		@@ -6,45 +6,27 @@ 'use strict';
		});
		var cookieName = exports.cookieName = function cookieName(_ref) {
		var production = _ref.production;
		return production ? 'buffer_session' : 'local_buffer_session';
		};
		const cookieName = exports.cookieName = ({ production }) => production ? 'buffer_session' : 'local_buffer_session';

		var cookieDomain = exports.cookieDomain = function cookieDomain(_ref2) {
		var production = _ref2.production;
		return production ? '.buffer.com' : '.local.buffer.com';
		};
		const cookieDomain = exports.cookieDomain = ({ production }) => production ? '.buffer.com' : '.local.buffer.com';

		var getCookie = exports.getCookie = function getCookie(_ref3) {
		var req = _ref3.req,
		name = _ref3.name;
		return req.cookies[name];
		};
		const getCookie = exports.getCookie = ({ req, name }) => req.cookies[name];

		var writeCookie = exports.writeCookie = function writeCookie(_ref4) {
		var name = _ref4.name,
		value = _ref4.value,
		domain = _ref4.domain,
		_ref4$maxAge = _ref4.maxAge,
		maxAge = _ref4$maxAge === undefined ? 365 * 24 * 60 * 60 * 1000 : _ref4$maxAge,
		_ref4$httpOnly = _ref4.httpOnly,
		httpOnly = _ref4$httpOnly === undefined ? true : _ref4$httpOnly,
		_ref4$secure = _ref4.secure,
		secure = _ref4$secure === undefined ? true : _ref4$secure,
		res = _ref4.res;

		const writeCookie = exports.writeCookie = ({
		name,
		value,
		domain,
		maxAge = 365 * 24 * 60 * 60 * 1000,
		httpOnly = true,
		secure = true,
		res
		}) => {
		res.cookie(name, value, {
		domain: domain,
		maxAge: maxAge,
		httpOnly: httpOnly,
		secure: secure
		domain,
		maxAge,
		httpOnly,
		secure
		});
		};

		var destroyCookie = exports.destroyCookie = function destroyCookie(_ref5) {
		var name = _ref5.name,
		domain = _ref5.domain,
		res = _ref5.res;
		return res.clearCookie(name, {
		domain: domain
		});
		};
		const destroyCookie = exports.destroyCookie = ({ name, domain, res }) => res.clearCookie(name, {
		domain
		});

lib/index.js

		@@ -6,3 +6,2 @@ 'use strict';
		});
		exports.validateSessionMiddleware = exports.setRequestSessionMiddleware = exports.destroyCookie = exports.writeCookie = exports.getCookie = exports.cookieDomain = exports.cookieName = exports.sessionServiceUrl = exports.loginServiceUrl = exports.logoutUrl = exports.sessionClient = exports.destroySession = exports.updateSession = exports.getSession = exports.createSession = undefined;

		@@ -13,3 +12,3 @@ var _session = require('./session');
		enumerable: true,
		get: function get() {
		get: function () {
		return _session.createSession;
		@@ -20,3 +19,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _session.getSession;
		@@ -27,3 +26,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _session.updateSession;
		@@ -34,3 +33,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _session.destroySession;
		@@ -41,3 +40,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _session.sessionClient;
		@@ -51,3 +50,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _urls.logoutUrl;
		@@ -58,3 +57,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _urls.loginServiceUrl;
		@@ -65,3 +64,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _urls.sessionServiceUrl;
		@@ -75,3 +74,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _cookies.cookieName;
		@@ -82,3 +81,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _cookies.cookieDomain;
		@@ -89,3 +88,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _cookies.getCookie;
		@@ -96,3 +95,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _cookies.writeCookie;
		@@ -103,3 +102,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _cookies.destroyCookie;
		@@ -113,3 +112,3 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _middleware.setRequestSession;
		@@ -120,7 +119,5 @@ }
		enumerable: true,
		get: function get() {
		get: function () {
		return _middleware.validateSession;
		}
		});

		require('babel-polyfill');
		});

127

lib/middleware.js

		@@ -20,88 +20,49 @@ 'use strict';

		function _asyncToGenerator(fn) { return function () { var gen = fn.apply(this, arguments); return new Promise(function (resolve, reject) { function step(key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { return Promise.resolve(value).then(function (value) { step("next", value); }, function (err) { step("throw", err); }); } } return step("next"); }); }; }

		var setRequestSession = exports.setRequestSession = function setRequestSession(_ref) {
		var production = _ref.production,
		sessionKeys = _ref.sessionKeys;
		return function () {
		var _ref2 = _asyncToGenerator( /#__PURE__/regeneratorRuntime.mark(function _callee(req, res, next) {
		var session, bugsnag, redirect, baseUrl;
		return regeneratorRuntime.wrap(function _callee$(_context) {
		while (1) {
		switch (_context.prev = _context.next) {
		case 0:
		_context.prev = 0;
		_context.next = 3;
		return (0, _session.getSession)({
		req: req,
		production: production,
		sessionKeys: sessionKeys
		});

		case 3:
		session = _context.sent;

		req.session = session;
		next();
		_context.next = 17;
		break;

		case 8:
		_context.prev = 8;
		_context.t0 = _context['catch'](0);
		bugsnag = req.app.get('bugsnag');

		if (bugsnag) {
		bugsnag.notify(_context.t0, {
		originalUrl: req.originalUrl
		});
		}
		// destroy the cookie(s) and redirect to the login page
		// if getting the session failed for any reason
		(0, _cookies.destroyCookie)({
		name: (0, _cookies.cookieName)({ production: production }),
		domain: (0, _cookies.cookieDomain)({ production: production }),
		res: res
		});
		(0, _cookies.destroyCookie)({
		name: (production ? '' : 'local') + 'bufferapp_ci_session',
		domain: '.buffer.com',
		res: res
		});
		redirect = encodeURIComponent('https://' + req.get('host') + req.originalUrl);
		baseUrl = (0, _urls.loginServiceUrl)({ production: production }) + '/login/';

		res.redirect(baseUrl + '?redirect=' + redirect);

		case 17:
		case 'end':
		return _context.stop();
		}
		}
		}, _callee, undefined, [[0, 8]]);
		}));

		return function (_x, _x2, _x3) {
		return _ref2.apply(this, arguments);
		};
		}();
		const setRequestSession = exports.setRequestSession = ({ production, sessionKeys }) => async (req, res, next) => {
		try {
		const session = await (0, _session.getSession)({
		req,
		production,
		sessionKeys
		});
		req.session = session;
		next();
		} catch (e) {
		const bugsnag = req.app.get('bugsnag');
		if (bugsnag) {
		bugsnag.notify(e, {
		originalUrl: req.originalUrl
		});
		}
		// destroy the cookie(s) and redirect to the login page
		// if getting the session failed for any reason
		(0, _cookies.destroyCookie)({
		name: (0, _cookies.cookieName)({ production }),
		domain: (0, _cookies.cookieDomain)({ production }),
		res
		});
		(0, _cookies.destroyCookie)({
		name: `${production ? '' : 'local'}bufferapp_ci_session`,
		domain: '.buffer.com',
		res
		});
		const redirect = encodeURIComponent(`https://${req.get('host')}${req.originalUrl}`);
		const baseUrl = `${(0, _urls.loginServiceUrl)({ production })}/login/`;
		res.redirect(`${baseUrl}?redirect=${redirect}`);
		}
		};

		var validateSession = exports.validateSession = function validateSession(_ref3) {
		var requiredSessionKeys = _ref3.requiredSessionKeys,
		production = _ref3.production;
		return function (req, res, next) {
		var allValidKeys = true;
		requiredSessionKeys.forEach(function (key) {
		if (!_objectPath2.default.has(req.session, key)) {
		allValidKeys = false;
		}
		});
		if (allValidKeys && req.session) {
		return next();
		const validateSession = exports.validateSession = ({ requiredSessionKeys, production }) => (req, res, next) => {
		let allValidKeys = true;
		requiredSessionKeys.forEach(key => {
		if (!_objectPath2.default.has(req.session, key)) {
		allValidKeys = false;
		}
		var redirect = encodeURIComponent('https://' + req.get('host') + req.originalUrl);
		var baseUrl = (0, _urls.loginServiceUrl)({ production: production }) + '/login/';
		res.redirect(baseUrl + '?redirect=' + redirect);
		};
		});
		if (allValidKeys && req.session) {
		return next();
		}
		const redirect = encodeURIComponent(`https://${req.get('host')}${req.originalUrl}`);
		const baseUrl = `${(0, _urls.loginServiceUrl)({ production })}/login/`;
		res.redirect(`${baseUrl}?redirect=${redirect}`);
		};

282

lib/session.js

		@@ -22,10 +22,4 @@ 'use strict';

		function _asyncToGenerator(fn) { return function () { var gen = fn.apply(this, arguments); return new Promise(function (resolve, reject) { function step(key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { return Promise.resolve(value).then(function (value) { step("next", value); }, function (err) { step("throw", err); }); } } return step("next"); }); }; }
		const sessionClient = exports.sessionClient = ({ sessionVersion, production }) => new _microRpcClient2.default({ url: (0, _urls.sessionServiceUrl)({ sessionVersion, production }) });

		var sessionClient = exports.sessionClient = function sessionClient(_ref) {
		var sessionVersion = _ref.sessionVersion,
		production = _ref.production;
		return new _microRpcClient2.default({ url: (0, _urls.sessionServiceUrl)({ sessionVersion: sessionVersion, production: production }) });
		};

		// will need this in controller for creating a session with a version
		@@ -35,195 +29,89 @@ // const createSessionServiceVersion = () =>

		var createSession = exports.createSession = function () {
		var _ref3 = _asyncToGenerator( /#__PURE__/regeneratorRuntime.mark(function _callee(_ref2) {
		var session = _ref2.session,
		production = _ref2.production,
		res = _ref2.res,
		userId = _ref2.userId,
		sessionVersion = _ref2.sessionVersion;

		var _ref4, token;

		return regeneratorRuntime.wrap(function _callee$(_context) {
		while (1) {
		switch (_context.prev = _context.next) {
		case 0:
		_context.next = 2;
		return sessionClient({
		sessionVersion: sessionVersion,
		production: production
		}).call('create', {
		session: session,
		userId: userId
		});

		case 2:
		_ref4 = _context.sent;
		token = _ref4.token;

		(0, _cookies.writeCookie)({
		name: (0, _cookies.cookieName)({ production: production }),
		value: token,
		domain: (0, _cookies.cookieDomain)({ production: production }),
		res: res
		});
		return _context.abrupt('return', {
		token: token,
		session: session
		});

		case 6:
		case 'end':
		return _context.stop();
		}
		}
		}, _callee, undefined);
		}));

		return function createSession(_x) {
		return _ref3.apply(this, arguments);
		const createSession = exports.createSession = async ({
		session,
		production,
		res,
		userId,
		sessionVersion
		}) => {
		// this will throw errors when a session cannot be created
		const { token } = await sessionClient({
		sessionVersion,
		production
		}).call('create', {
		session,
		userId
		});
		(0, _cookies.writeCookie)({
		name: (0, _cookies.cookieName)({ production }),
		value: token,
		domain: (0, _cookies.cookieDomain)({ production }),
		res
		});
		return {
		token,
		session
		};
		}();
		};

		var getSession = exports.getSession = function () {
		var _ref6 = _asyncToGenerator( /#__PURE__/regeneratorRuntime.mark(function _callee2(_ref5) {
		var req = _ref5.req,
		production = _ref5.production,
		sessionKeys = _ref5.sessionKeys;
		const getSession = exports.getSession = async ({ req, production, sessionKeys }) => {
		const sessionCookie = (0, _cookies.getCookie)({
		name: (0, _cookies.cookieName)({ production }),
		req
		});
		if (!sessionCookie) {
		return;
		}
		const { sessionVersion } = _jsonwebtoken2.default.decode(sessionCookie);
		const session = await sessionClient({
		sessionVersion,
		production
		}).call('get', {
		token: sessionCookie,
		keys: sessionKeys,
		sessionVersion
		});
		return session;
		};

		var sessionCookie, _jwt$decode, sessionVersion, session;
		const updateSession = exports.updateSession = async ({ session, req, production }) => {
		const sessionCookie = (0, _cookies.getCookie)({
		name: (0, _cookies.cookieName)({ production }),
		req
		});
		const { sessionVersion } = _jsonwebtoken2.default.decode(sessionCookie);
		return sessionClient({
		sessionVersion,
		production
		}).call('update', {
		session,
		token: sessionCookie,
		sessionVersion
		});
		};

		return regeneratorRuntime.wrap(function _callee2$(_context2) {
		while (1) {
		switch (_context2.prev = _context2.next) {
		case 0:
		sessionCookie = (0, _cookies.getCookie)({
		name: (0, _cookies.cookieName)({ production: production }),
		req: req
		});

		if (sessionCookie) {
		_context2.next = 3;
		break;
		}

		return _context2.abrupt('return');

		case 3:
		_jwt$decode = _jsonwebtoken2.default.decode(sessionCookie), sessionVersion = _jwt$decode.sessionVersion;
		_context2.next = 6;
		return sessionClient({
		sessionVersion: sessionVersion,
		production: production
		}).call('get', {
		token: sessionCookie,
		keys: sessionKeys,
		sessionVersion: sessionVersion
		});

		case 6:
		session = _context2.sent;
		return _context2.abrupt('return', session);

		case 8:
		case 'end':
		return _context2.stop();
		}
		}
		}, _callee2, undefined);
		}));

		return function getSession(_x2) {
		return _ref6.apply(this, arguments);
		};
		}();

		var updateSession = exports.updateSession = function () {
		var _ref8 = _asyncToGenerator( /#__PURE__/regeneratorRuntime.mark(function _callee3(_ref7) {
		var session = _ref7.session,
		req = _ref7.req,
		production = _ref7.production;

		var sessionCookie, _jwt$decode2, sessionVersion;

		return regeneratorRuntime.wrap(function _callee3$(_context3) {
		while (1) {
		switch (_context3.prev = _context3.next) {
		case 0:
		sessionCookie = (0, _cookies.getCookie)({
		name: (0, _cookies.cookieName)({ production: production }),
		req: req
		});
		_jwt$decode2 = _jsonwebtoken2.default.decode(sessionCookie), sessionVersion = _jwt$decode2.sessionVersion;
		return _context3.abrupt('return', sessionClient({
		sessionVersion: sessionVersion,
		production: production
		}).call('update', {
		session: session,
		token: sessionCookie,
		sessionVersion: sessionVersion
		}));

		case 3:
		case 'end':
		return _context3.stop();
		}
		}
		}, _callee3, undefined);
		}));

		return function updateSession(_x3) {
		return _ref8.apply(this, arguments);
		};
		}();

		var destroySession = exports.destroySession = function () {
		var _ref10 = _asyncToGenerator( /#__PURE__/regeneratorRuntime.mark(function _callee4(_ref9) {
		var req = _ref9.req,
		res = _ref9.res,
		production = _ref9.production;

		var sessionCookieName, sessionCookie, _jwt$decode3, sessionVersion;

		return regeneratorRuntime.wrap(function _callee4$(_context4) {
		while (1) {
		switch (_context4.prev = _context4.next) {
		case 0:
		sessionCookieName = (0, _cookies.cookieName)({ production: production });
		sessionCookie = (0, _cookies.getCookie)({
		name: sessionCookieName,
		req: req
		});
		_jwt$decode3 = _jsonwebtoken2.default.decode(sessionCookie), sessionVersion = _jwt$decode3.sessionVersion;
		_context4.next = 5;
		return sessionClient({
		sessionVersion: sessionVersion,
		production: production
		}).call('destroy', {
		token: sessionCookie,
		sessionVersion: sessionVersion
		});

		case 5:
		(0, _cookies.destroyCookie)({
		name: sessionCookieName,
		domain: (0, _cookies.cookieDomain)({ production: production }),
		res: res
		});
		(0, _cookies.destroyCookie)({
		name: (production ? '' : 'local') + 'bufferapp_ci_session',
		domain: '.buffer.com',
		res: res
		});

		case 7:
		case 'end':
		return _context4.stop();
		}
		}
		}, _callee4, undefined);
		}));

		return function destroySession(_x4) {
		return _ref10.apply(this, arguments);
		};
		}();
		const destroySession = exports.destroySession = async ({ req, res, production }) => {
		const sessionCookieName = (0, _cookies.cookieName)({ production });
		const sessionCookie = (0, _cookies.getCookie)({
		name: sessionCookieName,
		req
		});
		const { sessionVersion } = _jsonwebtoken2.default.decode(sessionCookie);
		await sessionClient({
		sessionVersion,
		production
		}).call('destroy', {
		token: sessionCookie,
		sessionVersion
		});
		(0, _cookies.destroyCookie)({
		name: sessionCookieName,
		domain: (0, _cookies.cookieDomain)({ production }),
		res
		});
		(0, _cookies.destroyCookie)({
		name: `${production ? '' : 'local'}bufferapp_ci_session`,
		domain: '.buffer.com',
		res
		});
		};

lib/urls.js

		@@ -6,22 +6,9 @@ 'use strict';
		});
		var currentWindowUrl = function currentWindowUrl() {
		return window.location.href;
		};
		const currentWindowUrl = () => window.location.href;

		var loginServiceUrl = exports.loginServiceUrl = function loginServiceUrl(_ref) {
		var production = _ref.production;
		return 'https://login' + (production ? '' : '.local') + '.buffer.com';
		};
		const loginServiceUrl = exports.loginServiceUrl = ({ production }) => `https://login${production ? '' : '.local'}.buffer.com`;

		var logoutUrl = exports.logoutUrl = function logoutUrl(_ref2) {
		var production = _ref2.production;
		return loginServiceUrl({ production: production }) + '/logout/?redirect=' + currentWindowUrl();
		};
		const logoutUrl = exports.logoutUrl = ({ production }) => `${loginServiceUrl({ production })}/logout/?redirect=${currentWindowUrl()}`;

		// TODO: remove beta '1' version after its been removed
		var sessionServiceUrl = exports.sessionServiceUrl = function sessionServiceUrl(_ref3) {
		var _ref3$sessionVersion = _ref3.sessionVersion,
		sessionVersion = _ref3$sessionVersion === undefined ? '1' : _ref3$sessionVersion,
		production = _ref3.production;
		return 'http://session-service-' + sessionVersion + (production ? '.buffer' : '');
		};
		const sessionServiceUrl = exports.sessionServiceUrl = ({ sessionVersion = '1', production }) => `http://session-service-${sessionVersion}${production ? '.buffer' : ''}`;

package.json

		{
		"name": "@bufferapp/session-manager",
		"version": "0.6.5-beta-03",
		"version": "0.6.5-beta-04",
		"description": "Buffer session manager",
		@@ -15,3 +15,2 @@ "main": "lib/index.js",
		"dependencies": {
		"babel-polyfill": "^6.26.0",
		"jsonwebtoken": "8.2.2",
		@@ -23,3 +22,10 @@ "micro-rpc-client": "0.1.2",
		"presets": [
		"env"
		[
		"env",
		{
		"targets": {
		"node": "8"
		}
		}
		]
		]
		@@ -26,0 +32,0 @@ },

src/index.js

		@@ -1,2 +0,1 @@
		import 'babel-polyfill'
		export {
		@@ -3,0 +2,0 @@ createSession,

@bufferapp/session-manager - npm Package Compare versions

Improved metrics

Worsened metrics

Dependency changes