hono-sessions 0.3.4 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -0
- package/esm/deps.d.ts +2 -1
- package/esm/deps.js +1 -0
- package/esm/src/Middleware.d.ts +1 -1
- package/esm/src/Middleware.js +31 -7
- package/package.json +1 -1
- package/script/deps.d.ts +2 -1
- package/script/deps.js +3 -1
- package/script/src/Middleware.d.ts +1 -1
- package/script/src/Middleware.js +30 -6
package/README.md
CHANGED
|
@@ -169,6 +169,21 @@ import { sessionMiddleware, CookieStore, Session } from 'hono-sessions'
|
|
|
169
169
|
export default app
|
|
170
170
|
```
|
|
171
171
|
|
|
172
|
+
## Troubleshooting
|
|
173
|
+
|
|
174
|
+
### TypeScript errors
|
|
175
|
+
|
|
176
|
+
Hono has a high upgrade frequency, but the API for middleware this library relies on remains largely unchanged between Hono releases. You may experience a TypeScript error if you use this library with the latest version of Hono. In that case, before you load the middleware into your Hono app, you might want to have TypeScript ignore this error:
|
|
177
|
+
|
|
178
|
+
```ts
|
|
179
|
+
// @ts-ignore
|
|
180
|
+
app.use('*', sessionMiddleware({
|
|
181
|
+
// ...
|
|
182
|
+
}))
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
TypeScript should otherwise work normally.
|
|
186
|
+
|
|
172
187
|
## Contributing
|
|
173
188
|
|
|
174
189
|
This package is built Deno-first, so you'll need to have Deno installed in your development environment. See their [website](https://deno.com/) for installation instructions specific to your platform.
|
package/esm/deps.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
export { nanoid } from 'nanoid/async';
|
|
2
|
-
export type {
|
|
2
|
+
export type { Context, MiddlewareHandler } from 'hono';
|
|
3
|
+
export { createMiddleware } from 'hono/factory';
|
|
3
4
|
export { getCookie, setCookie } from 'hono/cookie';
|
|
4
5
|
export type { CookieOptions } from 'hono/utils/cookie';
|
|
5
6
|
export * as Iron from 'iron-webcrypto';
|
package/esm/deps.js
CHANGED
package/esm/src/Middleware.d.ts
CHANGED
|
@@ -9,5 +9,5 @@ interface SessionOptions {
|
|
|
9
9
|
cookieOptions?: CookieOptions;
|
|
10
10
|
sessionCookieName?: string;
|
|
11
11
|
}
|
|
12
|
-
export declare function sessionMiddleware(options: SessionOptions): MiddlewareHandler
|
|
12
|
+
export declare function sessionMiddleware(options: SessionOptions): MiddlewareHandler<any, any, {}>;
|
|
13
13
|
export {};
|
package/esm/src/Middleware.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { nanoid } from '../deps.js';
|
|
2
|
-
import { getCookie, setCookie } from '../deps.js';
|
|
2
|
+
import { getCookie, setCookie, createMiddleware } from '../deps.js';
|
|
3
3
|
import CookieStore from './store/CookieStore.js';
|
|
4
4
|
import { Session, encrypt, decrypt } from '../mod.js';
|
|
5
5
|
export function sessionMiddleware(options) {
|
|
@@ -20,7 +20,7 @@ export function sessionMiddleware(options) {
|
|
|
20
20
|
store.cookieOptions = cookieOptions;
|
|
21
21
|
}
|
|
22
22
|
}
|
|
23
|
-
const middleware = async (c, next) => {
|
|
23
|
+
const middleware = createMiddleware(async (c, next) => {
|
|
24
24
|
const session = new Session;
|
|
25
25
|
let sid = '';
|
|
26
26
|
let session_data;
|
|
@@ -78,16 +78,40 @@ export function sessionMiddleware(options) {
|
|
|
78
78
|
session.updateAccess();
|
|
79
79
|
c.set('session', session);
|
|
80
80
|
await next();
|
|
81
|
-
|
|
81
|
+
const shouldDelete = session.getCache()._delete;
|
|
82
|
+
const shouldRotateSessionKey = c.get("session_key_rotation") === true;
|
|
83
|
+
const storeIsCookieStore = store instanceof CookieStore;
|
|
84
|
+
if (shouldDelete) {
|
|
85
|
+
store instanceof CookieStore
|
|
86
|
+
? await store.deleteSession(c)
|
|
87
|
+
: await store.deleteSession(sid);
|
|
88
|
+
}
|
|
89
|
+
/*
|
|
90
|
+
* Only update session data if we didn't just delete it.
|
|
91
|
+
* If session key rotation is enabled and the store is not a CookieStore,
|
|
92
|
+
* we need to roate the session key by deleting the old session and creating a new one.
|
|
93
|
+
*/
|
|
94
|
+
const shouldRecreateSessionForNonCookieStore = !shouldDelete &&
|
|
95
|
+
!storeIsCookieStore &&
|
|
96
|
+
shouldRotateSessionKey;
|
|
97
|
+
if (shouldRecreateSessionForNonCookieStore) {
|
|
82
98
|
await store.deleteSession(sid);
|
|
83
99
|
sid = await nanoid(21);
|
|
84
100
|
await store.createSession(sid, session.getCache());
|
|
85
101
|
setCookie(c, sessionCookieName, encryptionKey ? await encrypt(encryptionKey, sid) : sid, cookieOptions);
|
|
86
102
|
}
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
103
|
+
/*
|
|
104
|
+
* We skip session data persistence if it was just deleted.
|
|
105
|
+
* Only persist if we didn't just rotate the session key,
|
|
106
|
+
* or the store is a CookieStore (which does not have its session key rotated)
|
|
107
|
+
*/
|
|
108
|
+
const shouldPersistSession = !shouldDelete &&
|
|
109
|
+
(!shouldRotateSessionKey || storeIsCookieStore);
|
|
110
|
+
if (shouldPersistSession) {
|
|
111
|
+
store instanceof CookieStore
|
|
112
|
+
? await store.persistSessionData(c, session.getCache())
|
|
113
|
+
: await store.persistSessionData(sid, session.getCache());
|
|
90
114
|
}
|
|
91
|
-
};
|
|
115
|
+
});
|
|
92
116
|
return middleware;
|
|
93
117
|
}
|
package/package.json
CHANGED
package/script/deps.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
export { nanoid } from 'nanoid/async';
|
|
2
|
-
export type {
|
|
2
|
+
export type { Context, MiddlewareHandler } from 'hono';
|
|
3
|
+
export { createMiddleware } from 'hono/factory';
|
|
3
4
|
export { getCookie, setCookie } from 'hono/cookie';
|
|
4
5
|
export type { CookieOptions } from 'hono/utils/cookie';
|
|
5
6
|
export * as Iron from 'iron-webcrypto';
|
package/script/deps.js
CHANGED
|
@@ -23,9 +23,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.Iron = exports.setCookie = exports.getCookie = exports.nanoid = void 0;
|
|
26
|
+
exports.Iron = exports.setCookie = exports.getCookie = exports.createMiddleware = exports.nanoid = void 0;
|
|
27
27
|
var async_1 = require("nanoid/async");
|
|
28
28
|
Object.defineProperty(exports, "nanoid", { enumerable: true, get: function () { return async_1.nanoid; } });
|
|
29
|
+
var factory_1 = require("hono/factory");
|
|
30
|
+
Object.defineProperty(exports, "createMiddleware", { enumerable: true, get: function () { return factory_1.createMiddleware; } });
|
|
29
31
|
var cookie_1 = require("hono/cookie");
|
|
30
32
|
Object.defineProperty(exports, "getCookie", { enumerable: true, get: function () { return cookie_1.getCookie; } });
|
|
31
33
|
Object.defineProperty(exports, "setCookie", { enumerable: true, get: function () { return cookie_1.setCookie; } });
|
|
@@ -9,5 +9,5 @@ interface SessionOptions {
|
|
|
9
9
|
cookieOptions?: CookieOptions;
|
|
10
10
|
sessionCookieName?: string;
|
|
11
11
|
}
|
|
12
|
-
export declare function sessionMiddleware(options: SessionOptions): MiddlewareHandler
|
|
12
|
+
export declare function sessionMiddleware(options: SessionOptions): MiddlewareHandler<any, any, {}>;
|
|
13
13
|
export {};
|
package/script/src/Middleware.js
CHANGED
|
@@ -26,7 +26,7 @@ function sessionMiddleware(options) {
|
|
|
26
26
|
store.cookieOptions = cookieOptions;
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
|
-
const middleware = async (c, next) => {
|
|
29
|
+
const middleware = (0, deps_js_2.createMiddleware)(async (c, next) => {
|
|
30
30
|
const session = new mod_js_1.Session;
|
|
31
31
|
let sid = '';
|
|
32
32
|
let session_data;
|
|
@@ -84,17 +84,41 @@ function sessionMiddleware(options) {
|
|
|
84
84
|
session.updateAccess();
|
|
85
85
|
c.set('session', session);
|
|
86
86
|
await next();
|
|
87
|
-
|
|
87
|
+
const shouldDelete = session.getCache()._delete;
|
|
88
|
+
const shouldRotateSessionKey = c.get("session_key_rotation") === true;
|
|
89
|
+
const storeIsCookieStore = store instanceof CookieStore_js_1.default;
|
|
90
|
+
if (shouldDelete) {
|
|
91
|
+
store instanceof CookieStore_js_1.default
|
|
92
|
+
? await store.deleteSession(c)
|
|
93
|
+
: await store.deleteSession(sid);
|
|
94
|
+
}
|
|
95
|
+
/*
|
|
96
|
+
* Only update session data if we didn't just delete it.
|
|
97
|
+
* If session key rotation is enabled and the store is not a CookieStore,
|
|
98
|
+
* we need to roate the session key by deleting the old session and creating a new one.
|
|
99
|
+
*/
|
|
100
|
+
const shouldRecreateSessionForNonCookieStore = !shouldDelete &&
|
|
101
|
+
!storeIsCookieStore &&
|
|
102
|
+
shouldRotateSessionKey;
|
|
103
|
+
if (shouldRecreateSessionForNonCookieStore) {
|
|
88
104
|
await store.deleteSession(sid);
|
|
89
105
|
sid = await (0, deps_js_1.nanoid)(21);
|
|
90
106
|
await store.createSession(sid, session.getCache());
|
|
91
107
|
(0, deps_js_2.setCookie)(c, sessionCookieName, encryptionKey ? await (0, mod_js_1.encrypt)(encryptionKey, sid) : sid, cookieOptions);
|
|
92
108
|
}
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
109
|
+
/*
|
|
110
|
+
* We skip session data persistence if it was just deleted.
|
|
111
|
+
* Only persist if we didn't just rotate the session key,
|
|
112
|
+
* or the store is a CookieStore (which does not have its session key rotated)
|
|
113
|
+
*/
|
|
114
|
+
const shouldPersistSession = !shouldDelete &&
|
|
115
|
+
(!shouldRotateSessionKey || storeIsCookieStore);
|
|
116
|
+
if (shouldPersistSession) {
|
|
117
|
+
store instanceof CookieStore_js_1.default
|
|
118
|
+
? await store.persistSessionData(c, session.getCache())
|
|
119
|
+
: await store.persistSessionData(sid, session.getCache());
|
|
96
120
|
}
|
|
97
|
-
};
|
|
121
|
+
});
|
|
98
122
|
return middleware;
|
|
99
123
|
}
|
|
100
124
|
exports.sessionMiddleware = sessionMiddleware;
|