@
|
|
|
27
27
|
}
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"hono": "3.
|
|
30
|
+
"hono": "3.12.8",
|
|
31
31
|
"iron-webcrypto": "0.10.1",
|
|
32
32
|
"nanoid": "4.0.0"
|
|
33
33
|
}
|
package/script/src/Crypto.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare function encrypt(password: string, payload:
|
|
1
|
+
export declare function encrypt(password: string, payload: object | string): Promise<string>;
|
|
2
2
|
export declare function decrypt(password: string, encrypted: string): Promise<unknown>;
|