Comments (7)
@lirantal can i take this issue ?
from riess.js.
Yep. I didn't describe at all the required change but in short, the idea is to not needing to update in multiple places the sessions storage (right now in express and socket.io).
If you could share how you plan to update the code it would be great so we are aligned and you don't need to incur a lot of changes in the PR.
from riess.js.
Ok.
I was thinking to change express.js & socket.io :
file express.js :
config.sessionStore
? new MongoStore({
url: config.db.uri,
mongoOptions: config.db.options,
collection: config.sessionStore.sessionCollection
})
file socket.io.js :
// Create a MongoDB storage object
var mongoStore = new MongoStore({
url: config.db.uri,
mongoOptions: config.db.options,
collection: config.sessionStore.sessionCollection
});
and
// Use the mongoStorage instance to get the Express session information
mongoStore.get(sessionId, function (err, session) {
if (err) return next(err, false);
if (!session) return next(new Error('session was not found for ' + sessionId), false);
// Set the Socket.io session information
socket.request.session = session;
// Use Passport to populate the user details
passport.initialize()(socket.request, {}, function () {
passport.session()(socket.request, {}, function () {
if (socket.request.user) {
next(null, true);
} else {
next(new Error('User is not authenticated'), false);
}
});
});
});
The idea that I will just use redisStore instead of mongoStore.
I was thinking to use connect-redis what do you think ?
from riess.js.
Right, but how would you actually implement the redis session store integration?
I'm good with redis, but how about if we abstract away the actual lib (redis or mongoose) so that its using a generic utility and we can choose which and whether to enable sessions based on config?
from riess.js.
I was thinking to use 2 strategies (mongoStoryStrat.js & redisStoreStrat.js). My idea is to have a flag on the config to choose the strategy that we need to use and then return a function to express.js/socket.io for instantiate the storeObject. What do you think about ?
from riess.js.
Is this relevant if we move away from using Sessions to using strictly JWT's?
from riess.js.
Even if we do JWTs you might want to make use of long-term refresh tokens and maintain blacklists for revoked tokens so you'd probably still need some kind of persistency, redis or not, to manage that.
from riess.js.
Related Issues (13)
- Databases Support HOT 2
- Some question about the Client side HOT 1
- Suggestion: Plugin-style module architecture HOT 3
- Create a BaseError with toString, getStatus
- Create a sessionsHelper to separate the session store code in socket.io and express from being coupled to MongoDB sessions
- Front-End Part Angular HOT 7
- Directory Structure HOT 9
- Feature: change express.js to class-style HOT 7
- Feature: Make session store configurable
- Bug: initViewEngine should be removed HOT 2
- Feature: configuration HOT 12
- Feature: Testing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from riess.js.