octo8080x / fresh-session Goto Github PK

Using the lasted version of fresh-session 0.2.1 and doing deno check ./main.ts on a fresh project using it will generate the following issue:

TS2305 [ERROR]: Module '"https://deno.land/x/[email protected]/mod.ts"' has no exported member 'WithSession'.

it works on 0.2.0. It seems that the WithSession type has been moved to an interface.ts file that is not re-exported by mod.ts

Hey Steven, just want to thank you for making this. Works perfectly on my new portfolio site. I'm sure you're busy but was hoping you could help me with a noob issue.

I'm getting a Typescript "Headers are immutable." error when using a "deno_grant" library for oauth2.

Basically when the client is redirecting the user to another site (https://discord.com/api/oauth2/authorize...), I'm getting this error.

I am still trying to wrap my head around the cookie session flow. Anyway, appreciate it!

Whenever I try to load a page which requires the session this error appears.

An error occurred during route handling or page rendering. ReferenceError: Worker is not defined
    at hash (https://deno.land/x/[email protected]/src/main.ts:11:18)
    at Register (file:///src/src/database/controller.ts:19:25)
    at GET (file:///src/routes/signup.tsx:12:26)
    at routes.<computed> (https://deno.land/x/[email protected]/src/server/context.ts:319:81)
    at https://crux.land/api/get/uYQG.ts:83:42
    at https://deno.land/x/[email protected]/src/server/context.ts:208:31
    at Object.next (https://deno.land/x/[email protected]/src/server/context.ts:200:44)
    at cookieSession (https://deno.land/x/[email protected]/src/stores/cookie.ts:65:32)
    at async Server.#respond (https://deno.land/[email protected]/http/server.ts:219:24)

What is the cause and the required fix?

Since Deno itself already supports WebCrypto, is it possible to drop iron_webcrypto?

Deno Fresh itself lacks many essentials such as auth, new users may be relunctant to understand yet another repo just to use fresh-session.

I cannot see any mechanism to rotate the session key in order to prevent session fixation attack when using this library for authentication

I would like to be able to rotate the session key during a successful login. Maybe something like

// email/password validation code...
ctx.state.session.rotate() 
ctx.state.session.set("userId", "....");
return new Response...

I'm using fresh-session with [email protected], and I ran into an issue when running deno cache:

error: pragma cannot be set when runtime is automatic at https://deno.land/x/[email protected]/src/server/default_error_page.tsx:1:1
The command '/bin/sh -c deno cache main.ts --import-map=import_map.json' returned a non-zero code: 1

Fresh supports JSX automatic mode from 1.1.0, so this shouldn't be a problem. Unfortunately fresh-session depends on [email protected]:

# src/deps.ts:
export type { MiddlewareHandlerContext } from "https://deno.land/x/[email protected]/server.ts";

I worked around this by adding the following entry in import_maps.json:

{
  "imports": {
    ...,
    "https://deno.land/x/[email protected]/": "https://deno.land/x/[email protected]/"
  }
}

While this workaround works, should this be addressed by fresh-session by, for example, bumping the dependency?

Currently, session are not typed, we are loosing typing when accessing data.

As a quick fix, we can always use as but it's not ideal.
Typing session directly from the session creation would be better.

Is there a max session size that is allowed? For cookie session?

Hello @xstevenyung san.

The latest version on github and the latest version on deno.land/x seem to be out of sync.

I think the next one will be 0.1.9, can I tag it?

Fresh Session uses the secret key from your environment variable APP_KEY.

Wouldn't it be more convenient to pass secret key as a string to cookieSession instead of APP_KEY. Then you could obtain this secret key from where ever you want. Now this is a sort of magic variable that must be set.

At the moment, Fresh Session only support cookie session based on JWT and Redis (thanks to @Octo8080X ).

Remix provide a nice way to create session storage that we can take inspiration from https://remix.run/docs/en/v1/api/remix#createsessionstorage

After implementing this, we should rewrite all existing adapter to use our new function

There's a problem with the typing of the example in the README. Here's my code:

import { connect } from "redis/mod.ts";
import { redisSession } from "fresh-session/mod.ts";

const redis = await connect({
  port: REDIS_PORT,
  hostname: REDIS_HOSTNAME,
});

export const { handler }: Middleware<State> = {
  handler: [
    redisSession(redis, {
      secure: true,
      httpOnly: true,
      sameSite: "Strict",
      maxAge: Number.MAX_SAFE_INTEGER,
    })
  ]
};

deno.json

"redis/": "https://deno.land/x/[email protected]/",
"fresh-session/": "https://deno.land/x/[email protected]/",

Error:

Argument of type 'Redis' is not assignable to parameter of type 'Store'.
  Type 'Redis' is missing the following properties from type 'Store': set, get, del

@xstevenyung

Deno.kv was released.
Although it is a trial version, it is expected that a session module using Deno.kv will be developed.

We would like to create this, what do you think?

A new version of Fresh-session is available.

We have enhanced type support, plugin support, and various options.
And we have added new automated tests using plugins.
The keys of the values held in session are now also constrained.

https://deno.land/x/[email protected]
https://github.com/Octo8080X/fresh-session/tree/feature/next_version

Please give us your feedback.

Pinging people who have to everyone who has contributed so far @xstevenyung @digitaldesigndj @sylc @hugopeixoto @raLaaaa @trchristensen

In the latest version of fresh (1.4.3) it does not detect the APP_KEY variable in the .env file.

[FRESH SESSION] Warning: We didn't detect a env variable APP_KEY, if you are in production please fix this ASAP to avoid any security issue.

The example documentation in README.md does not work as the WithSession type has been removed. Reverting to 0.2.0 fixes the example code, as well as re-implementing WithSession at the time of usage in the middleware and any handlers. It's not clear to me if removing this was a mistake or the docs should just be updated.

I do see the type exists in a new interface.ts file, perhaps it just needs to be exported from mod.ts?

Instead of opening an issue I initially tried to open a PR with an updated README but I'm receiving permission denied pushing a new branch.

Thanks to @Octo8080X work, we now have access to a Redis store for session.

We need to add some documentation (inspiration can be taken from the PR #3) to help people understand how to work with it.

denoland/fresh#1534

Once this fix is released, it will be made into a plugin.

Can we have 0.2.2 to include this fix:

• #22

I am trying fresh 1.3.0 and typescript complains since I import stuff from 1.3.0 but fresh-session 0.2.0 imports from 1.0.1:

So if fresh could be updated as well that would be great.