@noxnox/nitro-session
v1.3.3-2
Published
Easy-to-use nitro session.
Downloads
54
Maintainers
nox.xouReadme
@kikiutils/nitro-session
Easy-to-use nitro session.
Features
- 🔄 Continuous session between requests using a cookie or header
- 💾 Auto-save session
- 📦 Store session data using a cookie, header, or unjs/unstorage drivers
- 🔒 Optional strict IP validation to ensure session security
- 🛠️ TypeScript support
Environment Requirements
- ESM (ECMAScript Modules) only
- Nitro version 2.6.x or higher, but below 3.x
- Node.js version 18 or higher
Installation
- Add dependency (example using pnpm).
pnpm add @kikiutils/nitro-sessionYou can also use yarn, npm, or bun to add the dependency.
- Create a
server/plugins/session.tsfile and add the following code:
import nitroSession from '@kikiutils/nitro-session';
export default defineNitroPlugin((nitroApp) => nitroSession(nitroApp, useRuntimeConfig().nitroSession));- Create a
server/utils/session.tsfile and add the following code:
export * from '@kikiutils/nitro-session/runtime/utils';[!IMPORTANT] If you encounter warning messages such as
[unimport] failed to resolve ..., skip scanningduring runtime, updating the unimport version to 3.9.0 or higher will resolve the issue. If updating is not possible, use the following code instead:export { clearH3EventContextSession, deleteH3EventContextSessionStorageData, getH3EventContextSessionToken, popH3EventContextSession } from '@kikiutils/nitro-session/runtime/utils';However, if you use this method, you will need to manually update the files whenever new utils are added. Using wildcard exports (
*) will automatically export all utils, so it's recommended to use the latest version of unimport to support wildcard exports.
- Create a
session.d.tsfile in the project folder and add the following code:
declare module '@kikiutils/nitro-session' {
interface H3EventContextSession {
// Define the session data here.
}
}
export {};That's it! You're ready to use sessions in your Nitro app. Check out the configuration and usage instructions below ✨.
Configuration
Configure using runtimeConfig in nitro.config.ts.
export default defineNitroConfig({
runtimeConfig: {
nitroSession: {
// Configure options here
}
}
});For detailed options, refer to the PluginOptions interface in this file.
When using this session module, there are two types of data involved:
Stored Data: This refers to data such as user login information, login time, etc., which can be stored in memory or other specified storage.
Data Token: This refers to the token used to retrieve the corresponding data after the frontend sends a request to the server. This token can be transmitted using cookie or header.
Stored Data
The available storage types are:
- azure-app-configuration
- azure-cosmos
- azure-key-vault
- azure-storage-blob
- azure-storage-table
- cloudflare-kv-binding
- cloudflare-kv-http
- cloudflare-r2-binding
- cookie/header
- fs
- fs-lite
- http
- lru-cache
- memory (default)
- mongodb
- netlify-blobs
- planetscale
- redis
- vercel-kv
[!IMPORTANT] If the driver you are using is not
cookie/headerormemory, please visit here for additional dependencies and considerations.When using
cookie/headerfor storage, data will be encrypted and transmitted in requests based on the token type. In this case, no data is stored on the server. Please be aware of potential security risks such as interception, session hijacking, XSS, CSRF, and unauthorized access. Ensure that proper security measures are in place to protect your data.
Example configuration for using Redis as the data storage:
export default defineNitroConfig({
runtimeConfig: {
nitroSession: {
storage: {
data: {
driver: 'redis',
// Options for the corresponding driver
options: {
url: 'redis://127.0.0.1:6379'
}
}
}
}
}
});Data Token
The available transmission types are:
- cookie (default)
- header
Example configuration for using header as the token transmission method:
export default defineNitroConfig({
runtimeConfig: {
nitroSession: {
storage: {
token: {
driver: 'header',
// Options for the corresponding method
options: {
name: 'session',
setName: 'set-session'
}
}
}
}
}
});When using cookie, the browser will automatically handle the set-cookie in the response and include the cookie in subsequent requests (in most cases).
When using header, you need to handle it manually. Set the token as the value of the key specified by nitroSession.storage.token.options.name when sending a request.
If the response contains a header with the name specified by nitroSession.storage.token.options.setName, you need to save this value and include it as the token in subsequent requests.
The following is an example code using Axios and storing the token in sessionStorage:
import axios from 'axios';
const axiosInstance = axios.create();
axiosInstance.interceptors.request.use((request) => {
request.headers['session'] = window.sessionStorage.getItem('session');
return request;
});
axiosInstance.interceptors.response.use((response) => {
const sessionToken = response.headers['set-session'];
if (sessionToken !== undefined) sessionToken ? window.sessionStorage.setItem('session', sessionToken) : window.sessionStorage.removeItem('session');
return response;
});Usage
You can use event.context.session to access sessions.
The on-change package is used internally to detect changes to the session object. If no changes are detected, no data will be stored and no cookie/header will be set.
server/api/test.ts
export default defineEventHandler((event) => {
event.context.session.account = 'account';
event.context.session.username = 'name';
// Remaining operations...
return 'success';
});server/middleware/auth.ts
export default defineEventHandler((event) => {
const loginedUserId = event.context.session.userId;
// Remaining operations...
});[!IMPORTANT] The session can only store serializable data.
Runtime Utils
During runtime, the following utils are available for manipulating the session. Related comments and examples are provided in this file.
- clearH3EventContextSession
- deleteH3EventContextSessionStorageData
- getH3EventContextSessionToken
- popH3EventContextSession