feat: session instance receiving cookie attributes

vkrunjs · May 11, 2024 · 6fa25d7 · 6fa25d7
1 parent 81fe3f6
commit 6fa25d7
Show file tree

Hide file tree

Showing 7 changed files with 53 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # VkrunJS Releases
 
+## 0.38.0
+
+- session instance receiving cookie attributes
+
 ## 0.37.0
 
 - add signOut method to session module

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "vkrun",
-  "version": "0.37.0",
+  "version": "0.38.0",
   "description": "Vkrun is a Node.js framework for building server-side applications",
   "author": "Mario Elvio",
   "license": "MIT",

diff --git a/src/modules/session/helpers/create-session.ts b/src/modules/session/helpers/create-session.ts
@@ -8,13 +8,23 @@ export const createSession = (params: {
   response: type.Response
   sessionId: string
   data: any
-  options: type.SessionCreateOptions
+  options: type.SessionCreateOptions & type.CookieOptions
   secretKey: string | string[]
 }): type.SessionData => {
   const { request, response, sessionId, data, options, secretKey } = params
   util.validateTimeFormat(options.expiresIn, 'session')
   const token = jwt.encrypt(data, { secretKey, expiresIn: options.expiresIn })
-  setCreateSessionHeaders(response, sessionId, token)
+  const cookieOptions = {
+    httpOnly: options.httpOnly,
+    secure: options.secure,
+    expires: options.expires,
+    maxAge: options.maxAge,
+    path: options.path,
+    sameSite: options.sameSite,
+    domain: options.domain,
+    priority: options.priority
+  }
+  setCreateSessionHeaders(response, sessionId, token, cookieOptions)
   return {
     createdAt: Date.now(),
     expiresIn: util.convertExpiresIn(options.expiresIn),

diff --git a/src/modules/session/helpers/set-header/set-create-session-headers.ts b/src/modules/session/helpers/set-header/set-create-session-headers.ts
@@ -1,10 +1,10 @@
 import * as type from '../../../types'
 
-export const setCreateSessionHeaders = (response: type.Response, sessionId: string, token: string): void => {
+export const setCreateSessionHeaders = (response: type.Response, sessionId: string, token: string, options?: type.CookieOptions): void => {
   response.setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline'")
   response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate')
   response.setHeader('Expires', '0')
   response.setHeader('X-XSS-Protection', '1; mode=block')
-  response.setCookie('session-id', sessionId, { sameSite: 'Strict', priority: 'High' })
-  response.setCookie('session-token', token, { sameSite: 'Strict', priority: 'High' })
+  response.setCookie('session-id', sessionId, options)
+  response.setCookie('session-token', token, options)
 }
diff --git a/src/modules/session/helpers/set-header/set-delete-session-headers.ts b/src/modules/session/helpers/set-header/set-delete-session-headers.ts
@@ -2,5 +2,5 @@ import * as type from '../../../types'
 
 export const setDeleteSessionHeaders = (response: type.Response): void => {
   response.clearCookie('session-id')
-  response.clearCookie('session-toke')
+  response.clearCookie('session-token')
 }
diff --git a/src/modules/session/index.ts b/src/modules/session/index.ts
@@ -6,13 +6,25 @@ import * as type from '../types'
 export class VkrunSession {
   private readonly secretKey: string | string[]
   private readonly sessions: type.Sessions = new Map()
+  private readonly cookieOptions: type.CookieOptions
   // eslint-disable-next-line @typescript-eslint/prefer-readonly
   private sanitizationActive: boolean = false
   private readonly sanitizationEvery: number = util.convertExpiresIn('5m') // used in the startSanitization function
 
   constructor (config: type.SessionConfig) {
     util.validateSecretKey(config.secretKey, 'session')
     this.secretKey = config.secretKey
+    this.cookieOptions = {
+      httpOnly: config.httpOnly,
+      secure: config.secure,
+      expires: config.expires,
+      maxAge: config.maxAge,
+      path: config.path,
+      sameSite: config.sameSite,
+      domain: config.domain,
+      priority: config.priority
+    }
+    console.log({ cookieOptions: this.cookieOptions })
     if (config.sanitizationEvery) {
       util.validateTimeFormat(config.sanitizationEvery, 'session')
       this.sanitizationEvery = util.convertExpiresIn(config.sanitizationEvery)
@@ -27,15 +39,25 @@ export class VkrunSession {
   ): void {
     util.validateTimeFormat(options.expiresIn, 'session')
     const { sessionId } = helper.getSessionCookies(request)
-
+    options = {
+      ...options,
+      ...this.cookieOptions
+    }
     if (this.sessions.has(sessionId)) {
       this.sessions.delete(sessionId)
     }
 
     let createdSessionId = util.randomUUID()
     if (options.sessionId) createdSessionId = options.sessionId
 
-    const session = helper.createSession({ request, response, sessionId: createdSessionId, data, options, secretKey: this.secretKey })
+    const session = helper.createSession({
+      request,
+      response,
+      sessionId: createdSessionId,
+      data,
+      options,
+      secretKey: this.secretKey
+    })
     this.sessions.set(createdSessionId, session)
 
     if (!this.sanitizationActive) helper.startSanitization({ ...this, request })

diff --git a/src/modules/types/session-types.ts b/src/modules/types/session-types.ts
@@ -17,4 +17,12 @@ export interface SessionCreateOptions {
 export interface SessionConfig {
   secretKey: string | string[]
   sanitizationEvery?: number | string
+  httpOnly?: boolean
+  secure?: boolean
+  expires?: string
+  maxAge?: number
+  path?: string
+  sameSite?: 'Strict' | 'Lax' | 'None'
+  domain?: string
+  priority?: 'Low' | 'Medium' | 'High'
 }