apps/server/src/routes/session_parser.ts

import sql from "../services/sql.js";
import session, { Store } from "express-session";
import sessionSecret from "../services/session_secret.js";
import config from "../services/config.js";
import log from "../services/log.js";

class SQLiteSessionStore extends Store {

    get(sid: string, callback: (err: any, session?: session.SessionData | null) => void): void {
        try {
            const data = sql.getValue<string>(/*sql*/`SELECT data FROM sessions WHERE id = ?`, sid);
            let session = null;
            if (data) {
                session = JSON.parse(data);
            }
            return callback(null, session);
        } catch (e: unknown) {
            log.error(e);
            return callback(e);
        }
    }

    set(id: string, session: session.SessionData, callback?: (err?: any) => void): void {
        try {
            const expires = Date.now() + 3600000; // Session expiration time (1 hour from now)
            const data = JSON.stringify(session);

            sql.upsert("sessions", "id", {
                id,
                expires,
                data
            });
            callback?.();
        } catch (e) {
            log.error(e);
            return callback?.(e);
        }
    }

    destroy(sid: string, callback?: (err?: any) => void): void {
        try {
            sql.execute(/*sql*/`DELETE FROM sessions WHERE id = ?`, sid);
            callback?.();
        } catch (e) {
            log.error(e);
            callback?.(e);
        }
    }

}

const sessionParser = session({
    secret: sessionSecret,
    resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
    saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
    cookie: {
        path: "/",
        httpOnly: true,
        maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds
    },
    name: "trilium.sid",
    store: new SQLiteSessionStore()
});

export default sessionParser;
chore(server/session): implement session write 2025-05-16 23:22:14 +03:00			`import sql from "../services/sql.js";`
			`import session, { Store } from "express-session";`
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import sessionSecret from "../services/session_secret.js";`
feat(session_parser): use cookiePath from config 2025-02-10 08:35:01 +01:00			`import config from "../services/config.js";`
refactor(server/session): better error management 2025-05-16 23:36:56 +03:00			`import log from "../services/log.js";`
feat: 🎸 Ask user to login if any MFA configs are changed 2025-03-26 00:04:55 +01:00
chore(server/session): implement session write 2025-05-16 23:22:14 +03:00			`class SQLiteSessionStore extends Store {`

			`get(sid: string, callback: (err: any, session?: session.SessionData \| null) => void): void {`
refactor(server/session): better error management 2025-05-16 23:36:56 +03:00			`try {`
			const data = sql.getValue<string>(/sql/`SELECT data FROM sessions WHERE id = ?`, sid);
			`let session = null;`
			`if (data) {`
			`session = JSON.parse(data);`
			`}`
			`return callback(null, session);`
			`} catch (e: unknown) {`
			`log.error(e);`
			`return callback(e);`
chore(server/session): implement session get 2025-05-16 23:31:42 +03:00			`}`
chore(server/session): implement session write 2025-05-16 23:22:14 +03:00			`}`

			`set(id: string, session: session.SessionData, callback?: (err?: any) => void): void {`
refactor(server/session): better error management 2025-05-16 23:36:56 +03:00			`try {`
			`const expires = Date.now() + 3600000; // Session expiration time (1 hour from now)`
			`const data = JSON.stringify(session);`

			`sql.upsert("sessions", "id", {`
			`id,`
			`expires,`
			`data`
			`});`
			`callback?.();`
			`} catch (e) {`
			`log.error(e);`
			`return callback?.(e);`
			`}`
chore(server/session): implement session write 2025-05-16 23:22:14 +03:00			`}`

			`destroy(sid: string, callback?: (err?: any) => void): void {`
refactor(server/session): better error management 2025-05-16 23:36:56 +03:00			`try {`
			sql.execute(/sql/`DELETE FROM sessions WHERE id = ?`, sid);
			`callback?.();`
			`} catch (e) {`
			`log.error(e);`
			`callback?.(e);`
			`}`
chore(server/session): implement session write 2025-05-16 23:22:14 +03:00			`}`

			`}`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00
			`const sessionParser = session({`
			`secret: sessionSecret,`
			`resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.`
			`saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.`
			`cookie: {`
refactor(cookiePath): remove non-working cookiePath option this option will currently not work => the cookie will never be set by the server, if you use a different path other than "/" in order for this to work we would need to introduce some kind of "custom route prefix", that would make express serve the routes with the custom prefix — but that kinda falls more into a reverse proxy job territory. So let's remove this feature for now and amend the docs on how to correctly handle the cookies per instance via the reverse proxy. 2025-04-12 12:08:26 +02:00			`path: "/",`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			`httpOnly: true,`
chore(prettier): fix prettier issues 2025-02-13 09:07:25 +01:00			`maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			`},`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`name: "trilium.sid",`
chore(server/session): implement session write 2025-05-16 23:22:14 +03:00			`store: new SQLiteSessionStore()`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			`});`

feat: 🎸 Seperate auth check 2025-03-26 00:50:37 +01:00			`export default sessionParser;`