Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@universal-packages/express-session
Advanced tools
Express session manager.
npm install @universal-packages/express-session
npm install express
session([options])
Initialize a Session object
import { session } from '@universal-packages/express-session'
import { RedisEngine } from '@universal-packages/universal-token-registry-redis'
import express from 'express'
const engine = new RedisEngine({ host: 'localhost' })
await engine.connect()
const app = express()
app.use(session({ engine }))
Session
takes the same options as Token Registry
Additionally:
cookieName
String
default: "session"
Name of the cookie to fetch for the session token.
registryId
String
String to use to add randomness to the token generation.
trackSessionAccess
Boolean
Update registry every time a request is made to track ip and last access changes.
authenticateRequest
Use this for a simple request rejection if the session was not authenticated.If not authenticated the middleware ends the response with unauthorized status.
import { authenticateRequest } from '@universal-packages/express-session'
app.get('/private', authenticateRequest, async (request, response) => {
response.end()
})
Authenticating request is very simple you can even add your own logic like setting a current user to use later.
export async function authenticateRequest(request, response, next) {
if (request.session.authenticated) {
request.currentUser = await User.find(request.session.authenticatableID)
next()
} else {
response.status(401).end()
}
}
You can either set the header Authorization
in the format bearer <token>
or configure express to parse cookies and set a session
cookie with the token value, more about how to get a token below.
When the middleware is in use a Session
object will be available in the request object.
app.get('/', async (request, response) => {
const currentUser = await User.find(request.session.authenticatableID)
response.end()
})
Boolean
True whe a request was authenticated with a token.
String
A unique id for the session aside from the token.
String
The same id used to create the session at log in.
String
The token that came with the request.
Date
Date in which the session was created at log in.
Date
Date of the current moment using the session token.
String
Request ip when the session was created at log in.
String
Request ip of the current moment using the session token.
String
User agent in which the session was created at log in.
logIn(authenticatableID: String)
Async
Creates a new session using the authenticatable id and sets the cookie session
as well as the Authorization
response header to return to the user when ending the response.
logOut(token? string)
Async
Disposes the current session from the registry so the token is no longer valid, or if a token is provided it will dispose that session instead.
activeSessions()
Async
Returns all the active sessions for the current session authenticatable.
activeSessions(authenticatableId: String, [options: Object])
Async
Returns all the active sessions for the authenticatable id.
authenticatableId
String
The id of the authenticatable to get the active sessions from.options
Object
Same options as Token RegistryinjectSession(request: Request, response: Response, options?: ExpressSessionOptions)
To only inject the session object into the request and don't behave as middle ware use this method. In case you are doing some custom middleware.
import { injectSession } from '@universal-packages/express-session'
import express from 'express'
const app = express()
app.use(async (request, response, next) => {
await injectSession(request, response, options)
next()
})
This library is developed in TypeScript and shipped fully typed.
The development of this library happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving this library.
FAQs
Express session manager.
The npm package @universal-packages/express-session receives a total of 545 weekly downloads. As such, @universal-packages/express-session popularity was classified as not popular.
We found that @universal-packages/express-session demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.