UNPKG

connect-mongo

Version:

MongoDB session store for Express and Connect

github.com/jdesboeufs/connect-mongo

jdesboeufs/connect-mongo

433 lines (429 loc) 15.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
import assert from "node:assert/strict"; import * as session from "express-session"; import { MongoClient } from "mongodb"; import Debug from "debug"; import util from "node:util"; import { webcrypto } from "node:crypto"; import kruptein from "kruptein"; //#region src/lib/cryptoAdapters.ts const defaultCryptoOptions = { secret: false, algorithm: "aes-256-gcm", hashing: "sha512", encodeas: "base64", key_size: 32, iv_size: 16, at_size: 16 }; const createKrupteinAdapter = (options) => { const merged = { ...defaultCryptoOptions, ...options }; if (!merged.secret) throw new Error("createKrupteinAdapter requires a non-empty secret"); const instance = kruptein(merged); const encrypt = util.promisify(instance.set).bind(instance); const decrypt = util.promisify(instance.get).bind(instance); return { async encrypt(plaintext) { const ciphertext = await encrypt(merged.secret, plaintext); return String(ciphertext); }, async decrypt(ciphertext) { const plaintext = await decrypt(merged.secret, ciphertext); if (typeof plaintext === "string") return plaintext; return JSON.stringify(plaintext); } }; }; const encoder = new TextEncoder(); const decoder = new TextDecoder(); const toUint8Array = (input) => { if (typeof input === "string") return encoder.encode(input); if (ArrayBuffer.isView(input)) return new Uint8Array(input.buffer, input.byteOffset, input.byteLength); if (input instanceof ArrayBuffer) return new Uint8Array(input); throw new TypeError("Unsupported secret type for Web Crypto adapter"); }; const encodeBytes = (bytes, encoding) => { switch (encoding) { case "hex": return Buffer.from(bytes).toString("hex"); case "base64url": return Buffer.from(bytes).toString("base64url"); case "base64": default: return Buffer.from(bytes).toString("base64"); } }; const decodeBytes = (payload, encoding) => { switch (encoding) { case "hex": return new Uint8Array(Buffer.from(payload, "hex")); case "base64url": return new Uint8Array(Buffer.from(payload, "base64url")); case "base64": default: return new Uint8Array(Buffer.from(payload, "base64")); } }; const createWebCryptoAdapter = ({ secret, ivLength, encoding = "base64", algorithm = "AES-GCM", salt, iterations = 31e4 }) => { if (!secret) throw new Error("createWebCryptoAdapter requires a secret"); const { subtle } = webcrypto; if (!subtle?.decrypt || !webcrypto?.getRandomValues) throw new Error("Web Crypto API is not available in this runtime"); const resolvedIvLength = ivLength ?? (algorithm === "AES-GCM" ? 12 : 16); const resolvedSalt = salt ?? encoder.encode("connect-mongo:webcrypto-default-salt"); const deriveKey = async () => { const secretBytes = toUint8Array(secret); const baseKey = await subtle.importKey("raw", secretBytes, "PBKDF2", false, ["deriveKey"]); const saltBytes = typeof resolvedSalt === "string" ? encoder.encode(resolvedSalt) : toUint8Array(resolvedSalt); return subtle.deriveKey({ name: "PBKDF2", salt: saltBytes, iterations, hash: "SHA-256" }, baseKey, { name: algorithm, length: 256 }, false, ["encrypt", "decrypt"]); }; const keyPromise = deriveKey(); return { async encrypt(plaintext) { const key = await keyPromise; const iv = webcrypto.getRandomValues(new Uint8Array(resolvedIvLength)); const data = encoder.encode(plaintext); const encrypted = await subtle.encrypt({ name: algorithm, iv }, key, data); const cipherBytes = new Uint8Array(encrypted); const combined = new Uint8Array(resolvedIvLength + cipherBytes.byteLength); combined.set(iv, 0); combined.set(cipherBytes, resolvedIvLength); return encodeBytes(combined, encoding); }, async decrypt(ciphertext) { const key = await keyPromise; const combined = decodeBytes(ciphertext, encoding); const iv = combined.slice(0, resolvedIvLength); const data = combined.slice(resolvedIvLength); const decrypted = await subtle.decrypt({ name: algorithm, iv }, key, data); return decoder.decode(decrypted); } }; }; //#endregion //#region src/lib/MongoStore.ts const debug = Debug("connect-mongo"); const noop = () => {}; const unit = (a) => a; function defaultSerializeFunction(currentSession) { const result = { cookie: currentSession.cookie }; Object.entries(currentSession).forEach(([key, value]) => { if (key === "cookie" && value && typeof value.toJSON === "function") result.cookie = value.toJSON(); else result[key] = value; }); return result; } function computeTransformFunctions(options) { if (options.serialize || options.unserialize) return { serialize: options.serialize || defaultSerializeFunction, unserialize: options.unserialize || unit }; if (options.stringify === false) return { serialize: defaultSerializeFunction, unserialize: unit }; return { serialize: (value) => JSON.stringify(value), unserialize: (payload) => JSON.parse(payload) }; } function computeExpires(session$1, fallbackTtlSeconds) { const cookie = session$1?.cookie; if (cookie?.expires) return new Date(cookie.expires); const now = Date.now(); return new Date(now + fallbackTtlSeconds * 1e3); } var MongoStore = class MongoStore extends session.Store { clientP; cryptoAdapter = null; timer; collectionP; options; transformFunctions; constructor({ collectionName = "sessions", ttl = 1209600, mongoOptions = {}, autoRemove = "native", autoRemoveInterval = 10, touchAfter = 0, stringify = true, timestamps = false, crypto, cryptoAdapter, ...required }) { super(); debug("create MongoStore instance"); const options = { collectionName, ttl, mongoOptions, autoRemove, autoRemoveInterval, touchAfter, stringify, timestamps, crypto, cryptoAdapter: cryptoAdapter ?? null, ...required }; assert(options.mongoUrl || options.clientPromise || options.client, "You must provide either mongoUrl|clientPromise|client in options"); assert(options.createAutoRemoveIdx === null || options.createAutoRemoveIdx === void 0, "options.createAutoRemoveIdx has been reverted to autoRemove and autoRemoveInterval"); assert(!options.autoRemoveInterval || options.autoRemoveInterval <= 71582, "autoRemoveInterval is too large. options.autoRemoveInterval is in minutes but not seconds nor mills"); if (crypto !== void 0 && cryptoAdapter !== void 0) throw new Error("Provide either the legacy crypto option or cryptoAdapter, not both"); const legacyCryptoRequested = crypto !== void 0 && crypto.secret !== false; if (options.cryptoAdapter) this.cryptoAdapter = options.cryptoAdapter; else if (legacyCryptoRequested) this.cryptoAdapter = createKrupteinAdapter(options.crypto); options.cryptoAdapter = this.cryptoAdapter; this.transformFunctions = computeTransformFunctions(options); let _clientP; if (options.mongoUrl) _clientP = MongoClient.connect(options.mongoUrl, options.mongoOptions); else if (options.clientPromise) _clientP = options.clientPromise; else if (options.client) _clientP = Promise.resolve(options.client); else throw new Error("Cannot init client. Please provide correct options"); assert(!!_clientP, "Client is null|undefined"); this.clientP = _clientP; this.options = options; this.collectionP = _clientP.then(async (con) => { const collection = con.db(options.dbName).collection(options.collectionName); await this.setAutoRemove(collection); return collection; }); } static create(options) { return new MongoStore(options); } setAutoRemove(collection) { const removeQuery = () => ({ expires: { $lt: /* @__PURE__ */ new Date() } }); switch (this.options.autoRemove) { case "native": debug("Creating MongoDB TTL index"); return collection.createIndex({ expires: 1 }, { background: true, expireAfterSeconds: 0 }); case "interval": { debug("create Timer to remove expired sessions"); const runIntervalRemove = () => collection.deleteMany(removeQuery(), { writeConcern: { w: 0 } }).catch((err) => { debug("autoRemove interval cleanup failed: %s", err?.message ?? err); }); this.timer = setInterval(() => { runIntervalRemove(); }, this.options.autoRemoveInterval * 1e3 * 60); this.timer.unref(); return Promise.resolve(); } case "disabled": default: return Promise.resolve(); } } computeStorageId(sessionId) { if (this.options.transformId && typeof this.options.transformId === "function") return this.options.transformId(sessionId); return sessionId; } /** * Normalize payload before encryption so decrypt can restore the original * serialized session value. */ serializeForCrypto(payload) { if (typeof payload === "string") return payload; try { return JSON.stringify(payload); } catch (error) { debug("Falling back to string serialization for crypto payload: %O", error); return String(payload); } } parseDecryptedPayload(plaintext) { let parsed; try { parsed = JSON.parse(plaintext); } catch { parsed = plaintext; } if (this.options.stringify === false) { if (typeof parsed === "string") try { return JSON.parse(parsed); } catch { return parsed; } return parsed; } if (!this.options.serialize && !this.options.unserialize) return typeof parsed === "string" ? parsed : JSON.stringify(parsed); return parsed; } /** * Decrypt given session data * @param session session data to be decrypt. Mutate the input session. */ async decryptSession(sessionDoc) { if (this.cryptoAdapter && sessionDoc && typeof sessionDoc.session === "string") { const plaintext = await this.cryptoAdapter.decrypt(sessionDoc.session); sessionDoc.session = this.parseDecryptedPayload(plaintext); } } /** * Get a session from the store given a session ID (sid) * @param sid session ID */ get(sid, callback) { (async () => { try { debug(`MongoStore#get=${sid}`); const sessionDoc = await (await this.collectionP).findOne({ _id: this.computeStorageId(sid), $or: [{ expires: { $exists: false } }, { expires: { $gt: /* @__PURE__ */ new Date() } }] }); if (this.cryptoAdapter && sessionDoc) try { await this.decryptSession(sessionDoc); } catch (error) { callback(error); return; } let result; if (sessionDoc) { result = this.transformFunctions.unserialize(sessionDoc.session); if (this.options.touchAfter > 0 && sessionDoc.lastModified) result.lastModified = sessionDoc.lastModified; } this.emit("get", sid); callback(null, result ?? null); } catch (error) { callback(error); } })(); } /** * Upsert a session into the store given a session ID (sid) and session (session) object. * @param sid session ID * @param session session object */ set(sid, session$1, callback = noop) { (async () => { try { debug(`MongoStore#set=${sid}`); if (this.options.touchAfter > 0 && session$1?.lastModified) delete session$1.lastModified; const s = { _id: this.computeStorageId(sid), session: this.transformFunctions.serialize(session$1) }; s.expires = computeExpires(session$1, this.options.ttl); if (this.options.touchAfter > 0) s.lastModified = /* @__PURE__ */ new Date(); if (this.cryptoAdapter) { const plaintext = this.serializeForCrypto(s.session); s.session = await this.cryptoAdapter.encrypt(plaintext); } const collection = await this.collectionP; const update = { $set: s }; if (this.options.timestamps) { update.$setOnInsert = { createdAt: /* @__PURE__ */ new Date() }; update.$currentDate = { updatedAt: true }; } if ((await collection.updateOne({ _id: s._id }, update, { upsert: true, writeConcern: this.options.writeOperationOptions })).upsertedCount > 0) this.emit("create", sid); else this.emit("update", sid); this.emit("set", sid); } catch (error) { return callback(error); } return callback(null); })(); } touch(sid, session$1, callback = noop) { (async () => { try { debug(`MongoStore#touch=${sid}`); const updateFields = {}; const touchAfter = this.options.touchAfter * 1e3; const lastModified = session$1.lastModified ? session$1.lastModified.getTime() : 0; const currentDate = /* @__PURE__ */ new Date(); if (touchAfter > 0 && lastModified > 0) { if (currentDate.getTime() - lastModified < touchAfter) { debug(`Skip touching session=${sid}`); return callback(null); } updateFields.lastModified = currentDate; } updateFields.expires = computeExpires(session$1, this.options.ttl); const collection = await this.collectionP; const updateQuery = { $set: updateFields }; if (this.options.timestamps) updateQuery.$currentDate = { updatedAt: true }; if ((await collection.updateOne({ _id: this.computeStorageId(sid) }, updateQuery, { writeConcern: this.options.writeOperationOptions })).matchedCount === 0) return callback(/* @__PURE__ */ new Error("Unable to find the session to touch")); else { this.emit("touch", sid, session$1); return callback(null); } } catch (error) { return callback(error); } })(); } /** * Get all sessions in the store as an array */ all(callback) { (async () => { try { debug("MongoStore#all()"); const sessions = (await this.collectionP).find({ $or: [{ expires: { $exists: false } }, { expires: { $gt: /* @__PURE__ */ new Date() } }] }); const results = []; for await (const sessionDoc of sessions) { if (this.cryptoAdapter && sessionDoc) await this.decryptSession(sessionDoc); results.push(this.transformFunctions.unserialize(sessionDoc.session)); } this.emit("all", results); callback(null, results); } catch (error) { callback(error); } })(); } /** * Destroy/delete a session from the store given a session ID (sid) * @param sid session ID */ destroy(sid, callback = noop) { debug(`MongoStore#destroy=${sid}`); this.collectionP.then((colleciton) => colleciton.deleteOne({ _id: this.computeStorageId(sid) }, { writeConcern: this.options.writeOperationOptions })).then(() => { this.emit("destroy", sid); callback(null); }).catch((err) => callback(err)); } /** * Get the count of all sessions in the store */ length(callback) { debug("MongoStore#length()"); this.collectionP.then((collection) => collection.countDocuments()).then((c) => callback(null, c)).catch((err) => callback(err, 0)); } /** * Delete all sessions from the store. */ clear(callback = noop) { debug("MongoStore#clear()"); this.collectionP.then((collection) => collection.deleteMany({}, { writeConcern: this.options.writeOperationOptions })).then(() => callback(null)).catch((err) => { const message = err?.message ?? ""; if (err?.code === 26 || /ns not found/i.test(message)) { callback(null); return; } callback(err); }); } /** * Close database connection */ close() { debug("MongoStore#close()"); if (this.timer) { clearInterval(this.timer); this.timer = void 0; } return this.clientP.then((c) => c.close()); } }; //#endregion //#region src/index.ts var src_default = MongoStore; //#endregion export { MongoStore, createKrupteinAdapter, createWebCryptoAdapter, src_default as default }; //# sourceMappingURL=index.mjs.map