Optimize sessions and cookies

PR-URL: #105

Author: tshemsedinov

lib/auth.js

@@ -79,7 +79,7 @@ module.exports = application => {
   };
 
   class Session {
-    constructor(token, cookie, sandbox, contextData = { token }) {
+    constructor(token, sandbox, contextData = { token }) {
       const contextHandler = {
         set: (data, key, value) => {
           const res = Reflect.set(data, key, value);
@@ -88,30 +88,31 @@ module.exports = application => {
         }
       };
       this.token = token;
-      this.cookie = cookie;
       this.sandbox = sandbox;
       this.data = contextData;
       this.context = new Proxy(contextData, contextHandler);
     }
   }
 
-  const start = (req, ip, userId) => {
+  const start = (client, userId) => {
     const token = generateToken();
-    const host = parseHost(req.headers.host);
+    const host = parseHost(client.req.headers.host);
+    const ip = client.req.connection.remoteAddress;
     const cookie = `${TOKEN}=${token}; ${COOKIE_HOST}=${host}; HttpOnly`;
     const sandbox = getSandbox();
-    const session = new Session(token, cookie, sandbox);
+    const session = new Session(token, sandbox);
     sessions.set(token, session);
-    cache.set(req, session);
+    cache.set(client.req, session);
     const data = JSON.stringify(session.data);
     db.insert('Session', { userId, token, ip, data });
+    if (client.res) client.res.setHeader('Set-Cookie', cookie);
     return session;
   };
 
-  const restore = async req => {
-    const cachedSession = cache.get(req);
+  const restore = async client => {
+    const cachedSession = cache.get(client.req);
     if (cachedSession) return cachedSession;
-    const { cookie } = req.headers;
+    const { cookie } = client.req.headers;
     if (!cookie) return null;
     const cookies = parseCookies(cookie);
     const token = cookies.token;
@@ -122,18 +123,18 @@ module.exports = application => {
       if (record.data) {
         const data = JSON.parse(record.data);
         const sandbox = getSandbox();
-        session = new Session(token, cookie, sandbox, data);
+        session = new Session(token, sandbox, data);
         sessions.set(token, session);
       }
     }
     if (!session) return null;
-    cache.set(req, session);
+    cache.set(client.req, session);
     return session;
   };
 
-  const remove = (req, res, token) => {
-    const host = parseHost(req.headers.host);
-    res.setHeader('Set-Cookie', COOKIE_DELETE + host);
+  const remove = (client, token) => {
+    const host = parseHost(client.req.headers.host);
+    client.res.setHeader('Set-Cookie', COOKIE_DELETE + host);
     sessions.delete(token);
     db.delete('Session', { token });
   };

lib/server.js

@@ -46,10 +46,11 @@ const closeClients = () => {
 };
 
 class Client {
-  constructor(req, res, application) {
+  constructor(req, res, application, connection) {
     this.req = req;
     this.res = res;
     this.application = application;
+    this.connection = connection;
   }
 
   static() {
@@ -79,9 +80,8 @@ class Client {
     }
     const { req, res } = this;
     const { url } = req;
-    const ip = req.connection.remoteAddress;
     const name = url.substring(METHOD_OFFSET);
-    const session = await this.application.auth.restore(req);
+    const session = await this.application.auth.restore(this);
     const args = await receiveArgs(req);
     const sandbox = session ? session.sandbox : undefined;
     const context = session ? session.context : {};
@@ -100,8 +100,7 @@ class Client {
         return;
       }
       if (!session && access === 'public') {
-        const session = this.application.auth.start(req, ip, result.userId);
-        res.setHeader('Set-Cookie', session.cookie);
+        this.application.auth.start(this, result.userId);
       }
       res.end(JSON.stringify(result));
     } catch (err) {
@@ -141,7 +140,8 @@ const listener = application => (req, res) => {
   }
 };
 
-const apiws = (application, connection, req) => async message => {
+const apiws = async (client, message) => {
+  const { connection, application } = client;
   const { semaphore } = application.server;
   const send = obj => connection.send(JSON.stringify(obj));
   try {
@@ -151,9 +151,8 @@ const apiws = (application, connection, req) => async message => {
     return;
   }
   try {
-    const ip = req.connection.remoteAddress;
     const { method: name, args } = JSON.parse(message);
-    const session = await application.auth.restore(req);
+    const session = await application.auth.restore(client);
     const sandbox = session ? session.sandbox : undefined;
     const context = session ? session.context : {};
     const exp = application.runScript(name, sandbox);
@@ -166,8 +165,8 @@ const apiws = (application, connection, req) => async message => {
     }
     const result = await method(args);
     if (!session && access === 'public') {
-      const session = application.auth.start(req, ip, result.userId);
-      result.token = session.cookie;
+      const session = application.auth.start(client, result.userId);
+      result.token = session.token;
     }
     send(result);
   } catch (err) {
@@ -191,7 +190,10 @@ class Server {
     if (transport.startsWith('ws')) {
       this.ws = new WebSocket.Server({ server: this.instance });
       this.ws.on('connection', (connection, req) => {
-        connection.on('message', apiws(application, connection, req));
+        const client = new Client(req, null, application, connection);
+        connection.on('message', message => {
+          apiws(client, message);
+        });
       });
     }
     this.instance.listen(port, host);