Sign upLogin

jay-depot/turnpike

View on GitHub
Star
lib/server/middleware/SessionWrapper.js

Summary

Maintainability
A
1 hr
Test Coverage
var connect = require('express');
var GlobalConfig = require('./../../config');

/**
 * @in turnpike.server.middleware
 * @namespace
 */
var SessionWrapper = {};


SessionWrapper.csrf = function() { return function (req, res, next) { next(); }; };
SessionWrapper.csrf.state = false;

/**
 * By default, sessions, and therefore CSRF, are off.
 * This can be handy for things like, say, UI-less REST services that are using OAuth instead.
 * This method enables them.
 */
SessionWrapper.enable = function() {
  SessionWrapper.status = true;
};

//And it's almost as simple to change the storage engine.
//Since we like DRY code, setting a storage engine also enables sessions.
SessionWrapper.setSessionStorage = function(engine) {
  if (engine) {
    SessionWrapper.enable();
    SessionWrapper.engine = engine;
    //In almost every case, if you're using sesssions, you want CSRF protection too.
    SessionWrapper.useCsrf(true);
  }
};

//But, If you know what you're doing, it's easy to turn CSRF protection off again.
SessionWrapper.useCsrf = function(state) {
  if (state) {
    SessionWrapper.csrf = require('csurf');
    SessionWrapper.csrf.state = true;
  }
  else {
    SessionWrapper.csrf = function() { return function (req, res, next) { next(); }; };
    SessionWrapper.csrf.state = false;
  }
};

//This method is pure plumbing. It wraps Express' sessions so this module can handle them.
SessionWrapper.turnpikeSession = function() {
  var settings = { secret: GlobalConfig.session_secret };
  var engine = function(req, res, next) {console.log('no session engine');next();};
  var session = require('express-session');
  var express_session;

  if (SessionWrapper.status) {
    if (SessionWrapper.engine) {
      settings.store = SessionWrapper.engine;
    }
    settings.secret = GlobalConfig.session_secret;
    settings.resave = true;
    settings.saveUninitialized = false;
    express_session = session(settings);

    engine = function (req, res, next) {
      express_session(req, res, function() {
        req.session.messages = req.session.messages || [];

        //UI Messages:
        req.session.setMessage = function(message, callback) {
          /*
           * message should be an object with the following properties:
           * text: A String equal to the HTML formatted text of the message itself.
           * type: a String equal to one of
           *       success
           *       info
           *       warn
           *       error
           */

          req.session.messages.push(message);
          req.session.save(callback);
        };

        req.session.getMessages = function(cb) {
          /*
           * Returns an array containing all messages set against the session.
           * This method clears all of the set messages. If you don't intend
           * to display them, you should probably set them again, or access
           * them some other way.
           */

          var messages = req.session.messages;
          req.session.messages = [];

          req.session.save(function(err){
            cb(err, messages);
          });
        };

        next(false, req, res);
      });
    };
  }

  return engine;
};


module.exports = SessionWrapper;