storyblok · eunjae-lee · Jul 15, 2024 · Jul 8, 2024 · Jul 8, 2024 · Jul 8, 2024
diff --git a/.yarn/releases/yarn-3.2.4.cjs b/.yarn/releases/yarn-3.2.4.cjs
diff --git a/.yarnrc b/.yarnrc
diff --git a/.yarnrc.yml b/.yarnrc.yml
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/session-adapters/cookieAdapter.ts b/src/session-adapters/cookieAdapter.ts
diff --git a/src/session-adapters/createCookieAdapter.ts b/src/session-adapters/createCookieAdapter.ts
@@ -0,0 +1,81 @@
+import { expireCookie, getCookie, setCookie, verifyData } from '../utils'
+import jwt from 'jsonwebtoken'
+import { Adapter } from './publicAdapter'
+import { isAppSession } from '../session'
+
+const clientSecret = process.env['CLIENT_SECRET'] || ''
+const defaultSessionKey = 'sb.auth'
+
+type CreateCookieAdapter = (params?: {
+  sessionKey?: string | undefined
+}) => Adapter
+
+export const createCookieAdapter: CreateCookieAdapter = (params) => {
+  const key = params?.sessionKey ?? defaultSessionKey
+
+  const adapter: Adapter = {
+    getSession: ({ req, spaceId, userId }) => {
+      const cookie = getCookie(req, createScopedKey({ spaceId, userId, key }))
+
+      if (!cookie) {
+        return undefined
+      }
+
+      const verifiedData = verifyData(clientSecret, cookie)
+
+      if (!isAppSession(verifiedData)) {
+        return undefined
+      }
+
+      return verifiedData
+    },
+
+    setSession: ({ res, spaceId, userId, session }) => {
+      const expires = createExpirationDate(7)
+
+      const signedData = jwt.sign({ data: session }, clientSecret)
+
+      setCookie(
+        res,
+        createScopedKey({ spaceId, userId, key }),
+        signedData,
+        expires,
+      )
+      return true
+    },
+
+    hasSession: (params) => {
+      const session = adapter.getSession(params)
+      return session !== undefined
+    },
+
+    removeSession: ({ res, spaceId, userId }) => {
+      expireCookie(res, createScopedKey({ spaceId, userId, key }))
+      return true
+    },
+  }
+
+  return adapter
+}
+
+// We do not use `clientId` in cookie adapter,
+// because different plugins will have different domain names,
+// and it's enough to differentiate these cookie values.
+const createScopedKey = ({
+  spaceId,
+  userId,
+  key,
+}: {
+  spaceId: string
+  userId: string
+  key: string
+}) => {
+  return `${spaceId}:${userId}:${key}`
+}
+
+//TODO: extract to util
+const createExpirationDate = (days: number): Date => {
+  const expires = new Date()
+  expires.setDate(expires.getDate() + days)
+  return expires
+}
diff --git a/src/session-adapters/index.ts b/src/session-adapters/index.ts
@@ -1,3 +1,3 @@
-export * from './cookieAdapter'
+export * from './createCookieAdapter'
 export * from './publicAdapter'
 export * from './internalAdapter'
diff --git a/src/session-adapters/internalAdapter.ts b/src/session-adapters/internalAdapter.ts
@@ -13,7 +13,6 @@ import {
 } from '../utils'
 import { AppSession } from '../session/types'
 import { AuthHandlerParams } from '../storyblok-auth-api'
-import { sessionIdentifier } from '../session/sessionIdentifier'
 
 export type InternalAdapter = {
   // session
@@ -52,7 +51,7 @@ type CreateInternalAdapter = ({
   res,
   adapter,
 }: {
-  params: Pick<AuthHandlerParams, 'clientId' | 'clientSecret' | 'sessionKey'>
+  params: Pick<AuthHandlerParams, 'clientId' | 'clientSecret'>
   req: http.IncomingMessage
   res: http.ServerResponse
   adapter: Adapter
@@ -64,65 +63,76 @@ export const createInternalAdapter: CreateInternalAdapter = ({
   res,
   adapter,
 }) => {
-  const sessionKey = sessionIdentifier(params.sessionKey)
-
   return {
     getSession: async ({ spaceId, userId }) => {
-      const session = await adapter.getItem({
-        req,
-        res,
-        clientId: params.clientId,
-        spaceId,
-        userId,
-        key: sessionKey,
-      })
-      if (!session) {
-        return undefined
-      }
       try {
-        return JSON.parse(session) as AppSession
-      } catch (err) {
+        const session = await adapter.getSession({
+          req,
+          res,
+          clientId: params.clientId,
+          spaceId,
+          userId,
+        })
+
+        if (!session) {
+          return undefined
+        }
+
+        return session
+      } catch (e) {
+        console.log('Retrieving the session failed: ', e)
         return undefined
       }
     },
 
     setSession: async ({ spaceId, userId, session }) => {
       try {
-        return await adapter.setItem({
+        const isSessionSet = await adapter.setSession({
           req,
           res,
           clientId: params.clientId,
           spaceId,
           userId,
-          key: sessionKey,
-          value: JSON.stringify(session),
+          session,
         })
-      } catch (err) {
+
+        return isSessionSet
+      } catch (e) {
+        console.log('Setting the session failed: ', e)
         return false
       }
     },
 
-    hasSession: ({ spaceId, userId }) =>
-      adapter.hasItem({
-        req,
-        res,
-        clientId: params.clientId,
-        spaceId,
-        userId,
-        key: sessionKey,
-      }),
+    hasSession: async ({ spaceId, userId }) => {
+      try {
+        const hasSession = await adapter.hasSession({
+          req,
+          res,
+          clientId: params.clientId,
+          spaceId,
+          userId,
+        })
+
+        return hasSession
+      } catch (e) {
+        console.log('Session could not be found: ', e)
+        return false
+      }
+    },
 
     removeSession: async ({ spaceId, userId }) => {
       try {
-        return await adapter.removeItem({
+        const sessionRemoved = await adapter.removeSession({
           req,
           res,
           clientId: params.clientId,
           spaceId,
           userId,
-          key: sessionKey,
         })
-      } catch (err) {
+
+        return sessionRemoved
+      } catch (e) {
+        console.log('Removing the session failed: ', e)
         return false
       }
     },
@@ -133,15 +143,15 @@ export const createInternalAdapter: CreateInternalAdapter = ({
       return true
     },
 
-    getCallbackData() {
+    getCallbackData: () => {
       const cookie = getCookie(req, callbackCookieName)
       const data = verifyData(params.clientSecret, cookie || '') as
         | CallbackCookieData
         | undefined
       return data
     },
 
-    removeCallbackData() {
+    removeCallbackData: () => {
       expireCookie(res, callbackCookieName)
       return true
     },

diff --git a/src/session-adapters/publicAdapter.ts b/src/session-adapters/publicAdapter.ts
@@ -1,42 +1,33 @@
 import { IncomingMessage, ServerResponse } from 'node:http'
+import { AppSession } from '../session'
 
 export type MaybePromise<T> = T | Promise<T>
 
 export type Adapter = {
-  getItem: (params: {
-    req: IncomingMessage
-    res: ServerResponse
-    clientId: string
-    spaceId: string
-    userId: string
-    key: string
-  }) => MaybePromise<string | undefined>
+  getSession: GetSession
+  setSession: SetSession
+  removeSession: RemoveSession
+  hasSession: HasSession
+}
 
-  setItem: (params: {
-    req: IncomingMessage
-    res: ServerResponse
-    clientId: string
-    spaceId: string
-    userId: string
-    key: string
-    value: string
-  }) => MaybePromise<boolean>
+type BaseSessionParams = {
+  req: IncomingMessage
+  res: ServerResponse
+  clientId: string
+  spaceId: string
+  userId: string
+}
 
-  removeItem: (params: {
-    req: IncomingMessage
-    res: ServerResponse
-    clientId: string
-    spaceId: string
-    userId: string
-    key: string
-  }) => MaybePromise<boolean>
+type GetSession = (
+  params: BaseSessionParams,
+) => MaybePromise<AppSession | undefined>
 
-  hasItem: (params: {
-    req: IncomingMessage
-    res: ServerResponse
-    clientId: string
-    spaceId: string
-    userId: string
-    key: string
-  }) => MaybePromise<boolean>
-}
+type SetSession = (
+  params: BaseSessionParams & {
+    session: AppSession
+  },
+) => MaybePromise<boolean>
+
+type RemoveSession = (params: BaseSessionParams) => MaybePromise<boolean>
+
+type HasSession = (params: BaseSessionParams) => MaybePromise<boolean>