sidebase · BracketJohn · Oct 19, 2022 · Oct 19, 2022 · Oct 19, 2022
diff --git a/package.json b/package.json
@@ -5,7 +5,7 @@
   },
   "homepage": "https://github.com/sidebase/nuxt-session",
   "name": "@sidebase/nuxt-session",
-  "version": "0.1.2",
+  "version": "0.2.0",
   "license": "MIT",
   "type": "module",
   "exports": {

diff --git a/src/module.ts b/src/module.ts
@@ -159,7 +159,7 @@ export default defineNuxtModule<ModuleOptions>({
     // 5. Register desired session API endpoints
     if (moduleOptions.api.isEnabled) {
       for (const apiMethod of moduleOptions.api.methods) {
-        const handler = resolve(runtimeDir, `server/api/session.${apiMethod}.ts`)
+        const handler = resolve(runtimeDir, `server/api/session.${apiMethod}`)
         addServerHandler({ handler, route: moduleOptions.api.basePath })
       }
       logger.info(`Session API "${moduleOptions.api.methods.join(', ')}" endpoints registered at "${moduleOptions.api.basePath}"`)

diff --git a/src/runtime/composables/useNuxtSession.ts b/src/runtime/composables/useNuxtSession.ts
@@ -3,7 +3,7 @@ import { nanoid } from 'nanoid'
 import { Ref, ref } from 'vue'
 import type { SupportedSessionApiMethods } from '../../module'
 import type { Session } from '../server/middleware/session'
-import useConfig from '../config'
+import { useRuntimeConfig } from '#imports'
 
 type SessionData = Record<string, any>
 
@@ -16,11 +16,12 @@ export default async (options: ComposableOptions = {
 }) => {
   /**
    * The currently active session associated with the current client
+   * @type Ref<Session | null>
    */
   const session: Ref<Session | null> = ref(null)
 
   const _performSessionRequest = (method: SupportedSessionApiMethods, body?: SessionData) => {
-    const config = useConfig()
+    const config = useRuntimeConfig().public.session
     if (!config.api.isEnabled || !config.api.methods.includes(method)) {
       const message = `Cannot "${method}" session data as endpoint is not enabled. If you want to be able to "${method}" session data, you can configure this via the "session.api.isEnabled: boolean" and "session.api.methods: ('post' | 'get' | ...)[]" module configuration options.`
       throw createError({ message, statusCode: 500 })

diff --git a/src/runtime/config.ts b/src/runtime/config.ts
diff --git a/src/runtime/server/api/session.delete.ts b/src/runtime/server/api/session.delete.ts
@@ -1,7 +1,7 @@
-import { defineEventHandler } from 'h3'
+import { eventHandler } from 'h3'
 import { deleteSession } from '../middleware/session'
 
-export default defineEventHandler(async (event) => {
+export default eventHandler(async (event) => {
   await deleteSession(event)
 
   return null

diff --git a/src/runtime/server/api/session.get.ts b/src/runtime/server/api/session.get.ts
@@ -1,3 +1,3 @@
-import { defineEventHandler } from 'h3'
+import { eventHandler } from 'h3'
 
-export default defineEventHandler(event => event.context.session)
+export default eventHandler(event => event.context.session)
diff --git a/src/runtime/server/api/session.patch.ts b/src/runtime/server/api/session.patch.ts
@@ -1,7 +1,15 @@
-import { defineEventHandler, createError, readBody } from 'h3'
-import { checkIfObjectAndContainsIllegalKeys } from '../utils'
+import { eventHandler, createError, readBody } from 'h3'
 
-export default defineEventHandler(async (event) => {
+export const checkIfObjectAndContainsIllegalKeys = (shape: unknown): shape is Object => {
+  if (typeof shape !== 'object' || !shape) {
+    return false
+  }
+
+  // see https://stackoverflow.com/a/39283005 for this usage
+  return Object.prototype.hasOwnProperty.call(shape, 'id') || Object.prototype.hasOwnProperty.call(shape, 'createdAt')
+}
+
+export default eventHandler(async (event) => {
   const body = await readBody(event)
   if (checkIfObjectAndContainsIllegalKeys(body)) {
     throw createError({ statusCode: 400, message: 'Trying to pass invalid data to session, likely an object with `id` or `createdAt` fields or a non-object' })

diff --git a/src/runtime/server/api/session.post.ts b/src/runtime/server/api/session.post.ts
@@ -1,7 +1,7 @@
-import { defineEventHandler, readBody } from 'h3'
-import { checkIfObjectAndContainsIllegalKeys } from '../utils'
+import { eventHandler, readBody } from 'h3'
+import { checkIfObjectAndContainsIllegalKeys } from './session.patch'
 
-export default defineEventHandler(async (event) => {
+export default eventHandler(async (event) => {
   const body = await readBody(event)
   if (checkIfObjectAndContainsIllegalKeys(body)) {
     throw createError({ statusCode: 400, message: 'Trying to pass invalid data to session, likely an object with `id` or `createdAt` fields or a non-object' })

diff --git a/src/runtime/server/middleware/session/index.ts b/src/runtime/server/middleware/session/index.ts
@@ -2,19 +2,19 @@ import { H3Event, defineEventHandler, setCookie, parseCookies, deleteCookie } fr
 import { nanoid } from 'nanoid'
 import dayjs from 'dayjs'
 import type { SameSiteOptions } from '../../../../module'
-import useConfig from '../../../config'
 import { dropStorageSession, getStorageSession, setStorageSession } from './storage'
+import { useRuntimeConfig } from '#imports'
 
 const SESSION_COOKIE_NAME = 'sessionId'
 const safeSetCookie = (event: H3Event, name: string, value: string) => setCookie(event, name, value, {
   // Max age of cookie in seconds
-  maxAge: useConfig().session.expiryInSeconds,
+  maxAge: useRuntimeConfig().session.session.expiryInSeconds,
   // Only send cookie via HTTPs to mitigate man-in-the-middle attacks
   secure: true,
   // Only send cookie via HTTP requests, do not allow access of cookie from JS to mitigate XSS attacks
   httpOnly: true,
   // Do not send cookies on many cross-site requests to mitigates CSRF and cross-site attacks, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#lax
-  sameSite: useConfig().session.cookieSameSite as SameSiteOptions
+  sameSite: useRuntimeConfig().session.session.cookieSameSite as SameSiteOptions
 })
 
 export declare interface Session {
@@ -58,7 +58,7 @@ const newSession = async (event: H3Event) => {
   await deleteSession(event)
 
   // (Re-)Set cookie
-  const sessionId = nanoid(useConfig().session.idLength)
+  const sessionId = nanoid(useRuntimeConfig().session.session.idLength)
   safeSetCookie(event, SESSION_COOKIE_NAME, sessionId)
 
   // Store session data in storage
@@ -82,7 +82,7 @@ const getSession = async (event: H3Event): Promise<null | Session> => {
   }
 
   // 3. Is the session not expired?
-  const sessionExpiryInSeconds = useConfig().session.expiryInSeconds
+  const sessionExpiryInSeconds = useRuntimeConfig().session.session.expiryInSeconds
   if (sessionExpiryInSeconds !== null) {
     const now = dayjs()
     if (now.diff(dayjs(session.createdAt), 'seconds') > sessionExpiryInSeconds) {

diff --git a/src/runtime/server/middleware/session/storage.ts b/src/runtime/server/middleware/session/storage.ts
@@ -1,7 +1,7 @@
 import { createStorage, prefixStorage, StorageValue } from 'unstorage'
-import useConfig from '../../../config'
+import { useRuntimeConfig } from '#imports'
 
-const storage = prefixStorage(createStorage(useConfig().session.storageOptions), useConfig().session.storePrefix)
+const storage = prefixStorage(createStorage(useRuntimeConfig().session.session.storageOptions), useRuntimeConfig().session.session.storePrefix)
 
 export const getStorageSession = (sessionId: string) => storage.getItem(sessionId)
 export const setStorageSession = (sessionId: string, session: StorageValue) => storage.setItem(sessionId, session)

diff --git a/src/runtime/server/utils.ts b/src/runtime/server/utils.ts