Nov 192016

Author

Peter Širka in Total.js Platform

How to create a session middleware?

We create a session middleware for Total.js application in this blog post. It's easy and useful.

How to create a session middleware?

We create a simple middleware

You can save the code below as your-app/definitions/session.js:

const COOKIE = '__session';
const TIMEOUT = '10 minutes';
const SESSION = {};

// We register a new middleware `session`
F.middleware('session', function(req, res, next, options, controller) {

    var cookie = req.cookie(COOKIE);
    var ip = req.ip.hash().toString();

    // A simple prevention for session hijacking
    if (cookie) {
        var arr = cookie.split('|');
        if (arr[1] !== ip)
            cookie = null;
    }

    if (!cookie) {
        cookie = U.GUID(15) + '|' + ip;

        // Writes cookie
        res.cookie(COOKIE, cookie);
    }

    var session = SESSION[cookie];
    if (session)
        req.session = session;
    else
        SESSION[cookie] = req.session = {};

    // Extends session timeout
    req.session.ticks = F.datetime;
    next();
});

// Clears expired sessions
F.on('service', function(counter) {

    // each 2 minutes
    if (counter % 2 !== 0)
        return;

    var ticks = F.datetime.add('-' + TIMEOUT);

    Object.keys(SESSION).forEach(function(key) {
        var session = SESSION[key];
        if (session.ticks < ticks)
            delete SESSION[key];
    });
});

constant SESSION contains all active sessions
constant TIMEOUT contains expiration time for a session
constant COOKIE contains a cookie name

Usage

Now we can use the middleware, so create/modify a controller e.g. /your-app/controllers/default.js:

exports.install = function() {
    F.route('/', view_index, ['#session']);
};

function view_index() {
    // this === controller
    var self = this;

    if (self.session.counter === undefined)
        self.session.counter = 0;
       
    self.session.counter++;
    self.view('index');
}

What have we done in the code above?

we created a route to homepage F.route('/', action, [flags])
the route contains session middleware, which we created
then we used controller.session in the controller's action

Extend middleware by adding e.g. events

Now it's very easy to extend functionality of middleware. So I extend the code below:

F.middleware('session', function(req, res, next, options, controller) {

    // ...
    // ...
    // ...

    var session = SESSION[cookie];
    if (session)
        req.session = session;
    else {
        SESSION[cookie] = req.session = {};
        
        // When the session is created then framework emits the event "session-new"
        F.emit('session-new', req, res, req.session);
    }

    // ...
    // ...
    // ...
});

// Clears expired sessions
F.on('service', function(counter) {

    // ...
    // ...
    // ...

    Object.keys(SESSION).forEach(function(key) {
        var session = SESSION[key];
        if (session.ticks < ticks) { 
            delete SESSION[key];

            // When the session is expired then framework emits the event "session-remove"
            F.emit('session-remove', session);
        }
    });
    
    // ...
    // ...
    // ...    
});

Usage:

You can use the code below in each .js file on the server-side in Total.js.

F.on('session-new', function(req, res, session) {
    // new session
});

F.on('session-remove', function(session) {
    // session is removed
});

How to set the middleware to multiple routes together?

F.use() can sets middleware globally - documentation
F.group creates a group of flags for routes - documentation

How to create a session middleware?

We create a simple middleware

Usage

Extend middleware by adding e.g. events

How to set the middleware to multiple routes together?

Other posts from Total.js Platform