Pages

npm links

The Login And Admin Operations In Idio

The Koa2 web-server actually includes the cookies management package called cookies. The session service package, *koa-session* instantiates the session object for the context on each request whenever the session property is accessed, and uses cookies to store the info that is written to ctx.session.

The cookies are signed which means that they are hashed and the key is sent to the user in a separate {cookie-name}:sig cookie. This ensures that users cannot see what's inside of the cookie, because the hash is signed with the key properties set at the start of the server. The keys configuration passed to the session object will be set on the app object, otherwise the session middleware constructor will throw an error.

  • Session The session provides abstraction over cookies, manages the state in the cookie.
  • Cookies The underlying Koa-consumed library, which can use KeyGrip. The idio fork puts cookies and Keygrip together.
  • Keygrip The class to rotate and validate keys.
  • import idio from '@idio/idio'
    
    (async () => {
      await idio({
        session: { use: true, keys:
            [ 'NON | example',
              'PROD| keys'] },
      })
    })()
    The keys object can be a Keygrip instance, which must be imported from @idio as well, however the below is equivalent to passing the keys as an array:
    import idio from '@idio/idio'
    
    (async () => {
      /* start example */
      import { Keygrip } from '@idio/idio'
    
      const keys = new Keygrip(['rotat1', 'rotat2'])
      const { app, url } = await idio({
        session: { use: true, keys },
      })
      /* end example */
      console.log(url)
      app.destroy()
    })()