18.0.0 • Published 2 years ago

session-rememberme v18.0.0

Weekly downloads
114
License
MIT
Repository
github
Last release
2 years ago

session-rememberme

This express/connect middleware adds "remember me" feature with the best practices as described in this post.

Installation

npm: npm install session-rememberme

Usage

Note: all examples are in coffeescript

options =
    # The name of the cookie used to store the rememberme info. Defaults to 'rememberme'.
    cookieName : 'rememberme'
    
    # How log should the user be remembered. Defaults to 90 days.
    maxAge: 90 * 24 * 60 * 60 * 1000
    
    checkAuthenticated: ( req ) ->
      # Return true if session is already authenticated
      return req.session? && req.session?.user?
    
    # cookieUser: The user data persisted in cookie. Could be an id or a complex id that will be serialized with JSON.stringify.
    # cb ( err, userRememberMeTokens[], sessionUser ):
    #   err: Error loading user. This will end to request but keep the cookie intact. If you want to clear the cookie (because the user is not found for example), pass null in `userTokens` and `sessionUser`.
    #   userRememberMeTokens: The list of rememberme tokens associated with the user
    #   sessionUser: The user (typically the user id) to save in session. Will be passed back to setUserInSession
    loadUser: ( cookieUser, cb ) ->
      # Should load the session user (from DB) based on user info stored in cookie.
      return
    
    # Will be called with sessionUser passed to loadUser's cb sessionUser when the rememember me token was validated.
    # req: the express Request object.
    # sessionUser: the user loaded by loadUser. Typically the user id.
    setUserInSession: ( req, sessionUser ) ->
      # Should store user information in session. This can then be used in checkAuthenticated.
      req.session.user = sessionUser
      
    # Called when a token is invalidated
    # sessionUser: the user loaded by loadUser. Typically the user id.
    # token: the token to delete
    # cb (err)
    deleteToken: ( sessionUser, token, cb ) ->
      # Should remove the token from persistence store
      return
    
    # Called when an attack is suspected
    # sessionUser: the user loaded by loadUser. Typically the user id.
    # cb (err)
    deleteAllTokens: ( sessionUser, cb ) ->
      # Should remove all tokens from persistence store
      return
  
    # sessionUser: the user loaded by loadUser. Typically the user id.
    # newToken: the newly generated token that should be added to persistence store
    # cb (err)
    saveNewToken: ( sessionUser, newToken, cb ) ->
      return

rememberme = require("session-rememberme")( options )

To use as express middleware:

app = express()
app.use( rememberme.middleware )

When a user successfully login and the "remember me" option was selected:

rememberme.login user.id, user.id, res, ( err ) ->
    # Continue request handling

When a user logout:

rememberme.logout req, res, user.id, ( err ) ->
    # Continue request handling

Sails example:

Create api/services/RememberMeService.coffee:

# cookieUser is always User.id

options = 
  checkAuthenticated: ( req ) ->
    return req.session? && req.session?.user?
  
  loadUser: ( cookieUser, cb ) ->
    User.findOneById( cookieUser ).exec ( err, user ) ->
      cb null, user.rememberMeTokens, user.id
  
  # Will be called with sessionUser passed to loadUser's cb sessionUser when the rememember me token was validated.
  setUserInSession: ( req, sessionUser ) ->
    req.session.user = sessionUser
    
  deleteToken: ( sessionUser, token, cb ) ->
    User.findOneById( sessionUser ).exec ( err, user ) ->
      return cb err if err
      user.rememberMeTokens = _.without sessionUser.rememberMeTokens, token
      user.save ( err, user ) ->
        cb err
  
  deleteAllTokens: ( sessionUser, cb ) ->
    User.findOneById( sessionUser ).exec ( err, user ) ->
      return cb err if err
      user.rememberMeTokens = []
      user.save ( err, user ) ->
        cb err

  saveNewToken: ( sessionUser, newToken, cb ) ->
    User.findOneById( sessionUser ).exec ( err, user ) ->
      return cb err if err
      user.rememberMeTokens ?= []
      user.rememberMeTokens.push newToken
      user.save ( err, user ) ->
        cb err

_.merge exports, require("session-rememberme")( options )

Assuming User defined as:

module.exports =

  attributes:
    ...

    rememberMeTokens:
      type: 'array'
    
    ...

Edit config/http.coffee:

order: [
    ...
    "session"
    "rememberme"
    ...
  ]

  rememberme: (req, res, next) ->
    RememberMeService.middleware(req, res, next)

In your controller, after successful login:

RememberMeService.login user.id, user.id, res, ( err ) ->

In your controller, after successful logout:

RememberMeService.logout req, res, user.id, ( err ) ->
webmiddlewareconnectsessionrememberme
bcryptbluebirdlodash
@infinitebrahmanuniverse/nolb-ses@everything-registry/sub-chunk-2740
18.0.0

2 years ago

14.0.0

3 years ago

14.0.1

3 years ago

7.0.5

4 years ago

7.0.4

4 years ago

7.0.3

4 years ago

7.0.2

4 years ago

7.0.1

4 years ago

7.0.0

4 years ago

6.0.0

5 years ago

5.0.0

6 years ago

4.0.0

6 years ago

3.0.0

7 years ago

2.0.1

9 years ago

2.0.0

9 years ago

1.0.2

9 years ago

1.0.1

9 years ago

1.0.0

9 years ago