Ghost/ghost/members-ssr/index.js

const concat = require('concat-stream');
const Cookies = require('cookies');
const ignition = require('ghost-ignition');

const {
    BadRequestError
} = ignition.errors;

const EMPTY = {};
const SIX_MONTHS_MS = 1000 * 60 * 60 * 24 * 184;

const withCookies = (fn, cookieConfig) => (req, res) => {
    return new Promise((resolve) => {
        const cookies = new Cookies(req, res, cookieConfig);
        resolve(fn(req, res, {cookies}));
    });
};

const withBodyAndCookies = (fn, cookieConfig) => (req, res) => {
    return new Promise((resolve, reject) => {
        const cookies = new Cookies(req, res, cookieConfig);
        req.on('error', reject);
        req.pipe(concat(function (buff) {
            const body = buff.toString();
            resolve(fn(req, res, {body, cookies}));
        }));
    });
};

const get = (value) => {
    return typeof value === 'function' ? value() : value;
};

module.exports = function create(options = EMPTY) {
    if (options === EMPTY) {
        throw new Error('Must pass options');
    }

    const {
        cookieMaxAge = SIX_MONTHS_MS,
        cookieSecure = true,
        cookieName = 'members-ssr',
        cookiePath = '/',
        cookieKeys,
        membersApi
    } = options;

    if (!membersApi) {
        throw new Error('Missing option membersApi');
    }

    if (!cookieKeys) {
        throw new Error('Missing option cookieKeys');
    }

    const cookieConfig = {
        keys: [].concat(cookieKeys),
        secure: cookieSecure
    };

    const getMemberDataFromToken = token => get(membersApi).getMemberDataFromMagicLinkToken(token);

    const exchangeTokenForSession = withBodyAndCookies(async (_req, _res, {body, cookies}) => {
        const token = body;
        if (!body || typeof body !== 'string') {
            return Promise.reject(new BadRequestError({
                message: 'Expected body containing JWT'
            }));
        }

        const member = await getMemberDataFromToken(token);
        cookies.set(cookieName, member.email, {
            signed: true,
            httpOnly: true,
            sameSite: 'lax',
            maxAge: cookieMaxAge,
            path: cookiePath
        });
    }, cookieConfig);

    const deleteSession = withCookies((_req, _res, {cookies}) => {
        cookies.set(cookieName, {
            signed: true,
            httpOnly: true,
            sameSite: 'lax',
            maxAge: cookieMaxAge,
            path: cookiePath
        });
    }, cookieConfig);

    const getMemberDataFromSession = withCookies(async (_req, _res, {cookies}) => {
        try {
            const email = cookies.get(cookieName, {
                signed: true
            });
            return get(membersApi).getMemberIdentityData(email);
        } catch (e) {
            throw new BadRequestError({
                message: `Cookie ${cookieName} not found`
            });
        }
    }, cookieConfig);

    const getIdentityTokenForMemberFromSession = withCookies(async (_req, _res, {cookies}) => {
        try {
            const email = cookies.get(cookieName, {
                signed: true
            });
            return get(membersApi).getMemberIdentityToken(email);
        } catch (e) {
            throw new BadRequestError({
                message: `Cookie ${cookieName} not found`
            });
        }
    });

    return {
        exchangeTokenForSession,
        deleteSession,
        getMemberDataFromSession,
        getIdentityTokenForMemberFromSession
    };
};
Implemented MVP 2019-04-05 09:57:14 +03:00			`const concat = require('concat-stream');`
			`const Cookies = require('cookies');`
			`const ignition = require('ghost-ignition');`

			`const {`
			`BadRequestError`
			`} = ignition.errors;`

			`const EMPTY = {};`
			`const SIX_MONTHS_MS = 1000 * 60 * 60 * 24 * 184;`

Removed request stream consumption unless required no-issue This is to avoid the getMemberDataFromCookie helper consuming the request stream before other handlers can read from it. 2019-05-06 13:23:24 +03:00			`const withCookies = (fn, cookieConfig) => (req, res) => {`
			`return new Promise((resolve) => {`
			`const cookies = new Cookies(req, res, cookieConfig);`
			`resolve(fn(req, res, {cookies}));`
			`});`
			`};`

			`const withBodyAndCookies = (fn, cookieConfig) => (req, res) => {`
Implemented MVP 2019-04-05 09:57:14 +03:00			`return new Promise((resolve, reject) => {`
			`const cookies = new Cookies(req, res, cookieConfig);`
			`req.on('error', reject);`
			`req.pipe(concat(function (buff) {`
			`const body = buff.toString();`
			`resolve(fn(req, res, {body, cookies}));`
			`}));`
			`});`
			`};`

Added support for passing thunk for membersApi no-issue This is to allow support for consumers to dynamically update their membersApi instance, for example when configuration changes, and not have to replace the instance of members-ssr 2019-07-17 09:40:37 +03:00			`const get = (value) => {`
			`return typeof value === 'function' ? value() : value;`
			`};`

Implemented MVP 2019-04-05 09:57:14 +03:00			`module.exports = function create(options = EMPTY) {`
			`if (options === EMPTY) {`
			`throw new Error('Must pass options');`
			`}`

			`const {`
			`cookieMaxAge = SIX_MONTHS_MS,`
			`cookieSecure = true,`
			`cookieName = 'members-ssr',`
			`cookiePath = '/',`
			`cookieKeys,`
			`membersApi`
			`} = options;`

			`if (!membersApi) {`
			`throw new Error('Missing option membersApi');`
			`}`

			`if (!cookieKeys) {`
			`throw new Error('Missing option cookieKeys');`
			`}`

			`const cookieConfig = {`
			`keys: [].concat(cookieKeys),`
			`secure: cookieSecure`
			`};`

Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const getMemberDataFromToken = token => get(membersApi).getMemberDataFromMagicLinkToken(token);`
Implemented MVP 2019-04-05 09:57:14 +03:00
Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const exchangeTokenForSession = withBodyAndCookies(async (_req, _res, {body, cookies}) => {`
Implemented MVP 2019-04-05 09:57:14 +03:00			`const token = body;`
			`if (!body \|\| typeof body !== 'string') {`
Updated to return Promise.reject rather than throw no-issue This is cleaner IMO 2019-04-11 17:10:32 +03:00			`return Promise.reject(new BadRequestError({`
Implemented MVP 2019-04-05 09:57:14 +03:00			`message: 'Expected body containing JWT'`
Updated to return Promise.reject rather than throw no-issue This is cleaner IMO 2019-04-11 17:10:32 +03:00			`}));`
Implemented MVP 2019-04-05 09:57:14 +03:00			`}`

Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const member = await getMemberDataFromToken(token);`
			`cookies.set(cookieName, member.email, {`
			`signed: true,`
			`httpOnly: true,`
			`sameSite: 'lax',`
			`maxAge: cookieMaxAge,`
			`path: cookiePath`
Implemented MVP 2019-04-05 09:57:14 +03:00			`});`
			`}, cookieConfig);`

Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const deleteSession = withCookies((_req, _res, {cookies}) => {`
Added deleteSession method no-issue This will be used for logout 2019-04-11 17:10:53 +03:00			`cookies.set(cookieName, {`
			`signed: true,`
			`httpOnly: true,`
			`sameSite: 'lax',`
			`maxAge: cookieMaxAge,`
			`path: cookiePath`
			`});`
			`}, cookieConfig);`

Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const getMemberDataFromSession = withCookies(async (_req, _res, {cookies}) => {`
Fixed cookie verification handling no-issue turns out the get method fails if the cookie is missing, rather than returning null 2019-04-10 18:02:39 +03:00			`try {`
Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const email = cookies.get(cookieName, {`
Fixed cookie verification handling no-issue turns out the get method fails if the cookie is missing, rather than returning null 2019-04-10 18:02:39 +03:00			`signed: true`
			`});`
Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`return get(membersApi).getMemberIdentityData(email);`
Fixed cookie verification handling no-issue turns out the get method fails if the cookie is missing, rather than returning null 2019-04-10 18:02:39 +03:00			`} catch (e) {`
Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`throw new BadRequestError({`
Implemented MVP 2019-04-05 09:57:14 +03:00			message: `Cookie ${cookieName} not found`
Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`});`
Implemented MVP 2019-04-05 09:57:14 +03:00			`}`
			`}, cookieConfig);`

Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`const getIdentityTokenForMemberFromSession = withCookies(async (_req, _res, {cookies}) => {`
			`try {`
			`const email = cookies.get(cookieName, {`
			`signed: true`
			`});`
			`return get(membersApi).getMemberIdentityToken(email);`
			`} catch (e) {`
			`throw new BadRequestError({`
			message: `Cookie ${cookieName} not found`
			`});`
			`}`
			`});`

Implemented MVP 2019-04-05 09:57:14 +03:00			`return {`
			`exchangeTokenForSession,`
Added deleteSession method no-issue This will be used for logout 2019-04-11 17:10:53 +03:00			`deleteSession,`
Updated members-ssr to work with members-api no-issue This updaes the ssr package to work with the new magic link signin method 2019-09-03 07:34:59 +03:00			`getMemberDataFromSession,`
			`getIdentityTokenForMemberFromSession`
Implemented MVP 2019-04-05 09:57:14 +03:00			`};`
			`};`