Ghost/ghost/session-service
Daniel Lockyer 54aa9f016b Fixed full Admin test suite running during unit tests
- because of how the npm scripts were set up, we were running the full
  Admin integration tests during the unit tests phase of CI
- this commit renames the majority of `test` to `test:unit` in the
  package.json files, and aliases `test` to `test:unit`
- special packages like Admin have no-op'd `test:unit` scripts so we
  don't end up running its tests
2022-08-15 15:34:52 +02:00
..
lib Added a CSRF bypass to enable OAuth 2021-05-14 17:38:33 +02:00
test Updated Eslint ECMAScript compatibility to 2022 2022-08-09 15:51:40 +02:00
.eslintignore Added @tryghost/session-service module (#35) 2020-04-02 15:26:05 +02:00
.eslintrc.js Remove trailing commas from .eslintrc.js files 2020-08-04 14:48:07 +01:00
index.js Added @tryghost/session-service module (#35) 2020-04-02 15:26:05 +02:00
package.json Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
README.md Tidied up package README and LICENSE files 2022-07-26 15:22:10 +02:00

Session Service

Usage

const SessionService = require('@tryghost/session-service');

const sessionService = SessionService({
    async getSession(req, res) {
        return new Promise((resolve, reject) => {
            require('express-session')(config)(req, res, (err) => {
                if (err) {
                    reject(err);
                }
                resolve(req.session);
            })
        })
    },
    async findUserById({id}) {
        return UserModel.findUserById(id);
    },
    getOriginOfRequest(req) {
        return req.headers.origin;
    }
});

app.use(async (req, res, next) => {
    try {
        const user = await sessionService.getUserForSession(req, res);
        req.user = user;
        next();
    } catch (err) {
        next(err);
    }
});

app.post('/login', async (req, res) => {
    try {
        const user = await UserModel.verify(req.body);
        await sessionService.createSessionForUser(req, res, user);
        res.redirect('/home');
    } catch (err) {
        return next(err);
    }
});

app.post('/logout', async (req, res) => {
   try {
        await sessionService.destroyCurrentSession(req, res);
        res.redirect('/login');
    } catch (err) {
        return next(err);
    }
});