octo8080x / fresh-session Goto Github PK
View Code? Open in Web Editor NEWDead simple cookie-based session for Deno Fresh.
Dead simple cookie-based session for Deno Fresh.
Using the lasted version of fresh-session 0.2.1
and doing deno check ./main.ts
on a fresh project using it will generate the following issue:
TS2305 [ERROR]: Module '"https://deno.land/x/[email protected]/mod.ts"' has no exported member 'WithSession'.
it works on 0.2.0. It seems that the WithSession
type has been moved to an interface.ts
file that is not re-exported by mod.ts
Hey Steven, just want to thank you for making this. Works perfectly on my new portfolio site. I'm sure you're busy but was hoping you could help me with a noob issue.
I'm getting a Typescript "Headers are immutable." error when using a "deno_grant" library for oauth2.
Basically when the client is redirecting the user to another site (https://discord.com/api/oauth2/authorize...), I'm getting this error.
I am still trying to wrap my head around the cookie session flow. Anyway, appreciate it!
Whenever I try to load a page which requires the session this error appears.
An error occurred during route handling or page rendering. ReferenceError: Worker is not defined
at hash (https://deno.land/x/[email protected]/src/main.ts:11:18)
at Register (file:///src/src/database/controller.ts:19:25)
at GET (file:///src/routes/signup.tsx:12:26)
at routes.<computed> (https://deno.land/x/[email protected]/src/server/context.ts:319:81)
at https://crux.land/api/get/uYQG.ts:83:42
at https://deno.land/x/[email protected]/src/server/context.ts:208:31
at Object.next (https://deno.land/x/[email protected]/src/server/context.ts:200:44)
at cookieSession (https://deno.land/x/[email protected]/src/stores/cookie.ts:65:32)
at async Server.#respond (https://deno.land/[email protected]/http/server.ts:219:24)
What is the cause and the required fix?
Since Deno itself already supports WebCrypto, is it possible to drop iron_webcrypto?
Deno Fresh itself lacks many essentials such as auth, new users may be relunctant to understand yet another repo just to use fresh-session.
I cannot see any mechanism to rotate the session key in order to prevent session fixation attack when using this library for authentication
I would like to be able to rotate the session key during a successful login. Maybe something like
// email/password validation code...
ctx.state.session.rotate()
ctx.state.session.set("userId", "....");
return new Response...
I'm using fresh-session
with [email protected]
, and I ran into an issue when running deno cache
:
error: pragma cannot be set when runtime is automatic at https://deno.land/x/[email protected]/src/server/default_error_page.tsx:1:1
The command '/bin/sh -c deno cache main.ts --import-map=import_map.json' returned a non-zero code: 1
Fresh supports JSX automatic mode from 1.1.0
, so this shouldn't be a problem. Unfortunately fresh-session
depends on [email protected]
:
# src/deps.ts:
export type { MiddlewareHandlerContext } from "https://deno.land/x/[email protected]/server.ts";
I worked around this by adding the following entry in import_maps.json
:
{
"imports": {
...,
"https://deno.land/x/[email protected]/": "https://deno.land/x/[email protected]/"
}
}
While this workaround works, should this be addressed by fresh-session by, for example, bumping the dependency?
Currently, session are not typed, we are loosing typing when accessing data.
As a quick fix, we can always use as
but it's not ideal.
Typing session directly from the session creation would be better.
Is there a max session size that is allowed? For cookie session?
Hello @xstevenyung san.
The latest version on github and the latest version on deno.land/x seem to be out of sync.
I think the next one will be 0.1.9, can I tag it?
Fresh Session uses the secret key from your environment variable APP_KEY.
Wouldn't it be more convenient to pass secret key as a string to cookieSession
instead of APP_KEY
. Then you could obtain this secret key from where ever you want. Now this is a sort of magic variable that must be set.
At the moment, Fresh Session only support cookie session based on JWT and Redis (thanks to @Octo8080X ).
Remix provide a nice way to create session storage that we can take inspiration from https://remix.run/docs/en/v1/api/remix#createsessionstorage
After implementing this, we should rewrite all existing adapter to use our new function
There's a problem with the typing of the example in the README. Here's my code:
import { connect } from "redis/mod.ts";
import { redisSession } from "fresh-session/mod.ts";
const redis = await connect({
port: REDIS_PORT,
hostname: REDIS_HOSTNAME,
});
export const { handler }: Middleware<State> = {
handler: [
redisSession(redis, {
secure: true,
httpOnly: true,
sameSite: "Strict",
maxAge: Number.MAX_SAFE_INTEGER,
})
]
};
"redis/": "https://deno.land/x/[email protected]/",
"fresh-session/": "https://deno.land/x/[email protected]/",
Argument of type 'Redis' is not assignable to parameter of type 'Store'.
Type 'Redis' is missing the following properties from type 'Store': set, get, del
Deno.kv was released.
Although it is a trial version, it is expected that a session module using Deno.kv will be developed.
We would like to create this, what do you think?
A new version of Fresh-session is available.
We have enhanced type support, plugin support, and various options.
And we have added new automated tests using plugins.
The keys of the values held in session are now also constrained.
https://deno.land/x/[email protected]
https://github.com/Octo8080X/fresh-session/tree/feature/next_version
Please give us your feedback.
Pinging people who have to everyone who has contributed so far @xstevenyung @digitaldesigndj @sylc @hugopeixoto @raLaaaa @trchristensen
In the latest version of fresh (1.4.3) it does not detect the APP_KEY variable in the .env file.
[FRESH SESSION] Warning: We didn't detect a env variable APP_KEY
, if you are in production please fix this ASAP to avoid any security issue.
The example documentation in README.md does not work as the WithSession
type has been removed. Reverting to 0.2.0 fixes the example code, as well as re-implementing WithSession
at the time of usage in the middleware and any handlers. It's not clear to me if removing this was a mistake or the docs should just be updated.
I do see the type exists in a new interface.ts file, perhaps it just needs to be exported from mod.ts?
Instead of opening an issue I initially tried to open a PR with an updated README but I'm receiving permission denied pushing a new branch.
Thanks to @Octo8080X work, we now have access to a Redis store for session.
We need to add some documentation (inspiration can be taken from the PR #3) to help people understand how to work with it.
Once this fix is released, it will be made into a plugin.
Can we have 0.2.2 to include this fix:
I am trying fresh 1.3.0 and typescript complains since I import stuff from 1.3.0 but fresh-session 0.2.0 imports from 1.0.1:
So if fresh could be updated as well that would be great.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.