Ghost/ghost/members-ssr
Simon Backx 3a78cf48c9
Fixed deleting session when requesting identity for invalid session (#19017)
ref https://ghost.slack.com/archives/C02G9E68C/p1700129928489809

- When the GET /api/session endpoint is called, the session is deleted
if it is invalid
- We don't have a body parser for this GET endoint, and the request
object was passed to the deleteSession handler. This caused a type error
(cannot read properties of undefined)
- We had dangling promise because deleteSession is async and wasn't
awaited, causing random errors in tests
- Added a test that would have caught this earlier
2023-11-16 11:01:50 +00:00
..
lib Fixed deleting session when requesting identity for invalid session (#19017) 2023-11-16 11:01:50 +00:00
test Removed trailing commas from .eslintrc.js 2021-07-14 12:04:46 +01:00
.eslintrc.js Removed trailing commas from .eslintrc.js 2021-07-14 12:04:46 +01:00
example.js Added eslint rule for file naming convention 2023-05-09 12:34:34 -04:00
index.js Added eslint rule for file naming convention 2023-05-09 12:34:34 -04:00
package.json Update Types packages 2023-11-08 12:13:12 +01:00
README.md Tidied up package READMEs 2022-07-25 15:17:12 +02:00

Members Ssr

Usage

const MembersSSR = require('./');

const {
    exchangeTokenForSession,
    getMemberDataFromSession,
    deleteSession
} = MembersSSR({
    cookieMaxAge: 1000 * 60 * 60 * 24 * 184, // 184 days max cookie age (default)
    cookieSecure: true, // Secure cookie (default)
    cookieName: 'members-ssr', // Name of cookie (default)
    cookiePath: '/', // Path of cookie (default)
    cookieKeys: 'some-coole-secret', // Key to sign cookie with
    getMembersApi: () => membersApiInstance // Used to fetch data and verify tokens
});

const handleError = res => err => {
    res.writeHead(err.statusCode);
    res.end(err.message);
};

require('http').createServer((req, res) => {
    if (req.method.toLowerCase() === 'post') {
        exchangeTokenForSession(req, res).then((member) => {
            res.writeHead(200);
            res.end(JSON.stringify(member));
        }).catch(handleError(res));
    } else if (req.method.toLowerCase() === 'delete') {
        deleteSession(req, res).then(() => {
            res.writeHead(204);
            res.end();
        }).catch(handleError(res));
    } else {
        getMemberDataFromSession(req, res).then((member) => {
            res.writeHead(200, {
                'Content-Type': 'application/json'
            });
            res.end(JSON.stringify(member));
        }).catch(handleError(res));
    }
}).listen(3665);