mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-27 04:43:12 +03:00
4a6d427673
ref https://linear.app/tryghost/issue/KTLO-58/dont-send-ghost-acess-cookies-if-no-member-is-logged-in - Currently when member's caching is enabled, but no member is logged in, we always send `ghost-access=null;` and `ghost-access-hmac=null;` cookies in the requests to `/members/api/member/`. This is done to clear the cookies, but an unintended consequence is that these requests can never be cached since there is a cookie in the response. - This PR removes the cookies from the requests when no member is logged in, the cookies will not be sent, allowing the requests to be cached - It also unsets the cookies when deleting a member's session, so that the cookies are not sent in the requests after the member logs out - This should improve the cache hit ratio with members caching enabled |
||
---|---|---|
.. | ||
lib | ||
test | ||
.eslintrc.js | ||
example.js | ||
index.js | ||
package.json | ||
README.md |
Members Ssr
Usage
const MembersSSR = require('./');
const {
exchangeTokenForSession,
getMemberDataFromSession,
deleteSession
} = MembersSSR({
cookieMaxAge: 1000 * 60 * 60 * 24 * 184, // 184 days max cookie age (default)
cookieSecure: true, // Secure cookie (default)
cookieName: 'members-ssr', // Name of cookie (default)
cookiePath: '/', // Path of cookie (default)
cookieKeys: 'some-coole-secret', // Key to sign cookie with
getMembersApi: () => membersApiInstance // Used to fetch data and verify tokens
});
const handleError = res => err => {
res.writeHead(err.statusCode);
res.end(err.message);
};
require('http').createServer((req, res) => {
if (req.method.toLowerCase() === 'post') {
exchangeTokenForSession(req, res).then((member) => {
res.writeHead(200);
res.end(JSON.stringify(member));
}).catch(handleError(res));
} else if (req.method.toLowerCase() === 'delete') {
deleteSession(req, res).then(() => {
res.writeHead(204);
res.end();
}).catch(handleError(res));
} else {
getMemberDataFromSession(req, res).then((member) => {
res.writeHead(200, {
'Content-Type': 'application/json'
});
res.end(JSON.stringify(member));
}).catch(handleError(res));
}
}).listen(3665);