Allow customisation of the session object through new `getSession` config

[borisno2]

This PR continues the context and session work from #8013

The goal of this PR to simplify how keystone handles different session implementations. With that in mind This PR does the following:

Moves statelessSessions and storedSessions functions into the auth package.

These Session Strategies are fairly simple cookie-based session management which do the following

• start - starts a session by setting a cookie on the server res and in the case of storedSessions add the session data to the store.
• get - decodes the data from the cookie in req returns data for context.session and
• end - sends a blank cookie back in the server res These functions are based around keystone handling the start and end of a session, however, this is not always the case - for example, SSO or other token-based auth.

By moving this more prescriptive session setup into auth the aim is to allow more complex auth and session management strategies to be implemented

This is a BREAKING change to config and means the following:

• Change location of import for sessionStrategy

import { statelessSessions } from '@keystone-6/core/session';

becomes:

import { statelessSessions } from '@keystone-6/auth/session';

• Move session config from main config into createAuth sessionStrategy config and move sessionData into sessionStrategy config - this means the following:

const { withAuth } = createAuth({
 /* ... Existing Auth Config */
sessionData: 'name isAdmin',
});

export default withAuth(
  config({
 /* ... Existing Keystone Config */
    session: statelessSessions({
         maxAge: sessionMaxAge,
         secret: sessionSecret,
       }),
   })
 );
});

Becomes:

const { withAuth } = createAuth({
 /* ... Existing Auth Config */
    sessionStrategy: statelessSessions({
         maxAge: sessionMaxAge,
         secret: sessionSecret,
         data: 'name isAdmin',
       }),
});

export default withAuth(
  config({
 /* ... Existing Keystone Config */
   })
 );
});

Adds new getSession object to config - removing current session and sessionStrategy

With the current session and sessionStrategy implementation moved to auth, Keystone still needs a way to populate the session object on the context. In order to facilitate this a new getSession option is added to config this passes the current context - which if withRequest has been used will contain the current req and res - and accepts a function that returns a valid session, or undefined if the session is not valid. The return of getSession is added to the context as session.

This should allow for easier configuration of more complex session strategies.

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Comments	Updated
keystone-next-docs	⬜️ Ignored (Inspect)	Visit Preview		Mar 2, 2023 at 8:27AM (UTC)

[changeset-bot[bot]]

🦋 Changeset detected

Latest commit: a8bfac80e79277dda1d1b8053c12c150c5f895e9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 53 packages

Name	Type
@keystone-6/auth	Major
@keystone-6/core	Major
@keystone-6/example-auth	Patch
@keystone-6/example-custom-session-invalidation	Patch
@keystone-6/example-custom-session-jwt	Patch
@keystone-6/example-custom-session-redis	Patch
@keystone-6/example-custom-session	Patch
@keystone-6/example-document-field-customisation-keystone-server	Patch
@keystone-6/example-framework-nextjs-app-directory	Patch
@keystone-6/example-framework-nextjs-pages-directory	Patch
@keystone-6/example-framework-nextjs-two-servers-backend	Patch
@keystone-6/example-testing	Patch
@keystone-6/example-usecase-blog-moderated	Patch
@keystone-6/example-usecase-roles	Patch
@keystone-6/sandbox	Patch
@keystone-6/example-assets-local	Patch
@keystone-6/example-assets-s3	Patch
@keystone-6/example-custom-admin-ui-logo	Patch
@keystone-6/example-custom-admin-ui-navigation	Patch
@keystone-6/example-custom-admin-ui-pages	Patch
@keystone-6/example-custom-field-view	Patch
@keystone-6/example-custom-field	Patch
@keystone-6/example-custom-id	Patch
@keystone-6/example-custom-output-paths	Patch
@keystone-6/example-custom-session-next-auth	Patch
@keystone-6/example-default-values	Patch
@keystone-6/example-document-field	Patch
@keystone-6/example-extend-express-app	Patch
@keystone-6/example-extend-graphql-schema-graphql-tools	Patch
@keystone-6/example-extend-graphql-schema-graphql-ts	Patch
@keystone-6/example-extend-graphql-schema-nexus	Patch
@keystone-6/example-extend-graphql-subscriptions	Patch
@keystone-6/example-extend-prisma-schema	Patch
@keystone-6/example-field-groups	Patch
@keystone-6/example-framework-astro	Patch
@keystone-6/example-framework-remix	Patch
@keystone-6/example-graphql-ts-gql	Patch
@keystone-6/example-hooks	Patch
@keystone-6/example-limits	Patch
@keystone-6/example-omit	Patch
@keystone-6/example-script	Patch
@keystone-6/example-singleton	Patch
@keystone-6/example-usecase-blog	Patch
@keystone-6/example-usecase-todo	Patch
@keystone-6/example-usecase-versioning	Patch
@keystone-6/example-virtual-field	Patch
@keystone-6/cloudinary	Major
@keystone-6/fields-document	Major
@keystone-6/benchmarks-legacy	Patch
@keystone-6/test-projects-basic	Patch
@keystone-6/test-projects-crud-notifications	Patch
@keystone-6/test-projects-live-reloading	Patch
@keystone-6/website	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codesandbox-ci[bot]]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit a8bfac80e79277dda1d1b8053c12c150c5f895e9:

Sandbox	Source
@keystone-6/sandbox	Configuration