rauth-provider/core/sessionStore.cjs

A lightweight, plug-and-play Node.js library for phone number authentication using the Rauth.io reverse verification flow via WhatsApp or SMS.

/**
 * In-memory session store for active verification sessions
 */
class SessionStore {
  constructor() {
    // Map: sessionToken -> { phone, ttl, createdAt }
    this.sessions = new Map();
  }

  /**
   * Add a session to the store
   * @param {string} phone - Phone number
   * @param {string} sessionToken - Session token
   * @param {number} ttl - Time to live in seconds
   */
  createSession(phone, sessionToken, ttl) {
    const sessionData = {
      phone,
      ttl,
      createdAt: Date.now()
    };
    
    this.sessions.set(sessionToken, sessionData);
    
    // Auto-cleanup after TTL
    if (ttl > 0) {
      setTimeout(() => {
        this.removeSession(sessionToken);
      }, ttl * 1000);
    }
  }

  /**
   * Get session by token
   * @param {string} sessionToken - Session token
   * @returns {Object|null} Session data or null if not found/expired
   */
  getSession(sessionToken) {
    const session = this.sessions.get(sessionToken);
    if (!session) return null;

    // Check if session has expired
    const now = Date.now();
    const expirationTime = session.createdAt + (session.ttl * 1000);
    
    if (session.ttl > 0 && now > expirationTime) {
      this.removeSession(sessionToken);
      return null;
    }

    return session;
  }

  /**
   * Verify if a session exists and matches the phone number
   * @param {string} sessionToken - Session token
   * @param {string} userPhone - Phone number to verify
   * @returns {boolean} True if session is valid and matches phone
   */
  verifySession(sessionToken, userPhone) {
    const session = this.getSession(sessionToken);
    if (!session) return false;

    return session.phone === userPhone;
  }

  /**
   * Remove a session from the store
   * @param {string} sessionToken - Session token
   */
  removeSession(sessionToken) {
    this.sessions.delete(sessionToken);
  }

  /**
   * Get all active sessions
   * @returns {Map} All active sessions
   */
  getAllSessions() {
    // Clean up expired sessions first
    this.cleanupExpiredSessions();
    return new Map(this.sessions);
  }

  /**
   * Clean up expired sessions
   */
  cleanupExpiredSessions() {
    const now = Date.now();
    
    for (const [token, session] of this.sessions) {
      if (session.ttl > 0) {
        const expirationTime = session.createdAt + (session.ttl * 1000);
        if (now > expirationTime) {
          this.removeSession(token);
        }
      }
    }
  }

  /**
   * Clear all sessions
   */
  clear() {
    this.sessions.clear();
  }
}

module.exports = SessionStore;