1 let logjson = (await import('@ndcode/logjson')).default
2 let cookie = require('cookie')
3 let crypto = require('crypto')
4 let XDate = require('xdate')
6 return async (env, transaction) => {
7 let cookies = cookie.parse(env.request.headers.cookie || '')
10 let sessions = await (
11 await transaction.get({})
14 let session, expires = new XDate(now)
16 Object.prototype.hasOwnProperty.call(cookies, 'session_key') &&
18 session = await sessions.get(env.session_key = cookies.session_key)
20 now < await session.get('expires', 0)
22 // if session key is already in database, we know the requester supports
23 // cookies, therefore each access extends the session expiry by 1 month
26 // first request for session, maybe a bot, retain session for only 1 day
29 env.session_key = crypto.randomBytes(16).toString('hex')
30 } while (sessions.has(env.session_key))
31 session = transaction.LazyObject()
32 sessions.set(env.session_key, session)
35 await session.set('expires', expires.getTime())
36 env.response.setHeader(
38 `session_key=${env.session_key}; expires=${expires.toUTCString()}; path=/;`
41 env.signed_in_as = await logjson.logjson_to_json(
42 await session.get('signed_in_as', null)