REST Session

Session provider for the travetto rest module.

Install: @travetto/rest-session

npm install @travetto/rest-session

# or

yarn add @travetto/rest-session

This is a module that adds session support to the RESTful API framework. Sessions allow for persistent data across multiple requests. Within the framework the sessions are stored against any Data Modeling Support implementation that provides ModelExpirySupport, as the data needs to be able to be expired appropriately. The list of supported model providers are:

• Data Modeling Support's FileModelService and MemoryModelService
• Redis Model Support
• MongoDB Model Support
• S3 Model Support
• DynamoDB Model Support
• Elasticsearch Model Source A session allows for defining the expiration time, what state the session should be in, as well as the payload (session data). The session and session data are accessible via the @Context parameter as Session and SessionData respectively. Iit can also be accessed via the TravettoRequest as a session property.

Code: Sample Session Usage

import { InjectableFactory } from '@travetto/di';
import { MemoryModelService, ModelExpirySupport } from '@travetto/model';
import { Controller, Put, Get } from '@travetto/rest';
import { SessionData, Session, SessionModelⲐ } from '@travetto/rest-session';

// Applies to entire execution, not just this file
class SessionConfig {
  /**
   * Session provider must be specified. The memory service is sufficient for simple
   *   workloads, buts falls down when dealing with multiple servers
   */
  @InjectableFactory(SessionModelⲐ)
  static getSessionModel(memory: MemoryModelService): ModelExpirySupport {
    return memory;
  }
}

@Controller('/session')
export class SessionRoutes {

  @Put('/info')
  async storeInfo(data: SessionData) {
    data.age = 20;
    data.name = 'Roger'; // Setting data
  }

  @Get('/logout')
  async logout(session: Session) {
    await session.destroy();
  }

  @Get('/info/age')
  async getInfo(data: SessionData) {
    return data.age;
  }
}

This usage should be comparable to express, koa and mostly every other framework.

Session Configuration

The module supports a general set of configuration that should cover the majority of session behaviors:

Code: Session Config

import { AppError, Env } from '@travetto/base';
import { Config } from '@travetto/config';
import { Secret } from '@travetto/schema';

/**
 * Rest session config
 */
@Config('rest.session')
export class SessionConfig {
  /**
   * Should the session auto write
   */
  autoCommit = true;
  /**
   * Max age for a given session
   */
  maxAge = 30 * 60 * 1000; // Half hour
  /**
   * Can the session be renewed
   */
  renew = true;
  /**
   * Should the session support rolling renewals
   */
  rolling = false;
  /**
   * Should the session be signed
   */
  sign = true;
  /**
   * Secret for signing the session
   */
  @Secret()
  secret?: string;
  /**
   * Signature key name
   */
  keyName = 'trv_sid';
  /**
   * Location for auth
   */
  transport: 'cookie' | 'header' = 'cookie';

  postConstruct(): void {
    if (!this.secret && Env.production) {
      throw new AppError('Default session secret is only valid for development use, please specify a config value at rest.session.secret', 'permissions');
    }
  }
}

These are all configurable via the rest.session.* config values. And as a note, in production, a secret is required to be specified.