GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lzztt → koa-session-minimal

lzztt / koa-session-minimal

Licence: MIT license
Minimal implementation of session middleware for Koa 2

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

koa-middlewarekoa2session-middleware

Projects that are alternatives of or similar to koa-session-minimal

koa-2-acl
ACL middleware of koa 2
Stars: ✭ 18 (-75.34%)
Mutual labels:  koa-middleware, koa2
Egg
🥚 Born to build better enterprise frameworks and apps with Node.js & Koa
Stars: ✭ 17,616 (+24031.51%)
Mutual labels:  koa-middleware, koa2
koa-webpack-server
Koa2 webpack all-in-one environment for universal development
Stars: ✭ 14 (-80.82%)
Mutual labels:  koa-middleware, koa2
blog-angular
📣 📣 Angular4 + koa2实现的个人博客、Angular blog
Stars: ✭ 60 (-17.81%)
Mutual labels:  koa2
Fee-movie2.0
整合了几个常用的电影网站,获取资源更方便,更新中
Stars: ✭ 33 (-54.79%)
Mutual labels:  koa2
guwen-node
guwennet.com node端代码 koa2.x + mongodb
Stars: ✭ 14 (-80.82%)
Mutual labels:  koa2
PoW-Shield
Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
Stars: ✭ 99 (+35.62%)
Mutual labels:  koa2
koa2-example-app
An app that is built using koa2 and async/await
Stars: ✭ 85 (+16.44%)
Mutual labels:  koa2
express-to-koa
Use express middlewares in Koa2, the one that really works.
Stars: ✭ 18 (-75.34%)
Mutual labels:  koa2
vue-koa-mongodb-oss
一个包含前后端鉴权、验证码生成、阿里云上传图片的前后端技术体系,技术栈vue、koa2、mongodb、oss
Stars: ✭ 82 (+12.33%)
Mutual labels:  koa2
koa-better-router
❤️ Stable and lovely router for `koa`, using `path-match`. Foundation for building powerful, flexible and RESTful APIs easily.
Stars: ✭ 88 (+20.55%)
Mutual labels:  koa2
micro-note
📝 A micro note application
Stars: ✭ 74 (+1.37%)
Mutual labels:  koa2
koa-restful-boilerplate
A boilerplate for koa2 RESTful API development
Stars: ✭ 31 (-57.53%)
Mutual labels:  koa2
node-typescript-starter
REST API using Node with typescript, KOA framework. TypeORM for SQL. Middlewares JWT (auth), CORS, Winston Logger, Error, Response
Stars: ✭ 19 (-73.97%)
Mutual labels:  koa2
tsbb
TSBB is a zero-config CLI that helps you develop, test, and publish modern TypeScript project. @tsbbjs
Stars: ✭ 87 (+19.18%)
Mutual labels:  koa2
koa-smart
A framework base on Koajs2 with Decorator, Params checker and a base of modules (cors, bodyparser, compress, I18n, etc…) to let you develop smart api easily
Stars: ✭ 31 (-57.53%)
Mutual labels:  koa2
daily-gateway
API gateway service also for authentication and user management
Stars: ✭ 31 (-57.53%)
Mutual labels:  koa2
little-robot
⏲️定时任务脚本,推送前端资讯到微信/Telegram
Stars: ✭ 86 (+17.81%)
Mutual labels:  koa2
koa-simple-ratelimit
Simple rate limiter for Koa.js v2 web framework
Stars: ✭ 17 (-76.71%)
Mutual labels:  koa2
koa-vue
前端vue+后端koa,数据库采用的mysql,开发完整的前后端项目
Stars: ✭ 18 (-75.34%)
Mutual labels:  koa2
View All Similar Projects ➔

koa-session-minimal

NPM version Downloads Build Status codecov

Native Koa 2 session middleware, inspired by and compatible with koa-generic-session. This can be used as a drop-in replacement for koa-generic-session in Koa 2.

This rewrite implements koa-generic-session's essential interfaces, with around 100 lines of code in ES6. It supports existing session stores for koa-generic-session.

Version 4+ requires node 8+. Please use v3.0.4 for node versions older than 8.

Minimum features and storage usage

This middleware guarantees the following:

  • Minimum data generation and storage. No session data modification / pollution.
    • Neither a cookie nor a session store record is created unless session data gets populated by other middlewares.
    • Cookie options are not saved in the ctx.session object or session store (try to address this concern).
  • Minimum updates on cookie and session store. Cookie and session store only get updated when session data has been changed.
    • When ctx.session gets updated (is a non-empty object), cookie and store data will be updated with new values and new expiration time (maxAge).
    • When ctx.session gets cleared ( = {} or null ), cookie and store data will be deleted.
    • If a session has not been updated within maxAge, its data will be expired.
  • Minimum public interfaces and configuration options.
    • Cookie options: maxAge, path, domain, secure, httpOnly
    • Session interfaces: session, sessionHandler { regenerateId() }
    • Store interfaces: get(), set(), destroy()

Installation

$ npm install koa-session-minimal

Usage

const Koa = require('koa')
const session = require('koa-session-minimal')
const redisStore = require('koa-redis')

const app = new Koa()

app.use(session({
  store: redisStore()
}))

// count middleware, increment when url = /add
app.use(async (ctx, next) => {
  ctx.session.count = ctx.session.count || 0
  if (ctx.path === '/add') ctx.session.count++

  await next()

  ctx.body = ctx.session.count
})

app.listen(3000)

Interfaces

  • session data via ctx.session (the same way as koa-generic-session)
  • session methods via ctx.sessionHandler
    • regenerateId(): regenerate session id

Options

  • key: session cookie name and store key prefix
  • store: session store
  • cookie: cookie options, can be an object (static cookie options) or a function that returns an object (dynamic cookie options). Only maxAge, path, domain, secure, httpOnly are supported as option keys (see option details in cookies module).

Session expiration

Default session has settings cookie.maxAge = 0 for cookie and ttl = ONE_DAY for session store, means that a session will be expired in one of the following circumstances:

  • A user close the browser window (transient cookie ends)
  • Session data hasn't been updated within ONE_DAY (storage expires)

With settings that cookie.maxAge > 0, the ttl for store data will be always the same as maxAge.

Dynamic session expiration (cookie options)

When setting cookie option to a plain object, all sessions will use the same cookie options. If a function is assigned to cookie, cookie options will be dynamically calculated at each (non-empty) session's saving stage. For example, you can use an arrow function to set different maxAge for user and guest sessions, as below:

session({
  cookie: ctx => ({
    maxAge: ctx.session.user ? ONE_MONTH : 0
  })
})

Session security

Middlewares are recommended to call sessionHandler.regenerateId() during authentication state change (login). This middleware provides the essential interface, It will be other middleware's decision on when and how often they want to roll the session id.

NOTE: Below is mostly copied from koa-generic-session's README, because the two middlewares share the same store interfaces. Any store that implements koa-generic-session's store interfaces should also work with koa-session-minimal. koa-redis is tested as an example in test/store_redis.test.js

Session store

You can use any other store to replace the default MemoryStore, it just needs to follow this api:

  • get(sid): get session object by sid
  • set(sid, sess, ttl): set session object for sid, with a ttl (in ms)
  • destroy(sid): destroy session for sid

the api needs to return a Promise, Thunk, generator, or an async function.

Stores presented

License

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].