1 let logjson = (await import('@ndcode/logjson')).default
2 let cookie = require('cookie')
3 let crypto = require('crypto')
4 let XDate = require('xdate')
6 // note: this routine is "almost" idempotent
7 // it will return the same session key each time
8 // expiry may be increased slightly at each call
9 return async (env, transaction) => {
10 let sessions = await (
11 await transaction.get({})
14 let cookies = cookie.parse(env.request.headers.cookie || '')
17 let session, expires = new XDate(now)
19 Object.prototype.hasOwnProperty.call(cookies, 'session_key') &&
20 (session = await sessions.get(cookies.session_key)) !== undefined &&
21 now < await session.get('expires', 0)
23 // if session key is already in database, we know the requester supports
24 // cookies, therefore each access extends the session expiry by 1 month
25 env.session_key = cookies.session_key
29 // first request for session, maybe a bot, retain session for only 1 day
30 if (!Object.prototype.hasOwnProperty.call(env, 'session_key')) {
32 env.session_key = crypto.randomBytes(16).toString('hex')
33 } while (sessions.has(env.session_key))
35 session = await sessions.get(env.session_key, {})
39 await session.set('expires', expires.getTime())
40 env.response.setHeader(
42 `session_key=${env.session_key}; expires=${expires.toUTCString()}; path=/;`
45 env.signed_in_as = await logjson.logjson_to_json(
46 await session.get('signed_in_as', null)