Skip to content

Latest commit

 

History

History
245 lines (183 loc) · 7.49 KB

README.md

File metadata and controls

245 lines (183 loc) · 7.49 KB

@kikiutils/nitro-session

npm version npm downloads License

Easy-to-use nitro session.

Features

  • 🔄 Continuous session between requests using a cookie or header
  • 💾 Auto-save session
  • 📦 Store session data using a cookie, header, or unjs/unstorage drivers
  • 🔒 Optional strict IP validation to ensure session security
  • 🛠️ TypeScript support

Environment Requirements

  • ESM (ECMAScript Modules) only
  • Nitro version 2.6.x or higher, but below 3.x
  • Node.js version 18 or higher

Installation

  1. Add dependency (example using pnpm).
pnpm add @kikiutils/nitro-session

You can also use yarn, npm, or bun to add the dependency.

  1. Create a server/plugins/session.ts file and add the following code:
import nitroSession from '@kikiutils/nitro-session';

export default defineNitroPlugin((nitroApp) => nitroSession(nitroApp, useRuntimeConfig().nitroSession));
  1. Create a server/utils/session.ts file and add the following code:
export * from '@kikiutils/nitro-session/runtime/utils';

Important

If you encounter warning messages such as [unimport] failed to resolve ..., skip scanning during runtime, updating the unimport version to 3.9.0 or higher will resolve the issue. If updating is not possible, use the following code instead:

export { clearH3EventContextSession, deleteH3EventContextSessionStorageData, getH3EventContextSessionToken, popH3EventContextSession } from '@kikiutils/nitro-session/runtime/utils';

However, if you use this method, you will need to manually update the files whenever new utils are added. Using wildcard exports (*) will automatically export all utils, so it's recommended to use the latest version of unimport to support wildcard exports.

  1. Create a session.d.ts file in the project folder and add the following code:
declare module '@kikiutils/nitro-session' {
  interface H3EventContextSession {
    // Define the session data here.
  }
}

export {};

That's it! You're ready to use sessions in your Nitro app. Check out the configuration and usage instructions below ✨.

Configuration

Configure using runtimeConfig in nitro.config.ts.

export default defineNitroConfig({
  runtimeConfig: {
    nitroSession: {
      // Configure options here
    }
  }
});

For detailed options, refer to the PluginOptions interface in this file.

When using this session module, there are two types of data involved:

  1. Stored Data: This refers to data such as user login information, login time, etc., which can be stored in memory or other specified storage.

  2. Data Token: This refers to the token used to retrieve the corresponding data after the frontend sends a request to the server. This token can be transmitted using cookie or header.

Stored Data

The available storage types are:

  • azure-app-configuration
  • azure-cosmos
  • azure-key-vault
  • azure-storage-blob
  • azure-storage-table
  • cloudflare-kv-binding
  • cloudflare-kv-http
  • cloudflare-r2-binding
  • cookie/header
  • fs
  • fs-lite
  • http
  • lru-cache
  • memory (default)
  • mongodb
  • netlify-blobs
  • planetscale
  • redis
  • vercel-kv

Important

If the driver you are using is not cookie/header or memory, please visit here for additional dependencies and considerations.

When using cookie/header for storage, data will be encrypted and transmitted in requests based on the token type. In this case, no data is stored on the server. Please be aware of potential security risks such as interception, session hijacking, XSS, CSRF, and unauthorized access. Ensure that proper security measures are in place to protect your data.

Example configuration for using Redis as the data storage:

export default defineNitroConfig({
  runtimeConfig: {
    nitroSession: {
      storage: {
        data: {
          driver: 'redis',
          // Options for the corresponding driver
          options: {
            url: 'redis://127.0.0.1:6379'
          }
        }
      }
    }
  }
});

Data Token

The available transmission types are:

  • cookie (default)
  • header

Example configuration for using header as the token transmission method:

export default defineNitroConfig({
  runtimeConfig: {
    nitroSession: {
      storage: {
        token: {
          driver: 'header',
          // Options for the corresponding method
          options: {
            name: 'session',
            setName: 'set-session'
          }
        }
      }
    }
  }
});

When using cookie, the browser will automatically handle the set-cookie in the response and include the cookie in subsequent requests (in most cases).

When using header, you need to handle it manually. Set the token as the value of the key specified by nitroSession.storage.token.options.name when sending a request.

If the response contains a header with the name specified by nitroSession.storage.token.options.setName, you need to save this value and include it as the token in subsequent requests.

The following is an example code using Axios and storing the token in sessionStorage:

import axios from 'axios';

const axiosInstance = axios.create();
axiosInstance.interceptors.request.use((request) => {
  request.headers['session'] = window.sessionStorage.getItem('session');
  return request;
});

axiosInstance.interceptors.response.use((response) => {
  const sessionToken = response.headers['set-session'];
  if (sessionToken !== undefined) sessionToken ? window.sessionStorage.setItem('session', sessionToken) : window.sessionStorage.removeItem('session');
  return response;
});

Usage

You can use event.context.session to access sessions.

The on-change package is used internally to detect changes to the session object. If no changes are detected, no data will be stored and no cookie/header will be set.

server/api/test.ts

export default defineEventHandler((event) => {
  event.context.session.account = 'account';
  event.context.session.username = 'name';
  // Remaining operations...
  return 'success';
});

server/middleware/auth.ts

export default defineEventHandler((event) => {
  const loginedUserId = event.context.session.userId;
  // Remaining operations...
});

Important

The session can only store serializable data.

Runtime Utils

During runtime, the following utils are available for manipulating the session. Related comments and examples are provided in this file.

  • clearH3EventContextSession
  • deleteH3EventContextSessionStorageData
  • getH3EventContextSessionToken
  • popH3EventContextSession

License

MIT License