Use cookie prefix from config.blitz.js instead of package.json name…

… field (#2311) Co-authored-by: Brandon Bayer <[email protected]> (major)
blitz-js · May 17, 2021 · af9df4c · af9df4c
1 parent a535b7f
commit af9df4c
Show file tree

Hide file tree

Showing 9 changed files with 40 additions and 11 deletions.
diff --git a/examples/auth/blitz.config.ts b/examples/auth/blitz.config.ts
@@ -7,6 +7,7 @@ const withBundleAnalyzer = require("@next/bundle-analyzer")({
 module.exports = withBundleAnalyzer({
   middleware: [
     sessionMiddleware({
+      cookiePrefix: "blitz-auth-example",
       isAuthorized: simpleRolesIsAuthorized,
       // sessionExpiryMinutes: 4,
       getSession: (handle) => db.session.findFirst({where: {handle}}),

diff --git a/examples/custom-server/blitz.config.js b/examples/custom-server/blitz.config.js
@@ -3,6 +3,7 @@ const {sessionMiddleware, simpleRolesIsAuthorized} = require("blitz")
 module.exports = {
   middleware: [
     sessionMiddleware({
+      cookiePrefix: "blitz-custom-server-example",
       isAuthorized: simpleRolesIsAuthorized,
     }),
   ],

diff --git a/examples/fauna/blitz.config.js b/examples/fauna/blitz.config.js
@@ -20,6 +20,7 @@ const normalizeSession = (faunaSession) => {
 module.exports = {
   middleware: [
     sessionMiddleware({
+      cookiePrefix: "blitz-fauna-example",
       isAuthorized: simpleRolesIsAuthorized,
       getSession: async (handle) => {
         const { findSessionByHandle: session } = await graphQLClient.request(

diff --git a/packages/config/src/index.ts b/packages/config/src/index.ts
@@ -91,6 +91,14 @@ export interface BlitzConfig extends Record<string, unknown> {
   _meta: {
     packageName: string
   }
+  middleware?: Record<string, any> &
+    {
+      (req: any, res: any, next: any): Promise<void> | void
+      type?: string
+      config?: {
+        cookiePrefix?: string
+      }
+    }[]
 }
 
 declare global {

diff --git a/packages/core/src/auth/auth-types.ts b/packages/core/src/auth/auth-types.ts
@@ -39,6 +39,7 @@ export interface SessionModel extends Record<any, any> {
 }
 
 export type SessionConfig = {
+  cookiePrefix?: string
   sessionExpiryMinutes?: number
   method?: "essential" | "advanced"
   sameSite?: "none" | "lax" | "strict"

diff --git a/packages/core/src/blitz-data.tsx b/packages/core/src/blitz-data.tsx
@@ -10,8 +10,12 @@ export type BlitzRuntimeData = {
 
 export function _getBlitzRuntimeData(): BlitzRuntimeData {
   const config = getConfig()
+  const middleware = config.middleware?.filter(
+    (middleware) => middleware.name === "blitzSessionMiddleware",
+  )[0]
+  const cookiePrefix = middleware?.config?.cookiePrefix
   return {
-    sessionCookiePrefix: (config._meta.packageName || "blitz").replace(/[^a-zA-Z0-9-_]/g, "_"),
+    sessionCookiePrefix: cookiePrefix || "blitz",
     suspenseEnabled: config.experimental?.reactRoot !== false,
   }
 }
@@ -20,10 +24,7 @@ export function getBlitzRuntimeData() {
   if (isClient && !process.env.JEST_WORKER_ID) {
     return window.__BLITZ_DATA__
   } else {
-    if (!global.__BLITZ_DATA__) {
-      global.__BLITZ_DATA__ = _getBlitzRuntimeData()
-    }
-    return global.__BLITZ_DATA__
+    return _getBlitzRuntimeData()
   }
 }
 

diff --git a/packages/core/src/server/auth/sessions.ts b/packages/core/src/server/auth/sessions.ts
@@ -148,14 +148,29 @@ export const sessionMiddleware = (sessionConfig: Partial<SessionConfig> = {}): M
     ...sessionConfig,
   }
 
-  return async (req, res, next) => {
+  // Checks if cookie prefix from configuration has
+  // non-alphanumeric characters and throws error
+  const cookiePrefix = global.sessionConfig.cookiePrefix ?? "blitz"
+  assert(
+    cookiePrefix.match(/^[a-zA-Z0-9-_]+$/),
+    `The cookie prefix used has invalid characters. Only alphanumeric characters, "-"  and "_" character are supported`,
+  )
+
+  const blitzSessionMiddleware: Middleware<{
+    cookiePrefix?: string
+  }> = async (req, res, next) => {
     debug("Starting sessionMiddleware...")
     if (req.method !== "HEAD" && !(res.blitzCtx as any).session) {
       // This function also saves session to res.blitzCtx
       await getSession(req, res)
     }
     return next()
   }
+
+  blitzSessionMiddleware.config = {
+    cookiePrefix,
+  }
+  return blitzSessionMiddleware
 }
 
 type JwtPayload = AnonymousSessionPayload | null

diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts
@@ -69,11 +69,11 @@ export interface MiddlewareResponse<C = Ctx> extends BlitzApiResponse {
 }
 export type MiddlewareNext = (error?: Error) => Promise<void> | void
 
-export type Middleware = (
-  req: MiddlewareRequest,
-  res: MiddlewareResponse,
-  next: MiddlewareNext,
-) => Promise<void> | void
+export type Middleware<MiddlewareConfig = {}> = {
+  (req: MiddlewareRequest, res: MiddlewareResponse, next: MiddlewareNext): Promise<void> | void
+  type?: string
+  config?: MiddlewareConfig
+}
 
 /**
  * Infer the type of the parameter from function that takes a single argument

diff --git a/packages/generator/templates/app/blitz.config.ts b/packages/generator/templates/app/blitz.config.ts
@@ -3,6 +3,7 @@ import { sessionMiddleware, simpleRolesIsAuthorized } from "blitz"
 module.exports = {
   middleware: [
     sessionMiddleware({
+      cookiePrefix: '__name__',
       isAuthorized: simpleRolesIsAuthorized,
     }),
   ],