Proper way of using session on the server

[waptik]

Hi. I'm facing some issues with session on the server side and i'd appreciate if someone guides me to right path.

So i'm building a telegram bot and a website, both integrated in the same blitz app.
The website serves as a frontend with minimal features as most of the core functionalities are done using the bot.
Going through the docs on session management, it seems server side session mgt(fetch session and update session) can be done either through the api routes or getServerSideProps.

Authentication on my app is done through the bot by going through some wizard scenes which at the end, creates a user account and saves some basic info in session using ctx.session.$create()
In order to create user session during account creation, i had to first create an api route where i can make use of getSession
Here's how i do it:

const createAccountApi = async (req: BlitzApiRequest, res: BlitzApiResponse) => {
  const { method } = req

  const session = await getSession(req, res)

  if (!(method?.toUpperCase() === "POST")) {
    return res.status(401).json({ error: { message: `Method not allowed.` } })
  }

  const body: CreateAccount = req.body

  try {
    const user = await createAccount(body, { session }) // a modified mutation from the boilterplate
    res.status(200).json({ user })
  } catch (error) {
    console.error(error)
    res.status(501).json({ error: error.message })
  }
}

To access the session created from the above code, i followed this and put antiCSRFToken in my axios header which i use to call my getSession api endpoint, but it resulted in errors.

// axios instance

const headers = {
  Accept: "application/json",
  "Content-Type": "application/json",
}

if (antiCSRFToken) {
  console.log({ antiCSRFToken })

  Object.assign(headers, { "anti-csrf": antiCSRFToken })
}

const axiosClient = Axios.create({
  baseURL: config.API_URL,
  headers,
})

// getSession endpoint
const getSessionApi = async (req: BlitzApiRequest, res: BlitzApiResponse) => {
  try {
    const session = await getSession(req, res)
    console.log("User ID:", session.userId)
    res.status(200).json(session)
  } catch (error) {

    console.error(error)
    res.status(500).json({ error: { message } })
  }
}

// function to call the endpoint
export async function getSession() {
  return await axios("/getSession", "get") // axios() is custom a wrapper around axios package
}


// error logs
TypeError: Cannot use 'in' operator to search for 'validateStatus' in {}
    at merge (\aye\nodejs\blitz\site\node_modules\axios\lib\core\mergeConfig.js:67:21)
    at Object.forEach (\aye\nodejs\blitz\site\node_modules\axios\lib\utils.js:247:10)
    at mergeConfig (\aye\nodejs\blitz\site\node_modules\axios\lib\core\mergeConfig.js:64:9)
...

The reason why i want to use session, is to avoid querying the db all the time for basic info which was stored in session during account creation.

[flybayer]

Thanks for all the info and code snippets!

Where are you making the axios call from?

[waptik]

Queries/mutations work just fine. But i want to know how have access to user session. Hence the api routes creating user account and getting session.
It's not a big deal for now, i can do without session. the issue will arise when i deploy to production because the bot runs non-stop.
Currently to get user info saved in db and attach it to bot context inside a middleware, i do this:

// query
export default async function getTelegramUser(tgId: number) {
  try {
    const user = await db.user.findUnique({
      where: { tgId },
    })

    return user
  } catch (error) {
    console.error(error)
  }
}

// middleware which runs at every request either incoming/outgoing
const attachUser: MiddlewareFn<BotContext> = async (ctx, next) => {
  logger.info("running attachUser middleware")

  try {
    const user = ((await getTelegramUser(Number(ctx.from?.id))) as unknown) as User
    ctx.user = user
  } catch (error) {
    report(error, "attachUser")
  }
  return next()
}

Because attachUser runs all the time, the query getTelegramUser() being called inside it, will make the same read everytime

[flybayer]

You want to access ctx.session on a request from Telegram?

[waptik]

More like i want to have access to blitz session inside the bot if possible.

[flybayer]

Ok let's actually set up a time to have a video call. I'll be able to help much better than here. DM me in discord and we'll arrange something.

[waptik]

Alright, will do so!
Thanks for your time