feat(expire): expire in redis instead of token

Peter Marton · Peter Marton · commit 8fbeb3da3fb4 · 2015-09-24T12:10:02.000+02:00
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ var session = new TokenSession({
 
 ```
 session.create({
-  userId: '1',
+  uid: '1',
   [ttl]: 7200,
   [ip]: '127.0.0.1'
 })
diff --git a/package.json b/package.json
@@ -25,7 +25,7 @@
   },
   "devDependencies": {
     "chai": "^3.3.0",
-    "co-mocha": "^1.1.2",
+    "co-mocha": "^1.1.2",    
     "eslint-plugin-standard": "^1.3.1",
     "mocha": "^2.3.3",
     "sinon": "^1.17.0",
diff --git a/src/e2e.spec.js b/src/e2e.spec.js
@@ -21,19 +21,30 @@ describe('e2e', () => {
 
   describe('#create', () => {
     it('should create a session', function *() {
+      var expireAt = Date.now() + 7200000
       var token = yield session.create({
-        userId: '1'
+        uid: '1'
       })
 
-      var userId = yield jwt.verify(token, 'secret')
+      var tokenPayload = yield jwt.verify(token, 'secret')
       var props = yield redis.hgetall(session.namespaceKey + 't:' + token)
 
-      expect(userId).to.have.property('userId', '1')
+      expect(tokenPayload).to.have.property('uid', '1')
+
+      expect(props).to.have.property('uid', '1')
+      expect(props).to.have.property('exp')
+      expect(Number(props.exp)).to.be.at.least(expireAt)
+    })
 
-      expect(props).to.be.eql({
-        ttl: '7200',
+    it('should create a session which expires', function *() {
+      var token = yield session.create({
         uid: '1'
       })
+
+      var ttl = yield redis.pttl(session.namespaceKey + 't:' + token)
+
+      expect(ttl).to.be.above(7198000)
+      expect(ttl).to.be.below(7200000)
     })
 
     afterEach(function *() {
@@ -42,12 +53,10 @@ describe('e2e', () => {
   })
 
   describe('#cleanup', () => {
-    var token1
-
     beforeEach(function *() {
-      token1 = yield session.create({
-        userId: '1',
-        ttl: -1
+      yield session.create({
+        uid: '1',
+        ttl: 0
       })
     })
 
@@ -69,20 +78,16 @@ describe('e2e', () => {
 
     it('should remove only expired sessions', function *() {
       var token2 = yield session.create({
-        userId: '2'
+        uid: '1'
       })
 
       yield session.cleanup()
 
-      var props1 = yield redis.hgetall(session.namespaceKey + 't:' + token1)
-      var props2 = yield redis.hgetall(session.namespaceKey + 't:' + token2)
+      var tokens = yield redis.smembers(session.namespaceKey + 'u:1')
 
-      expect(props1).to.be.eql({})
-
-      expect(props2).to.be.eql({
-        ttl: '7200',
-        uid: '2'
-      })
+      expect(tokens).to.be.eql([
+        token2
+      ])
     })
   })
 })
diff --git a/src/tokenSession.js b/src/tokenSession.js
@@ -53,51 +53,51 @@ function TokenSession (opts) {
 /**
 * @method create
 * @param {Object} opts {
-*   userId: String
+*   uid: String
 *   [ttl]: Number in second
 *   [ip]: String
 * }
 * @return {String} token, jwt
 */
 TokenSession.prototype.create = function (opts) {
+  var _this = this
+
   opts = opts || {}
   opts = _.defaults(opts, {
     ttl: DEFAULT.TTL
   })
 
-  if (!opts.userId) {
-    return Promise.reject(new Error('userId is required'))
+  if (!opts.uid) {
+    return Promise.reject(new Error('uid is required'))
   }
 
   if (!_.isNumber(opts.ttl)) {
     return Promise.reject(new Error('ttl is required and should be a Number'))
   }
 
-  opts.userId = String(opts.userId)
+  opts.uid = String(opts.uid)
 
   // create JWT token
   var token = jwt.sign({
-    userId: opts.userId
-  }, this.jwtSecret, {
-    expiresInSeconds: opts.ttl
-  })
+    uid: opts.uid
+  }, _this.jwtSecret)
 
-  var userKey = this.namespaceKey + PREFIX.USER + opts.userId
-  var tokenListKey = this.namespaceKey + PREFIX.TOKEN + 'list'
-  var tokenListValue = opts.userId + ':' + token
-  var tokenKey = this.namespaceKey + PREFIX.TOKEN + token
+  var userKey = _this.namespaceKey + PREFIX.USER + opts.uid
+  var tokenListKey = _this.namespaceKey + PREFIX.TOKEN + 'list'
+  var tokenListValue = opts.uid + ':' + token
+  var tokenKey = _this.namespaceKey + PREFIX.TOKEN + token
 
   var expiresAt = Date.now() + (opts.ttl * 1000)
   var tokenPayload = {
-    uid: opts.userId,
-    ttl: opts.ttl
+    uid: opts.uid,
+    exp: expiresAt
   }
 
   if (opts.ip) {
     tokenPayload.ip = opts.ip
   }
 
-  return this.redis
+  return _this.redis
     .multi()
 
     // add token to the list by score
@@ -111,7 +111,14 @@ TokenSession.prototype.create = function (opts) {
     .hmset(tokenKey, tokenPayload)
     .exec()
     .then(function () {
-      return token
+      return _this.redis.pexpireat(tokenKey, expiresAt)
+        .then(function (result) {
+          if (result !== 1) {
+            throw new Error('cannot set expiration on token')
+          }
+
+          return token
+        })
     })
 }
 
@@ -144,15 +151,18 @@ TokenSession.prototype.cleanup = function (cleanupAll) {
 
         // remove from token list and token properties
         var multi = _this.redis.multi()
-          .del(tokenKeys)
           .zremrangebyscore(tokenListKey, 0, to)
 
+        if (cleanupAll) {
+          multi = multi.del(tokenKeys)
+        }
+
         // remove tokens from users
         expiredItems.forEach(function (item) {
           var tmp = item.split(':')
-          var userId = tmp[0]
+          var uid = tmp[0]
           var token = tmp[1]
-          var userKey = _this.namespaceKey + PREFIX.USER + userId
+          var userKey = _this.namespaceKey + PREFIX.USER + uid
 
           multi = multi.srem(userKey, token)
         })
