@lbu/server - npm Package Compare versions

Comparing version 0.0.85 to 0.0.86

index.d.ts

@@ -951,6 +951,3 @@ // Original types from @types/koa & @types/koa-compose
 
-/**
- * @private
- */
-interface SessionOptions {
+export interface SessionOptions {
   /**
@@ -1026,2 +1023,10 @@ * cookie key (default is process.env.APP_NAME.sess)
   /**
+   * Keeps a plain browser JS readable cookie in sync with the session cookie.
+   * This allows the browser to do some basic conditional rendering and api calls, that are
+   * right most of the time. Note that this cookie is not signed, and the real verification
+   * and session happens in the httpOnly cookie.
+   */
+  keepPublicCookie?: boolean;
+
+  /**
    * If your session store requires data or utilities from context, opts.ContextStore is alse
@@ -1028,0 +1033,0 @@ * supported. ContextStore must be a class which claims three instance methods demonstrated

package.json

 {
   "name": "@lbu/server",
-  "version": "0.0.85",
+  "version": "0.0.86",
   "description": "Koa server and common middleware",
@@ -19,4 +19,4 @@ "main": "./index.js",
   "dependencies": {
-    "@lbu/insight": "0.0.85",
-    "@lbu/stdlib": "0.0.85",
+    "@lbu/insight": "0.0.86",
+    "@lbu/stdlib": "0.0.86",
     "formidable": "2.0.0-canary.20200504.1",
@@ -49,3 +49,3 @@ "keygrip": "1.1.0",
   },
-  "gitHead": "cda54be9b925a481d04d219ba741b8bbb54e1abe"
+  "gitHead": "1eba2e828ee95264336638ca0d751446fc9a5c36"
 }

src/middleware/session.js

@@ -12,3 +12,3 @@ import { isNil, isProduction, merge, uuid } from "@lbu/stdlib";
  * @param {Application} app
- * @param {object} opts KoaSession options
+ * @param {SessionOptions} opts KoaSession options
  */
@@ -36,2 +36,6 @@ export function session(app, opts) {
 
+  if (options.keepPublicCookie && options.store) {
+    wrapStoreCalls({ ...options });
+  }
+
   return koaSession(options, app);
@@ -41,3 +45,3 @@ }
 /**
- *
+ * Get a Keygrip instance for production or plain keys in development
  */
@@ -56,1 +60,44 @@ function getKeys() {
 }
+
+/**
+ * Wraps the save and remove calls of koa-session ContextSession.
+ * This allows us to set extra cookies that are JS readable but don't contain any
+ * sensitive information.
+ *
+ * @param {SessionStore} store
+ * @param {string} key
+ * @param {*} cookieOpts
+ */
+function wrapStoreCalls({ store, key, ...cookieOpts }) {
+  cookieOpts.httpOnly = false;
+  cookieOpts.signed = false;
+  key += ".public";
+
+  const destroyOpts = { ...cookieOpts, maxAge: false, expires: new Date(0) };
+  const value = "truthy";
+
+  const originalSet = store.set;
+  const originalDestroy = store.destroy;
+
+  store.set = (...args) => {
+    if (!args[3]?.ctx) {
+      return originalSet(...args);
+    }
+
+    const ctx = args[3].ctx;
+    ctx.cookies.set(key, value, cookieOpts);
+
+    return originalSet(...args);
+  };
+
+  store.destroy = (...args) => {
+    if (!args[1]?.ctx) {
+      return originalDestroy(...args);
+    }
+
+    const ctx = args[1].ctx;
+    ctx.cookies.set(key, "", destroyOpts);
+
+    return originalDestroy(...args);
+  };
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

57676

increased by2.71%

Lines of code

1831

increased by2.29%

Dependency changes

• + Added@lbu/insight@0.0.86(transitive)

• + Added@lbu/stdlib@0.0.86(transitive)

• - Removed@lbu/insight@0.0.85(transitive)

• - Removed@lbu/stdlib@0.0.85(transitive)

• Updated@lbu/insight@0.0.86

• Updated@lbu/stdlib@0.0.86