feat!: new implementation of sessionCookieStore

src/session/authCookieName.ts

@@ -0,0 +1,5 @@
+import { AuthHandlerParams } from '../storyblok-auth-api'
+
+const defaultCookieName = 'sb.auth'
+export const authCookieName = (params: Pick<AuthHandlerParams, 'cookieName'>) =>
+  params.cookieName ?? defaultCookieName

src/session/crud/getAllSessions.ts

@@ -0,0 +1,27 @@
+import { AuthHandlerParams } from '../../storyblok-auth-api'
+import { AppSession } from '../types'
+import { getSignedCookie, GetCookie } from '../../utils'
+import { authCookieName } from '../authCookieName'
+
+export type AppSessionCookiePayload =
+  | {
+      sessions: AppSession[]
+    }
+  | undefined
+export type GetAllSessionsParams = Pick<
+  AuthHandlerParams,
+  'clientSecret' | 'cookieName' | 'clientId'
+>
+export type GetAllSessions = (
+  params: GetAllSessionsParams,
+  getCookie: GetCookie,
+) => AppSession[]
+export const getAllSessions: GetAllSessions = (params, getCookie) => {
+  const signedCookie = getSignedCookie(
+    params.clientSecret,
+    getCookie,
+    authCookieName(params),
+  ) as AppSessionCookiePayload
+  //  TODO validate at runtime
+  return signedCookie?.sessions ?? []
+}

src/session/crud/getSession.ts

@@ -0,0 +1,24 @@
+import { AuthHandlerParams } from '../../storyblok-auth-api'
+import { AppSession, AppSessionQuery } from '../types'
+import { getAllSessions } from './getAllSessions'
+import { keysEquals, keysFromQuery } from './utils'
+import { GetCookie } from '../../utils'
+
+export type GetSessionParams = Pick<
+  AuthHandlerParams,
+  'clientSecret' | 'cookieName' | 'clientId'
+>
+
+export type GetSession = (
+  params: GetSessionParams,
+  getCookie: GetCookie,
+  query: AppSessionQuery,
+) => AppSession | undefined
+export const getSession: GetSession = (params, getCookie, query) => {
+  const keys = {
+    ...keysFromQuery(query),
+    appClientId: params.clientId,
+  }
+  const areSessionsEqual = keysEquals(keys)
+  return getAllSessions(params, getCookie).find(areSessionsEqual)
+}

src/session/crud/index.ts

@@ -0,0 +1,4 @@
+export * from './getAllSessions'
+export * from './getSession'
+export * from './putSession'
+export * from './removeSession'

src/session/crud/putSession.ts

@@ -0,0 +1,31 @@
+import { AppSession } from '../types'
+import { AuthHandlerParams } from '../../storyblok-auth-api'
+import { setAllSessions } from './setAllSessions'
+import { getAllSessions } from './getAllSessions'
+import { keysEquals } from './utils'
+import { GetCookie, SetCookie } from '../../utils'
+
+export type PutSessionParams = Pick<
+  AuthHandlerParams,
+  'clientSecret' | 'cookieName' | 'clientId'
+>
+
+export type PutSession = (
+  params: PutSessionParams,
+  getCookie: GetCookie,
+  setCookie: SetCookie,
+  session: AppSession,
+) => AppSession
+
+export const putSession: PutSession = (
+  params,
+  getCookie,
+  setCookie,
+  newSession,
+) => {
+  const isNotEqual = (otherSession: AppSession) =>
+    !keysEquals(newSession)(otherSession)
+  const otherSessions = getAllSessions(params, getCookie).filter(isNotEqual)
+  setAllSessions(params, setCookie, [...otherSessions, newSession])
+  return newSession
+}

src/session/crud/removeSession.ts

@@ -0,0 +1,35 @@
+import { AppSession, AppSessionQuery } from '../types'
+import { AuthHandlerParams } from '../../storyblok-auth-api'
+import { setAllSessions } from './setAllSessions'
+import { getAllSessions } from './getAllSessions'
+import { keysEquals, keysFromQuery } from './utils'
+import { SetCookie, GetCookie } from '../../utils'
+
+export type RemoveSessionParams = Pick<
+  AuthHandlerParams,
+  'clientSecret' | 'cookieName' | 'clientId'
+>
+
+export type RemoveSession = (
+  params: RemoveSessionParams,
+  getCookie: GetCookie,
+  setCookie: SetCookie,
+  query: AppSessionQuery,
+) => AppSession | undefined
+export const removeSession: RemoveSession = (
+  params,
+  getCookie,
+  setCookie,
+  query,
+) => {
+  const sessions = getAllSessions(params, getCookie)
+  const keys = {
+    ...keysFromQuery(query),
+    appClientId: params.clientId,
+  }
+  const isEqual = keysEquals(keys)
+  const toRemove = sessions.find(isEqual)
+  const allOtherSessions = sessions.filter((s) => s !== toRemove)
+  setAllSessions(params, setCookie, allOtherSessions)
+  return toRemove
+}

src/session/crud/setAllSessions.ts

@@ -0,0 +1,19 @@
+import { AppSession } from '../types'
+import { setSignedCookie, SetCookie } from '../../utils'
+import { authCookieName } from '../authCookieName'
+import { AuthHandlerParams } from '../../storyblok-auth-api'
+
+export type SetAllSessionsParams = Pick<
+  AuthHandlerParams,
+  'clientSecret' | 'cookieName' | 'clientId'
+>
+export type SetAllSessions = (
+  params: SetAllSessionsParams,
+  setCookie: SetCookie,
+  sessions: AppSession[],
+) => void
+export const setAllSessions: SetAllSessions = (params, setCookie, sessions) => {
+  setSignedCookie(params.clientSecret, setCookie, authCookieName(params), {
+    sessions,
+  })
+}

src/session/crud/utils/index.ts

@@ -0,0 +1,2 @@
+export * from './keysFromQuery'
+export * from './keysEquals'

src/session/crud/utils/keysEquals.ts

@@ -0,0 +1,8 @@
+import { AppSession } from '../../types'
+
+export const keysEquals =
+  (a: Pick<AppSession, 'appClientId' | 'spaceId' | 'userId'>) =>
+  (b: Pick<AppSession, 'appClientId' | 'spaceId' | 'userId'>) =>
+    a.appClientId === b.appClientId &&
+    a.spaceId === b.spaceId &&
+    a.userId === b.userId

src/session/crud/utils/keysFromQuery.ts

@@ -0,0 +1,9 @@
+import { AppSessionKeys, AppSessionQuery } from '../../types'
+
+export const keysFromQuery = (keys: AppSessionQuery): AppSessionKeys => {
+  const { spaceId, userId } = keys
+  return {
+    spaceId: typeof spaceId === 'number' ? spaceId : parseInt(spaceId, 10),
+    userId: typeof userId === 'number' ? userId : parseInt(userId, 10),
+  }
+}

src/session/index.ts

@@ -1,3 +1,5 @@
-export * from './sessionCookieStore'
-export * from './isAppSessionQuery/isAppSessionQuery'
+export * from './isAppSessionQuery'
+export * from './crud'
 export * from './types'
+export * from './refreshStoredAppSession'
+export * from './sessionCookieStore'

src/session/refreshStoredAppSession.ts

@@ -0,0 +1,54 @@
+import { AppSession } from './types'
+import { shouldRefresh } from './shouldRefresh/shouldRefresh'
+import { refreshAppSession } from './refreshAppSession/refreshAppSession'
+import { refreshToken } from '../storyblok-auth-api/refreshToken'
+import { putSession, removeSession } from './crud'
+import { AuthHandlerParams } from '../storyblok-auth-api'
+import { GetCookie, SetCookie } from '../utils'
+
+export type RefreshParams = Pick<
+  AuthHandlerParams,
+  'clientSecret' | 'clientId' | 'baseUrl' | 'endpointPrefix'
+>
+export type Refresh = (
+  params: RefreshParams,
+  getCookie: GetCookie,
+  setCookie: SetCookie,
+  appSession: AppSession | undefined,
+) => Promise<AppSession | undefined>
+
+/**
+ * Given a stored session and getters and setters for mutating the storage, refreshes the session
+ * @param params
+ * @param getCookie
+ * @param setCookie
+ * @param currentAppSession
+ */
+export const refreshStoredAppSession: Refresh = async (
+  params,
+  getCookie,
+  setCookie,
+  currentAppSession,
+) => {
+  if (!currentAppSession) {
+    // passed undefined
+    return undefined
+  }
+  if (!shouldRefresh(currentAppSession)) {
+    // does not need refresh
+    return currentAppSession
+  }
+
+  // should refresh
+  const newAppSession = await refreshAppSession(refreshToken(fetch)(params))(
+    currentAppSession,
+  )
+
+  if (!newAppSession) {
+    // Refresh failed -> user becomes unauthenticated
+    removeSession(params, getCookie, setCookie, currentAppSession)
+    return undefined
+  }
+
+  return putSession(params, getCookie, setCookie, newAppSession)
+}

src/session/sessionCookieStore.ts

@@ -1,39 +1,30 @@
-import { simpleSessionCookieStore } from './app-session-cookie-store'
-import { shouldRefresh } from './shouldRefresh/shouldRefresh'
-import { refreshAppSession } from './refreshAppSession/refreshAppSession'
-import { refreshToken } from '../storyblok-auth-api/refreshToken'
-import { AppSessionCookieStoreFactory } from './types'
-import { AppSessionStore } from './types'
+import { AppSessionCookieStoreFactory, AppSessionStore } from './types'
+import { getAllSessions, getSession, putSession, removeSession } from './crud'
+import { refreshStoredAppSession } from './refreshStoredAppSession'
+import {
+  GetCookie,
+  getCookie as getNodeCookie,
+  SetCookie,
+  setCookie as setNodeCookie,
+} from '../utils'
 
 export const sessionCookieStore: AppSessionCookieStoreFactory =
   (params) =>
   (requestParams): AppSessionStore => {
-    const store = simpleSessionCookieStore(params)(requestParams)
+    const getCookie: GetCookie = (name) =>
+      getNodeCookie(requestParams.req, name)
+    const setCookie: SetCookie = (name, value) =>
+      setNodeCookie(requestParams.res, name, value)
     return {
-      ...store,
-      get: async (keys, options) => {
-        const currentSession = await store.get(keys)
-        if (options?.autoRefresh === false) {
-          return currentSession
-        }
-        if (!currentSession) {
-          return undefined
-        }
-        if (shouldRefresh(currentSession)) {
-          const newSession = await refreshAppSession(
-            refreshToken(fetch)(params),
-          )(currentSession)
-
-          if (!newSession) {
-            // Refresh failed -> user becomes unauthenticated
-            await store.remove(currentSession)
-            return undefined
-          }
-
-          await store.put(newSession)
-          return newSession
-        }
-        return currentSession
-      },
+      get: async (keys) =>
+        refreshStoredAppSession(
+          params,
+          getCookie,
+          setCookie,
+          getSession(params, getCookie, keys),
+        ),
+      getAll: async () => getAllSessions(params, getCookie),
+      put: async (session) => putSession(params, getCookie, setCookie, session),
+      remove: async (keys) => removeSession(params, getCookie, setCookie, keys),
     }
   }

src/utils/GetCookie.ts

@@ -0,0 +1 @@
+export type GetCookie = (name: string) => string | undefined

src/utils/SetCookie.ts

@@ -0,0 +1 @@
+export type SetCookie = (name: string, value: string) => void