Feature: Change MongoDB session store to Redis about riess.js HOT 7 OPEN

@lirantal can i take this issue ?

from riess.js.

Yep. I didn't describe at all the required change but in short, the idea is to not needing to update in multiple places the sessions storage (right now in express and socket.io).
If you could share how you plan to update the code it would be great so we are aligned and you don't need to incur a lot of changes in the PR.

from riess.js.

Ok.

I was thinking to change express.js & socket.io :

file express.js :

config.sessionStore
      ? new MongoStore({
        url: config.db.uri,
        mongoOptions: config.db.options,
        collection: config.sessionStore.sessionCollection
      })

file socket.io.js :

  // Create a MongoDB storage object
  var mongoStore = new MongoStore({
    url: config.db.uri,
    mongoOptions: config.db.options,
    collection: config.sessionStore.sessionCollection
  });

and

  // Use the mongoStorage instance to get the Express session information
      mongoStore.get(sessionId, function (err, session) {
        if (err) return next(err, false);
        if (!session) return next(new Error('session was not found for ' + sessionId), false);

        // Set the Socket.io session information
        socket.request.session = session;

        // Use Passport to populate the user details
        passport.initialize()(socket.request, {}, function () {
          passport.session()(socket.request, {}, function () {
            if (socket.request.user) {
              next(null, true);
            } else {
              next(new Error('User is not authenticated'), false);
            }
          });
        });
      });

The idea that I will just use redisStore instead of mongoStore.

I was thinking to use connect-redis what do you think ?

from riess.js.

Right, but how would you actually implement the redis session store integration?
I'm good with redis, but how about if we abstract away the actual lib (redis or mongoose) so that its using a generic utility and we can choose which and whether to enable sessions based on config?

from riess.js.

I was thinking to use 2 strategies (mongoStoryStrat.js & redisStoreStrat.js). My idea is to have a flag on the config to choose the strategy that we need to use and then return a function to express.js/socket.io for instantiate the storeObject. What do you think about ?

from riess.js.

Is this relevant if we move away from using Sessions to using strictly JWT's?

from riess.js.

Even if we do JWTs you might want to make use of long-term refresh tokens and maintain blacklists for revoked tokens so you'd probably still need some kind of persistency, redis or not, to manage that.

from riess.js.