Ghost/ghost/members-ssr
Chris Raible 4a6d427673
Removed members caching cookies when no member is logged in (#20349)
ref
https://linear.app/tryghost/issue/KTLO-58/dont-send-ghost-acess-cookies-if-no-member-is-logged-in

- Currently when member's caching is enabled, but no member is logged
in, we always send `ghost-access=null;` and `ghost-access-hmac=null;`
cookies in the requests to `/members/api/member/`. This is done to clear
the cookies, but an unintended consequence is that these requests can
never be cached since there is a cookie in the response.
- This PR removes the cookies from the requests when no member is logged
in, the cookies will not be sent, allowing the requests to be cached
- It also unsets the cookies when deleting a member's session, so that
the cookies are not sent in the requests after the member logs out
- This should improve the cache hit ratio with members caching enabled
2024-06-06 16:28:36 -07:00
..
lib Removed members caching cookies when no member is logged in (#20349) 2024-06-06 16:28:36 -07:00
test Removed trailing commas from .eslintrc.js 2021-07-14 12:04:46 +01:00
.eslintrc.js Removed trailing commas from .eslintrc.js 2021-07-14 12:04:46 +01:00
example.js Added eslint rule for file naming convention 2023-05-09 12:34:34 -04:00
index.js Added eslint rule for file naming convention 2023-05-09 12:34:34 -04:00
package.json Update TryGhost packages 2024-05-27 16:58:32 +02:00
README.md Tidied up package READMEs 2022-07-25 15:17:12 +02:00

Members Ssr

Usage

const MembersSSR = require('./');

const {
    exchangeTokenForSession,
    getMemberDataFromSession,
    deleteSession
} = MembersSSR({
    cookieMaxAge: 1000 * 60 * 60 * 24 * 184, // 184 days max cookie age (default)
    cookieSecure: true, // Secure cookie (default)
    cookieName: 'members-ssr', // Name of cookie (default)
    cookiePath: '/', // Path of cookie (default)
    cookieKeys: 'some-coole-secret', // Key to sign cookie with
    getMembersApi: () => membersApiInstance // Used to fetch data and verify tokens
});

const handleError = res => err => {
    res.writeHead(err.statusCode);
    res.end(err.message);
};

require('http').createServer((req, res) => {
    if (req.method.toLowerCase() === 'post') {
        exchangeTokenForSession(req, res).then((member) => {
            res.writeHead(200);
            res.end(JSON.stringify(member));
        }).catch(handleError(res));
    } else if (req.method.toLowerCase() === 'delete') {
        deleteSession(req, res).then(() => {
            res.writeHead(204);
            res.end();
        }).catch(handleError(res));
    } else {
        getMemberDataFromSession(req, res).then((member) => {
            res.writeHead(200, {
                'Content-Type': 'application/json'
            });
            res.end(JSON.stringify(member));
        }).catch(handleError(res));
    }
}).listen(3665);