anvil/striker-ui-api/src/session.ts

import expressSession, {
  SessionData,
  Store as BaseSessionStore,
} from 'express-session';

import {
  awrite,
  dbQuery,
  getLocalHostUUID,
  timestamp,
} from './lib/accessModule';
import { getSessionSecret } from './lib/getSessionSecret';
import { isObject } from './lib/isObject';
import { stderr, stdout, stdoutVar, uuidgen } from './lib/shell';

const DEFAULT_COOKIE_ORIGINAL_MAX_AGE = 3600000;

const getWriteCode = (obj: object) => {
  let result: number | undefined;

  if ('write_code' in obj) {
    ({ write_code: result } = obj as { write_code: number });
  }

  return result;
};

export class SessionStore extends BaseSessionStore {
  constructor(options = {}) {
    super(options);
  }

  public destroy(
    sid: string,
    done?: ((err?: unknown) => void) | undefined,
  ): void {
    stdout(`Destroy session ${sid}`);

    try {
      awrite(`DELETE FROM sessions WHERE session_uuid = '${sid}';`, {
        onClose({ stdout: s1 }) {
          const wcode = getWriteCode(isObject(s1).obj);

          if (wcode !== 0) {
            stderr(
              `SQL script failed during destroy session ${sid}; code: ${wcode}`,
            );
          }
        },
        onError(error) {
          stderr(
            `Failed to complete DB write in destroy session ${sid}; CAUSE: ${error}`,
          );
        },
      });
    } catch (error) {
      return done?.call(null, error);
    }

    return done?.call(null);
  }

  public get(
    sid: string,
    done: (err: unknown, session?: SessionData | null | undefined) => void,
  ): void {
    stdout(`Get session ${sid}`);

    let rows: [
      sessionUuid: string,
      userUuid: string,
      sessionModifiedDate: string,
    ][];

    try {
      rows = dbQuery(
        `SELECT
            s.session_uuid,
            u.user_uuid,
            s.modified_date
          FROM sessions AS s
          JOIN users AS u
            ON s.session_user_uuid = u.user_uuid
          WHERE s.session_uuid = '${sid}';`,
      ).stdout;
    } catch (queryError) {
      return done(queryError);
    }

    if (!rows.length) {
      return done(null);
    }

    const {
      0: [, userUuid, sessionModifiedDate],
    } = rows;

    const cookieMaxAge =
      SessionStore.calculateCookieMaxAge(sessionModifiedDate);

    const data: SessionData = {
      cookie: {
        maxAge: cookieMaxAge,
        originalMaxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
      },
      passport: {
        user: userUuid,
      },
    };

    return done(null, data);
  }

  public set(
    sid: string,
    session: SessionData,
    done?: ((err?: unknown) => void) | undefined,
  ): void {
    stdout(`Set session ${sid}`);

    const {
      passport: { user: userUuid },
    } = session;

    try {
      const localHostUuid = getLocalHostUUID();
      const modifiedDate = timestamp();

      awrite(
        `INSERT INTO
            sessions (
              session_uuid,
              session_host_uuid,
              session_user_uuid,
              session_salt,
              modified_date
            )
          VALUES
            (
              '${sid}',
              '${localHostUuid}',
              '${userUuid}',
              '',
              '${modifiedDate}'
            )
          ON CONFLICT (session_uuid)
            DO UPDATE SET session_host_uuid = '${localHostUuid}',
                          modified_date = '${modifiedDate}';`,
        {
          onClose: ({ stdout: s1 }) => {
            const wcode = getWriteCode(isObject(s1).obj);

            if (wcode !== 0) {
              stderr(
                `SQL script failed during set session ${sid}; code: ${wcode}`,
              );
            }
          },
          onError: (error) => {
            stderr(
              `Failed to complete DB write in set session ${sid}; CAUSE: ${error}`,
            );
          },
        },
      );
    } catch (error) {
      return done?.call(null, error);
    }

    return done?.call(null);
  }

  public touch(
    sid: string,
    session: SessionData,
    done?: ((err?: unknown) => void) | undefined,
  ): void {
    stdout(`Touch session ${sid}`);

    try {
      awrite(
        `UPDATE sessions SET modified_date = '${timestamp()}' WHERE session_uuid = '${sid}';`,
        {
          onClose: ({ stdout: s1 }) => {
            const wcode = getWriteCode(isObject(s1).obj);

            if (wcode !== 0) {
              stderr(
                `SQL script failed during touch session ${sid}; code: ${wcode}`,
              );
            }
          },
          onError: (error) => {
            stderr(
              `Failed to complete DB write in touch session ${sid}; CAUSE: ${error}`,
            );
          },
        },
      );
    } catch (error) {
      return done?.call(null, error);
    }

    return done?.call(null);
  }

  public static calculateCookieMaxAge(
    sessionModifiedDate: string,
    cookieOriginalMaxAge: number = DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
  ) {
    const sessionModifiedEpoch = Date.parse(sessionModifiedDate);
    const sessionDeadlineEpoch = sessionModifiedEpoch + cookieOriginalMaxAge;
    const cookieMaxAge = sessionDeadlineEpoch - Date.now();

    stdoutVar({ sessionModifiedDate, sessionDeadlineEpoch, cookieMaxAge });

    return cookieMaxAge;
  }
}

const session = expressSession({
  cookie: { maxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE },
  genid: ({ path }) => {
    const sid = uuidgen('--random').trim();

    stdout(`Generated session identifier ${sid}; request.path=${path}`);

    return sid;
  },
  resave: false,
  saveUninitialized: false,
  secret: getSessionSecret(),
  store: new SessionStore(),
});

export default session;