Initial commit

KTH · Sep 2, 2016 · ba7f799 · ba7f799
1 parent 3564133
commit ba7f799
Show file tree

Hide file tree

Showing 6 changed files with 195 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,12 @@
+# Logs
+logs
+*.log
+
+# Dependency directory
+# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
+node_modules
+
+# IDEs
+.vscode
+.idea
+*.iml
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,8 @@
+The MIT License (MIT)
+Copyright (c) 2016 KTH Royal Institute of Technology
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
@@ -1,2 +1,45 @@
 # kth-node-session
+
 A Node.js module for setting up session middleware for Express.js apps.
+
+Enforces certain defaults that should improve security related to sessions.
+
+Available session options: https://www.npmjs.com/package/express-session
+
+Available Redis options: https://www.npmjs.com/package/connect-redis
+
+# Usage
+
+```javascript
+const express = require('express')
+const session = require('kth-node-session')
+
+const app = express()
+
+const options = {
+  // set to true to enable session storage in RedisStore
+  // default is to use MemoryStore
+  useRedis: false,
+
+  // this is used as redis prefix and session cookie name
+  // must be set here or as individual settings for redis (prefix) and session (name)
+  key: 'node-app.sid',
+
+  // https://www.npmjs.com/package/connect-redis
+  redisOptions: {
+    // ...
+  },
+
+  // https://www.npmjs.com/package/express-session
+  sessionOptions: {
+    // secret must be set!
+    secret: 'my-secret-string',
+
+    // this should not be set when enabling Redis
+    // or if using the default value
+    store: null
+  }
+}
+
+app.use(session(options))
+```
diff --git a/index.js b/index.js
@@ -0,0 +1,52 @@
+'use strict'
+
+const session = require('express-session')
+const RedisStore = require('connect-redis')(session)
+const _ = require('lodash')
+
+const oneHour = 3600000
+
+const defaults = {
+  useRedis: false,
+  key: '',
+  redisOptions: {
+    host: 'localhost',
+    port: 6379,
+    ttl: oneHour
+  },
+  sessionOptions: {
+    secret: '',
+    resave: false,
+    saveUninitialized: false
+  }
+}
+
+module.exports = function (options) {
+  options = _.defaultsDeep(options, defaults)
+
+  if (!options.redisOptions.prefix) {
+    if (options.key) {
+      options.redisOptions.prefix = `${options.key}:`
+    } else {
+      throw new Error('No Redis prefix provided, "options.key" must be set.')
+    }
+  }
+
+  if (!options.sessionOptions.secret) {
+    throw new Error('Session secret must be set.')
+  }
+
+  if (!options.sessionOptions.name) {
+    if (options.key) {
+      options.sessionOptions.name = options.key
+    } else {
+      throw new Error('No session name provided, "options.key" must be set.')
+    }
+  }
+
+  if (options.useRedis) {
+    options.sessionOptions.store = new RedisStore(options.redisOptions)
+  }
+
+  return session(options.sessionOptions)
+}
diff --git a/package.json b/package.json
@@ -0,0 +1,29 @@
+{
+  "name": "kth-node-session",
+  "version": "1.0.0",
+  "description": "A Node.js module for setting up session middleware for Express.js apps.",
+  "main": "index.js",
+  "scripts": {
+    "codecheck": "standard",
+    "preversion": "npm run codecheck",
+    "postversion": "git push && git push --tags"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/KTH/kth-node-session"
+  },
+  "keywords": [],
+  "license": "MIT",
+  "devDependencies": {
+    "express": "^4.13.4",
+    "standard": "^7.0.1"
+  },
+  "dependencies": {
+    "connect-redis": "^3.0.2",
+    "express-session": "^1.13.0",
+    "lodash": "^4.12.0"
+  },
+  "files": [
+    "index.js"
+  ]
+}
diff --git a/test/integration/server.js b/test/integration/server.js
@@ -0,0 +1,51 @@
+'use strict'
+
+const express = require('express')
+const url = require('url')
+const session = require('../../index')
+const app = express()
+
+app.use(session({
+  useRedis: true,
+  key: 'test.sid',
+  sessionOptions: {
+    secret: 'hello',
+    cookie: {
+      // should be true in production (requires https)
+      secure: false
+    }
+  }
+}))
+
+app.use((req, res, next) => {
+  if (req.url === '/') {
+    next()
+    return
+  }
+
+  if (!req.session.views) {
+    req.session.views = {}
+  }
+
+  const pathname = url.parse(req.url).pathname
+  req.session.views[pathname] = (req.session.views[pathname] || 0) + 1
+
+  next()
+})
+
+app.get('/foo', (req, res) => {
+  res.type('text')
+  res.send(`/foo viewed ${req.session.views['/foo']} times`)
+})
+
+app.get('/bar', (req, res) => {
+  res.type('text')
+  res.send(`/bar viewed ${req.session.views['/bar']} times`)
+})
+
+app.get('/', (req, res) => {
+  res.type('text')
+  res.send('no session modified')
+})
+
+app.listen(5000)