Merge pull request #57 from accounts-js/feature/token-session

changes for token based sessions

Author: pradel

packages/accounts-mongo/.gitignore

@@ -2,5 +2,6 @@ lib/
 node_modules/
 coverage/
 npm-debug.log
+yarn-error.log
 .idea
 lib-es6

packages/accounts-mongo/__tests__/index.ts

@@ -1,9 +1,13 @@
 import * as mongodb from 'mongodb';
 // tslint:disable-next-line
 import { ObjectID } from 'mongodb';
+import { randomBytes } from 'crypto';
 import Mongo from '../src';
 
-let mongo;
+const generateRandomToken = (length: number = 43): string =>
+  randomBytes(length).toString('hex');
+
+let mongo: Mongo;
 let db: mongodb.Db;
 let client: mongodb.MongoClient;
 const user = {
@@ -549,17 +553,18 @@ describe('Mongo', () => {
 
   describe('createSession', () => {
     it('should create session', async () => {
-      const sessionId = await mongo.createSession(
-        session.userId,
-        session.ip,
-        session.userAgent
-      );
+      const token = generateRandomToken();
+      const sessionId = await mongo.createSession(session.userId, token, {
+        ip: session.ip,
+        userAgent: session.userAgent,
+      });
       const ret = await mongo.findSessionById(sessionId);
       expect(ret).toBeTruthy();
       expect(ret._id).toBeTruthy();
       expect(ret.userId).toEqual(session.userId);
       expect(ret.ip).toEqual(session.ip);
       expect(ret.userAgent).toEqual(session.userAgent);
+      expect(ret.token).toEqual(token);
       expect(ret.valid).toEqual(true);
       expect(ret.createdAt).toBeTruthy();
       expect(ret.createdAt).toEqual(new Date(ret.createdAt).getTime());
@@ -568,10 +573,11 @@ describe('Mongo', () => {
 
     it('should create session with extra data', async () => {
       const impersonatorUserId = '789';
+      const token = generateRandomToken();
       const sessionId = await mongo.createSession(
         session.userId,
-        session.ip,
-        session.userAgent,
+        token,
+        { ip: session.ip, userAgent: session.userAgent },
         { impersonatorUserId }
       );
       const ret = await mongo.findSessionById(sessionId);
@@ -581,6 +587,7 @@ describe('Mongo', () => {
       expect(ret.ip).toEqual(session.ip);
       expect(ret.userAgent).toEqual(session.userAgent);
       expect(ret.valid).toEqual(true);
+      expect(ret.token).toEqual(token);
       expect(ret.createdAt).toEqual(new Date(ret.createdAt).getTime());
       expect(ret.updatedAt).toBeTruthy();
       expect(ret.extraData).toEqual({ impersonatorUserId });
@@ -618,6 +625,23 @@ describe('Mongo', () => {
     });
   });
 
+  describe('findSessionByToken', () => {
+    it('should return null for not found session', async () => {
+      const ret = await mongo.findSessionByToken('589871d1c9393d445745a57c');
+      expect(ret).not.toBeTruthy();
+    });
+
+    it('should find session', async () => {
+      const token = generateRandomToken();
+      const sessionId = await mongo.createSession(session.userId, token, {
+        ip: session.ip,
+        userAgent: session.userAgent,
+      });
+      const ret = await mongo.findSessionByToken(token);
+      expect(ret).toBeTruthy();
+    });
+  });
+
   describe('findSessionById', () => {
     it('should return null for not found session', async () => {
       const ret = await mongo.findSessionById('589871d1c9393d445745a57c');
@@ -640,18 +664,22 @@ describe('Mongo', () => {
     });
 
     it('should update session', async () => {
-      const sessionId = await mongo.createSession(
-        session.userId,
-        session.ip,
-        session.userAgent
-      );
+      const token = generateRandomToken();
+      const sessionId = await mongo.createSession(session.userId, token, {
+        ip: session.ip,
+        userAgent: session.userAgent,
+      });
       await delay(10);
-      await mongo.updateSession(sessionId, 'new ip', 'new user agent');
+      await mongo.updateSession(sessionId, {
+        ip: 'new ip',
+        userAgent: 'new user agent',
+      });
       const ret = await mongo.findSessionById(sessionId);
       expect(ret.userId).toEqual(session.userId);
       expect(ret.ip).toEqual('new ip');
       expect(ret.userAgent).toEqual('new user agent');
       expect(ret.valid).toEqual(true);
+      expect(ret.token).toEqual(token);
       expect(ret.createdAt).toBeTruthy();
       expect(ret.updatedAt).toBeTruthy();
       expect(ret.createdAt).not.toEqual(ret.updatedAt);
@@ -667,11 +695,11 @@ describe('Mongo', () => {
     });
 
     it('invalidates a session', async () => {
-      const sessionId = await mongo.createSession(
-        session.userId,
-        session.ip,
-        session.userAgent
-      );
+      const token = generateRandomToken();
+      const sessionId = await mongo.createSession(session.userId, token, {
+        ip: session.ip,
+        userAgent: session.userAgent,
+      });
       await delay(10);
       await mongo.invalidateSession(sessionId);
       const ret = await mongo.findSessionById(sessionId);
@@ -684,13 +712,13 @@ describe('Mongo', () => {
     it('invalidates all sessions', async () => {
       const sessionId1 = await mongo.createSession(
         session.userId,
-        session.ip,
-        session.userAgent
+        generateRandomToken(),
+        { ip: session.ip, userAgent: session.userAgent }
       );
       const sessionId2 = await mongo.createSession(
         session.userId,
-        session.ip,
-        session.userAgent
+        generateRandomToken(),
+        { ip: session.ip, userAgent: session.userAgent }
       );
       await delay(10);
       await mongo.invalidateAllSessions(session.userId);

packages/accounts-mongo/package.json

@@ -7,7 +7,8 @@
   "scripts": {
     "start": "tsc --watch",
     "compile": "tsc",
-    "test": "yarn lint && yarn coverage && yarn prettier-diff",
+    "test":
+      "yarn lint && yarn coverage && yarn prettier-diff && yarn run compile",
     "testonly": "jest --forceExit",
     "lint": "tslint -c tslint.json '{src,__tests__}/**/*.ts'",
     "prettier": "prettier '{src,__tests__}/**/*.ts' 'README.md'",
@@ -34,8 +35,7 @@
       ".(ts|tsx)": "<rootDir>/node_modules/ts-jest/preprocessor.js"
     },
     "testRegex": "./__tests__/.*.ts$",
-    "moduleFileExtensions": ["ts", "js"],
-    "mapCoverage": true
+    "moduleFileExtensions": ["ts", "js"]
   },
   "repository": {
     "type": "git",
@@ -48,13 +48,13 @@
   },
   "homepage": "https://github.com/js-accounts/mongo",
   "devDependencies": {
-    "@accounts/common": "0.1.0-beta.2",
-    "@accounts/server": "0.1.0-beta.2",
+    "@accounts/common": "0.1.0-beta.3",
+    "@accounts/server": "0.1.0-beta.3",
     "@accounts/tslint-config-accounts": "0.0.6",
     "@types/jest": "22.2.0",
     "@types/lodash": "4.14.104",
     "@types/mongodb": "3.0.7",
-    "@types/node": "8.9.4",
+    "@types/node": "9.4.6",
     "codecov": "3.0.0",
     "coveralls": "3.0.0",
     "husky": "0.14.3",
@@ -66,8 +66,8 @@
     "typescript": "2.7.2"
   },
   "peerDependencies": {
-    "@accounts/common": "^0.1.0-beta.0",
-    "@accounts/server": "^0.1.0-beta.0"
+    "@accounts/common": "^0.1.0-beta.3",
+    "@accounts/server": "^0.1.0-beta.3"
   },
   "dependencies": {
     "lodash": "^4.17.4",

packages/accounts-mongo/src/mongo.ts

@@ -1,7 +1,7 @@
 import { ObjectID, Db, Collection } from 'mongodb';
 import { get } from 'lodash';
 import { CreateUserType, UserObjectType, SessionType } from '@accounts/common';
-import { DBInterface } from '@accounts/server';
+import { DBInterface, ConnectionInformationsType } from '@accounts/server';
 
 export interface MongoOptionsType {
   // The users collection name, default 'users'.
@@ -86,6 +86,10 @@ export class Mongo implements DBInterface {
   }
 
   public async setupIndexes(): Promise<void> {
+    await this.sessionCollection.createIndex('token', {
+      unique: true,
+      sparse: true,
+    });
     await this.collection.createIndex('username', {
       unique: true,
       sparse: true,
@@ -346,14 +350,15 @@ export class Mongo implements DBInterface {
 
   public async createSession(
     userId: string,
-    ip?: string,
-    userAgent?: string,
+    token: string,
+    connection: ConnectionInformationsType = {},
     extraData?: object
   ): Promise<string> {
     const session = {
       userId,
-      userAgent,
-      ip,
+      token,
+      userAgent: connection.userAgent,
+      ip: connection.ip,
       extraData,
       valid: true,
       [this.options.timestamps.createdAt]: this.options.dateProvider(),
@@ -370,8 +375,7 @@ export class Mongo implements DBInterface {
 
   public async updateSession(
     sessionId: string,
-    ip: string,
-    userAgent: string
+    connection: ConnectionInformationsType
   ): Promise<void> {
     // tslint:disable-next-line variable-name
     const _id = this.options.convertSessionIdToMongoObjectId
@@ -381,8 +385,8 @@ export class Mongo implements DBInterface {
       { _id },
       {
         $set: {
-          ip,
-          userAgent,
+          userAgent: connection.userAgent,
+          ip: connection.ip,
           [this.options.timestamps.updatedAt]: this.options.dateProvider(),
         },
       }
@@ -417,12 +421,24 @@ export class Mongo implements DBInterface {
     );
   }
 
-  public findSessionById(sessionId: string): Promise<SessionType | null> {
+  public async findSessionByToken(token: string): Promise<SessionType | null> {
+    const session = await this.sessionCollection.findOne({ token });
+    if (session) {
+      session.id = session._id;
+    }
+    return session;
+  }
+
+  public async findSessionById(sessionId: string): Promise<SessionType | null> {
     // tslint:disable-next-line variable-name
     const _id = this.options.convertSessionIdToMongoObjectId
       ? toMongoID(sessionId)
       : sessionId;
-    return this.sessionCollection.findOne({ _id });
+    const session = await this.sessionCollection.findOne({ _id });
+    if (session) {
+      session.id = session._id;
+    }
+    return session;
   }
 
   public async addEmailVerificationToken(