Cleanup + Closes #125

hapijs · Nov 3, 2018 · 4726e71 · 4726e71
2 parents ef502bb + 9f2b9e7
commit 4726e71
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 70 deletions.
diff --git a/API.md b/API.md
@@ -38,3 +38,7 @@ You can also add these options on a route per route basis at `config.plugins.yar
 - `touch()` - Manually notify the session of changes (when using `get()` and changing the content of the returned reference directly without calling `set()`).
 - `flash(type, message, isOverride)` - stores volatile data - data that should be deleted once read. When given no arguments, it will return all of the flash messages and delete the originals. When given only a type, it will return all of the flash messages of that type and delete the originals. When given a type and a message, it will set or append that message to the given type. 'isOverride' used to indicate that the message provided should replace any existing value instead of being appended to it (defaults to false).
 - `lazy(enabled)` - if set to 'true', enables lazy mode. In lazy mode, `request.yar` can be modified directly (e.g. setting `request.yar.myKey` to an object value), and those keys will be stored and loaded back. Lazy mode isn't as fast as the normal get/set because it has to store the session state on every responses regardless of any changes being made.
+
+**yar** adds the `yar` property to the server instance. The `server.yar` interface provides the following methods:
+
+- `revoke(id)` - revokes the specified session.
diff --git a/examples/index.js b/examples/index.js
diff --git a/lib/index.js b/lib/index.js
@@ -4,7 +4,7 @@
 
 const Hoek = require('hoek');
 const Statehood = require('statehood');
-const Uuid = require('uuid');
+const Uuid = require('uuid/v4');
 
 
 // Declare internals
@@ -59,6 +59,10 @@ module.exports = {
 
         server.decorate('request', 'yar', internals.decorate(settings, cache), { apply: true });
 
+        // Decorate server with yar interface
+
+        server.decorate('server', 'yar', internals.server(cache));
+
         // Setup lifecycle
 
         server.ext('onPreAuth', internals.onPreAuth);
@@ -76,6 +80,14 @@ internals.decorate = function (settings, cache) {
 };
 
 
+internals.server = function (cache) {
+
+    return {
+        revoke: (id) => cache.drop(id)
+    };
+};
+
+
 internals.Yar = class {
 
     constructor(request, settings, cache) {
@@ -145,7 +157,7 @@ internals.Yar = class {
 
     _generateSessionID() {
 
-        const id = this._settings.customSessionIDGenerator ? this._settings.customSessionIDGenerator(this._request) : Uuid.v4();
+        const id = this._settings.customSessionIDGenerator ? this._settings.customSessionIDGenerator(this._request) : Uuid();
         Hoek.assert(typeof id === 'string', 'Session ID should be a string');
         return id;
     }

diff --git a/test/index.js b/test/index.js
@@ -1486,4 +1486,48 @@ describe('yar', () => {
 
         return true;
     });
+
+    it('should allow to revoke session on the server side', async () => {
+
+        const server = new Hapi.Server();
+
+        server.route([
+            {
+                method: 'GET', path: '/increment', handler: (request) => {
+
+                    const value = request.yar.get('value');
+                    const result = value ? value + 1 : 1;
+                    request.yar.set('value', result);
+
+                    return {
+                        sessionId: request.yar.id,
+                        value: result
+                    };
+                }
+            }
+        ]);
+
+        await server.register({
+            plugin: Yar, options: {
+                maxCookieSize: 0,
+                cookieOptions: {
+                    password: internals.password
+                }
+            }
+        });
+
+        await server.start();
+
+        const res = await server.inject({ method: 'GET', url: '/increment' });
+        expect(res.result.value).to.equal(1);
+        const header = res.headers['set-cookie'];
+        const cookie = header[0].match(internals.sessionRegex);
+
+        await server.yar.revoke(res.result.sessionId);
+
+        const res2 = await server.inject({ method: 'GET', url: '/increment', headers: { cookie: cookie[1] } });
+        const res3 = await server.inject({ method: 'GET', url: '/increment', headers: { cookie: cookie[1] } });
+        expect(res2.result.value).to.equal(1);
+        expect(res3.result.value).to.equal(2);
+    });
 });