From d154d1173e64872740807c4f8be85df6366167fc Mon Sep 17 00:00:00 2001 From: "mingchun.or" Date: Tue, 23 Mar 2021 12:35:23 +0800 Subject: [PATCH 1/2] fix: all() not work with crypto enabled --- src/lib/MongoStore.spec.ts | 6 ++++ src/lib/MongoStore.ts | 63 +++++++++++++++++++++++--------------- 2 files changed, 44 insertions(+), 25 deletions(-) diff --git a/src/lib/MongoStore.spec.ts b/src/lib/MongoStore.spec.ts index 2aba654..cf4664a 100644 --- a/src/lib/MongoStore.spec.ts +++ b/src/lib/MongoStore.spec.ts @@ -279,6 +279,8 @@ test.serial('touch ops with touchAfter with touch', async (t) => { test.serial('basic operation flow with crypto', async (t) => { ;({ store, storePromise } = createStoreHelper({ crypto: { secret: 'secret' }, + collectionName: 'crypto-test', + autoRemove: 'disabled', })) let orgSession = makeData() const sid = 'test-basic-flow-with-crypto' @@ -288,6 +290,10 @@ test.serial('basic operation flow with crypto', async (t) => { orgSession = JSON.parse(JSON.stringify(orgSession)) // @ts-ignore t.deepEqual(session, orgSession) + const sessions = await storePromise.all() + t.not(sessions, undefined) + t.not(sessions, null) + t.is(sessions?.length, 1) }) test.serial('with touch after and get non-exist session', async (t) => { diff --git a/src/lib/MongoStore.ts b/src/lib/MongoStore.ts index 7b7e676..97b9037 100644 --- a/src/lib/MongoStore.ts +++ b/src/lib/MongoStore.ts @@ -257,6 +257,36 @@ export default class MongoStore extends session.Store { return sessionId } + /** + * promisify and bind the `this.crypto.get` function. + * Please check !!this.crypto === true before using this getter! + */ + private get cryptoGet() { + if (!this.crypto) { + throw new Error('Check this.crypto before calling this.cryptoGet!') + } + return util.promisify(this.crypto.get).bind(this.crypto) + } + + /** + * Decrypt given session data + * @param session session data to be decrypt. Mutate the input session. + */ + private async decryptSession( + session: session.SessionData | undefined | null + ) { + if (this.crypto && session) { + const plaintext = await this.cryptoGet( + this.options.crypto.secret as string, + session.session + ).catch((err) => { + throw new Error(err) + }) + // @ts-ignore + session.session = JSON.parse(plaintext) + } + } + /** * Get a session from the store given a session ID (sid) * @param sid session ID @@ -277,19 +307,7 @@ export default class MongoStore extends session.Store { ], }) if (this.crypto && session) { - const cryptoGet = util.promisify(this.crypto.get).bind(this.crypto) - try { - const plaintext = await cryptoGet( - this.options.crypto.secret as string, - session.session - ).catch((err) => { - throw new Error(err) - }) - // @ts-ignore - session.session = JSON.parse(plaintext) - } catch (error) { - callback(error) - } + await this.decryptSession(session).catch((err) => callback(err)) } const s = session && this.transformFunctions.unserialize(session.session) @@ -457,19 +475,14 @@ export default class MongoStore extends session.Store { ], }) const results: session.SessionData[] = [] - sessions.forEach( - (session) => { - results.push(this.transformFunctions.unserialize(session.session)) - }, - (err) => { - if (err) { - callback(err) - } else { - this.emit('all', results) - callback(null, results) - } + for await (const session of sessions) { + if (this.crypto && session) { + await this.decryptSession(session) } - ) + results.push(this.transformFunctions.unserialize(session.session)) + } + this.emit('all', results) + callback(null, results) } catch (error) { callback(error) } From 6e2a179a690a936904aefb4f8a94256ec7c8ee8b Mon Sep 17 00:00:00 2001 From: "mingchun.or" Date: Tue, 23 Mar 2021 12:44:38 +0800 Subject: [PATCH 2/2] docs: update changelog --- CHANGELOG.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78bfd3e..0885645 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- `store.all()` method not working with encrypted store [#410](https://github.com/jdesboeufs/connect-mongo/issues/410) [#411](https://github.com/jdesboeufs/connect-mongo/issues/411) +- Update and unpin `mongodb` dependency due to upstream fix has been deployed [#409](https://github.com/jdesboeufs/connect-mongo/issues/409) + +## [4.4.0] - 2021-03-11 + ### **BREAKING CHANGES** - Use `export =` for better cjs require without `.default` @@ -41,9 +48,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed -- Use `matchedCount` instead of `modifiedCount` to avoid throwing exceptions when nothing to modify (#390) +- Use `matchedCount` instead of `modifiedCount` to avoid throwing exceptions when nothing to modify [#390](https://github.com/jdesboeufs/connect-mongo/issues/390) - Fixed `Warning: Accessing non-existent property 'MongoError' of module exports inside circular dependency` by downgrade to `mongodb@3.6.3` -- Revert update session when touch (#351) +- Revert update session when touch #351 - Fix cannot read property `lastModified` of null - Fix TS typing error