Socket
Socket
Sign inDemoInstall

svelte-session-manager

Package Overview
Dependencies
23
Maintainers
1
Versions
68
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

svelte-session-manager

Session store for svelte (currently only for JWT)


Version published
Maintainers
1
Weekly downloads
504
decreased by-18.05%

Weekly downloads

Readme

Source

Svelte v3 npm License bundlejs downloads GitHub Issues Build Status Styled with prettier Commitizen friendly Known Vulnerabilities Coverage Status Tested with TestCafe

svelte-session-manager

Session store for svelte (currently only for JWT)

usage

import { derived } from 'svelte';
import { Session, login } from 'svelte-session-manager';

// use localStorage as backing store
let session = new Session(localStorage);

// session may still be valid
if(!session.isValid) {
  await login(session, 'https://mydomain.com/authenticate', 'a user', 'a secret');
}

session.isValid; // true when auth was ok or localStorage token is still valid


export const values = derived(
  session,
  ($session, set) => {
    if (!session.isValid) {
      set([]); // session has expired no more data
    } else {
      fetch('https://mydomain.com/values', {
        headers: {
          ...session.authorizationHeader
        }
      }).then(async data => set(await data.json()));
    }
    return () => {};
  }
,[]);

// $values contains fetch result as long as session has not expired

run tests

export BROWSER=safari|chrome|...
npm|yarn test

The test runs the following requests against the server

  • successful auth
curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbnRpdGxlbWVudHMiOiJhLGIsYyIsImlhdCI6MTYwNDY2NDI0NywiZXhwIjoxNjA0NjY0MjYyfQ.qyjeoCuXO0iyYwSxM2sM02_BVhaZobRmEWam1M8Hzkx51nbsAuTR8G1rNgz1COo_KvbCU7LwZt7qnSEFB1tcwyDA1eBxwc2Wb7JxWgQ50m1IWkr2JCgY1seWRJRcwZBXiTRtiPqhzofP-l3S-CBluzU48cd4yzoPayczLkKuPK4"}
  • invalid credentials
curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'
{"message":"Unauthorized"}

Live Example

live example

API

Table of Contents

login

Bring session into the valid state by calling the authorization endpoint and asking for a access_token. Executes a POST on the endpoint url expecting username, and password as json

Parameters

  • session Session to be opened
  • endpoint string authorization url
  • username string id of the user
  • password string user credentials
  • tokenmap Object token names in response to internal known values (optional, default defaultTokenMap)

Returns Promise<string> error message in case of failure or undefined on success

handleFailedResponse

Extract error description from response.

Parameters

Returns Promise<string>

SessionData

Data as preserved in the backing store.

Type: Object

Properties

msecsRequiredForRefresh

Time required to execute a refresh

Type: number

Session

User session. To create as session backed by browser local storage.

let session = new Session(localStorage);

or by browser session storage

let session = new Session(sessionStorage);

Parameters

Properties

  • entitlements Set<string>
  • subscriptions Set<Object> store subscriptions
  • expirationDate Date when the access token expires
  • access_token string token itself
  • refresh_token string refresh token

update

Consume auth response data and reflect internal state.

Parameters

refresh

Refresh with refresh_token.

Returns Promise<boolean> true if refresh was succcessfull false otherwise

authorizationHeader

Http header suitable for fetch.

Returns Object header The http header.

Returns string header.Authorization The Bearer access token.

isValid

As long as the expirationTimer is running we must be valid.

Returns boolean true if session is valid (not expired)

invalidate

Remove all tokens from the session and the backing store.

hasEntitlement

Check presence of an entitlement.

Parameters
  • name string of the entitlement

Returns boolean true if the named entitlement is present

subscribe

Fired when the session changes.

Parameters

decode

Extract and decode the payload.

Parameters

Returns Object payload object

install

With npm do:

npm install svelte-session-manager

license

BSD-2-Clause

Keywords

FAQs

Last updated on 30 Oct 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc