Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Session Stores #190

Merged
merged 12 commits into from
Feb 23, 2021
Merged

Custom Session Stores #190

merged 12 commits into from
Feb 23, 2021

Conversation

davidpatrick
Copy link
Contributor

@davidpatrick davidpatrick commented Feb 9, 2021

Introduce the ability for a user to specify a custom session store for the session data to be stored. Custom stores will need to be compatible with express session middleware https://github.com/expressjs/session#compatible-session-stores

See: #143

@lgtm-com
Copy link
Contributor

lgtm-com bot commented Feb 9, 2021

This pull request introduces 2 alerts when merging 7ffdc03 into bcc141a - view on LGTM.com

new alerts:

  • 2 for Unused variable, import, function or class

@davidpatrick davidpatrick marked this pull request as ready for review February 12, 2021 18:09
@davidpatrick davidpatrick requested a review from a team as a code owner February 12, 2021 18:09
@adamjmcgrath adamjmcgrath requested a review from panva February 15, 2021 11:47
@adamjmcgrath adamjmcgrath changed the base branch from master to 2.3.0-beta.0 February 15, 2021 13:18
@adamjmcgrath adamjmcgrath added the review:large Large review label Feb 15, 2021
Copy link
Contributor

@adamjmcgrath adamjmcgrath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - see what @panva thinks too

const { get: getConfig } = require('../lib/config');
const { create: createServer } = require('./fixture/server');
const redis = require('redis-mock');
const RedisStore = require('connect-redis')({ Store: class Store {} });
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is bit of a pain, most session stores expect the express-session instance to define the store interface

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a pretty awkward import. We could alternatively have them pass in the connector (default export) with store options, and then expose then instantiated the store.

Comment on lines 292 to 298
const { end: origEnd } = res;
res.end = async function resEnd(...args) {
await store.set(existingSessionValue, req, res, {
iat,
});
origEnd.call(res, ...args);
};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How are storage errors propagated?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming you'd log them on the store instance (or the client instance that the store is using, eg https://github.com/tj/connect-redis#how-to-log-redis-errors)

I don't think express-sessions has a better solution than this

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm... actually, maybe we do need to do something with the next https://github.com/expressjs/session/blob/master/index.js#L337

I thought res.end was too late to call it but maybe not...

@@ -1,9 +1,9 @@
const Joi = require('@hapi/joi');
const clone = require('clone');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adamjmcgrath what is the reason for this clone in the first place? I can't remember.

@davidpatrick what is the reason for this deletion?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I deleted it because I didn't want to clone the store instance (in case user's added event listeners to it etc.)

I believe it was there to prevent unwanted mutations to the user's config, but objects passed into joi are effectively immutable and mutating the store instance is desirable (adding event listeners etc.) - so I don't think it's necessary (I removed it for the Next SDK as well)

@panva
Copy link
Contributor

panva commented Feb 16, 2021

In the example i'd like to see how to use this feature with the existing list of express-session stores.

@adamjmcgrath
Copy link
Contributor

In the example i'd like to see how to use this feature with the existing list of express-session stores.

👍 We can change the example to use something like https://www.npmjs.com/package/memorystore? (don't want the user to have to run something like redis or memcached to get an example running)

Copy link
Contributor

@adamjmcgrath adamjmcgrath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a failing test for the storage error handling 2f213cb

@adamjmcgrath adamjmcgrath changed the base branch from 2.3.0-beta.0 to 2.3-beta February 23, 2021 14:55
@adamjmcgrath adamjmcgrath merged commit 891b979 into 2.3-beta Feb 23, 2021
@adamjmcgrath adamjmcgrath deleted the custom-session-stores branch February 23, 2021 14:56
@adamjmcgrath adamjmcgrath mentioned this pull request Mar 10, 2021
adamjmcgrath added a commit that referenced this pull request Mar 11, 2021
* Custom Session Stores (#190)

* Custom Session Stores

* Updates

* Add custom store tests

* Update custom store tests

* missed lock file

* clearCookie needs domain and path

* updates

* storage errors test case

* add storage error propagation

* Add memorystore example and `auth.Store` helper

* Add docs/example, move config option to session config

Co-authored-by: adamjmcgrath <adam.mcgrath@auth0.com>

* Release 2.3.0-beta.0 (#196)

* Release 2.3.0

Co-authored-by: David Patrick <david.patrick@auth0.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
review:large Large review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants