owltide/server/utils/session.ts

import type { H3Event } from "h3";
import { nextSessionId, readSessions, readSubscriptions, writeSessions, writeSubscriptions } from "~/server/database";
import { Session } from "~/shared/types/account";

const oneYearSeconds = 365 * 24 * 60 * 60;

async function removeSessionSubscription(sessionId: number) {
	const subscriptions = await readSubscriptions();
	const index = subscriptions.findIndex(subscription => subscription.sessionId === sessionId);
	if (index !== -1) {
		subscriptions.splice(index, 1);
		await writeSubscriptions(subscriptions);
	}
}

async function clearAccountSessionInternal(event: H3Event, sessions: Session[]) {
	const existingSessionCookie = await getSignedCookie(event, "session");
	if (existingSessionCookie) {
		const sessionId = parseInt(existingSessionCookie, 10);
		const sessionIndex = sessions.findIndex(session => session.id === sessionId);
		if (sessionIndex !== -1) {
			sessions.splice(sessionIndex, 1);
			await removeSessionSubscription(sessionId);
			return true;
		}
	}
	return false;
}

export async function clearAccountSession(event: H3Event) {
	const sessions = await readSessions();
	if (await clearAccountSessionInternal(event, sessions)) {
		await writeSessions(sessions);
	}
	deleteCookie(event, "session");
}

export async function setAccountSession(event: H3Event, accountId: number) {
	const sessions = await readSessions();
	await clearAccountSessionInternal(event, sessions);

	const newSession: Session = {
		accountId,
		id: await nextSessionId(),
	};

	sessions.push(newSession);
	await writeSessions(sessions);
	await setSignedCookie(event, "session", String(newSession.id), oneYearSeconds)
}

export async function refreshAccountSession(event: H3Event, session: Session) {
	await setSignedCookie(event, "session", String(session.id), oneYearSeconds)
}

export async function getAccountSession(event: H3Event) {
	const sessionCookie = await getSignedCookie(event, "session");
	if (sessionCookie) {
		const sessionId = parseInt(sessionCookie, 10);
		const sessions = await readSessions();
		return sessions.find(session => session.id === sessionId);
	}
}

export async function requireAccountSession(event: H3Event) {
	const session = await getAccountSession(event);
	if (!session)
		throw createError({
			status: 401,
			message: "Account session required",
		});
	return session;
}
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out. 2025-03-07 12:41:57 +01:00			`import type { H3Event } from "h3";`
Tie push subscriptions to current session If a user logs out from a device the expectation should be that device no longer having any association with the user's account. Any existing push notifications should thefore be removed on server. For this reason tie push notifications to a session, and remove them when the session is deleted. 2025-03-07 14:11:07 +01:00			`import { nextSessionId, readSessions, readSubscriptions, writeSessions, writeSubscriptions } from "~/server/database";`
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out. 2025-03-07 12:41:57 +01:00			`import { Session } from "~/shared/types/account";`

Make session cookie permament Set a max age for the session cookie to prevent it from expiring when the browser is closed. To prevent the age limit from being being reached the session cookie is refreshed every time the session is loaded. This should fix login being lost when the browser is stopped. 2025-03-11 16:30:51 +01:00			`const oneYearSeconds = 365 * 24 * 60 * 60;`

Tie push subscriptions to current session If a user logs out from a device the expectation should be that device no longer having any association with the user's account. Any existing push notifications should thefore be removed on server. For this reason tie push notifications to a session, and remove them when the session is deleted. 2025-03-07 14:11:07 +01:00			`async function removeSessionSubscription(sessionId: number) {`
			`const subscriptions = await readSubscriptions();`
			`const index = subscriptions.findIndex(subscription => subscription.sessionId === sessionId);`
			`if (index !== -1) {`
			`subscriptions.splice(index, 1);`
			`await writeSubscriptions(subscriptions);`
			`}`
			`}`

Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out. 2025-03-07 12:41:57 +01:00			`async function clearAccountSessionInternal(event: H3Event, sessions: Session[]) {`
			`const existingSessionCookie = await getSignedCookie(event, "session");`
			`if (existingSessionCookie) {`
			`const sessionId = parseInt(existingSessionCookie, 10);`
			`const sessionIndex = sessions.findIndex(session => session.id === sessionId);`
			`if (sessionIndex !== -1) {`
			`sessions.splice(sessionIndex, 1);`
Tie push subscriptions to current session If a user logs out from a device the expectation should be that device no longer having any association with the user's account. Any existing push notifications should thefore be removed on server. For this reason tie push notifications to a session, and remove them when the session is deleted. 2025-03-07 14:11:07 +01:00			`await removeSessionSubscription(sessionId);`
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out. 2025-03-07 12:41:57 +01:00			`return true;`
			`}`
			`}`
			`return false;`
			`}`

			`export async function clearAccountSession(event: H3Event) {`
			`const sessions = await readSessions();`
			`if (await clearAccountSessionInternal(event, sessions)) {`
			`await writeSessions(sessions);`
			`}`
Use deleteCookie to remove session cookie 2025-03-08 00:36:10 +01:00			`deleteCookie(event, "session");`
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out. 2025-03-07 12:41:57 +01:00			`}`

			`export async function setAccountSession(event: H3Event, accountId: number) {`
			`const sessions = await readSessions();`
			`await clearAccountSessionInternal(event, sessions);`

			`const newSession: Session = {`
			`accountId,`
			`id: await nextSessionId(),`
			`};`

			`sessions.push(newSession);`
			`await writeSessions(sessions);`
Make session cookie permament Set a max age for the session cookie to prevent it from expiring when the browser is closed. To prevent the age limit from being being reached the session cookie is refreshed every time the session is loaded. This should fix login being lost when the browser is stopped. 2025-03-11 16:30:51 +01:00			`await setSignedCookie(event, "session", String(newSession.id), oneYearSeconds)`
			`}`

			`export async function refreshAccountSession(event: H3Event, session: Session) {`
			`await setSignedCookie(event, "session", String(session.id), oneYearSeconds)`
Basic account and session system Provide a basic account system with login and server side session store identified by a cookie. Upon successful login a signed session cookie is set by the server with the session stored on the server identifying which account it is logged in as. The client uses a shared useFetch on the session endpoint to identify if it's logged in and which account it is logged in as, and refreshes this when loggin in or out. 2025-03-07 12:41:57 +01:00			`}`

			`export async function getAccountSession(event: H3Event) {`
			`const sessionCookie = await getSignedCookie(event, "session");`
			`if (sessionCookie) {`
			`const sessionId = parseInt(sessionCookie, 10);`
			`const sessions = await readSessions();`
			`return sessions.find(session => session.id === sessionId);`
			`}`
			`}`

			`export async function requireAccountSession(event: H3Event) {`
			`const session = await getAccountSession(event);`
			`if (!session)`
			`throw createError({`
			`status: 401,`
			`message: "Account session required",`
			`});`
			`return session;`
			`}`