MCPcopy
hub / github.com/blitz-js/blitz / getSessionKernel

Function getSessionKernel

packages/blitz-auth/src/server/auth-sessions.ts:765–921  ·  view source on GitHub ↗
({
  headers,
  method,
}: {
  headers: Headers
  method: string | undefined
})

Source from the content-addressed store, hash-verified

763// Get Session
764// --------------------------------
765async function getSessionKernel({
766 headers,
767 method,
768}: {
769 headers: Headers
770 method: string | undefined
771}): Promise<SessionKernel | null> {
772 const cookies = getCookiesFromHeader(headers)
773 const anonymousSessionToken = cookies[COOKIE_ANONYMOUS_SESSION_TOKEN()]
774 const sessionToken = cookies[COOKIE_SESSION_TOKEN()] // for essential method
775 const idRefreshToken = cookies[COOKIE_REFRESH_TOKEN()] // for advanced method
776 const antiCSRFToken = headers.get(HEADER_CSRF)
777 debug("getSessionKernel", {
778 anonymousSessionToken,
779 sessionToken,
780 idRefreshToken,
781 antiCSRFToken,
782 })
783
784 const enableCsrfProtection =
785 method !== "GET" &&
786 method !== "OPTIONS" &&
787 method !== "HEAD" &&
788 !process.env.DANGEROUSLY_DISABLE_CSRF_PROTECTION
789
790 if (sessionToken) {
791 debug("[getSessionKernel] Request has sessionToken")
792 const {handle, version, hashedPublicData} = parseSessionToken(sessionToken)
793
794 if (!handle) {
795 debug("No handle in sessionToken")
796 return null
797 }
798
799 if (version !== SESSION_TOKEN_VERSION_0) {
800 console.log(
801 new AuthenticationError("Session token version is not " + SESSION_TOKEN_VERSION_0),
802 )
803 return null
804 }
805 debug("(global as any) session config", global.sessionConfig)
806 const persistedSession = await global.sessionConfig.getSession(handle)
807 if (!persistedSession) {
808 debug("Session not found in DB")
809 return null
810 }
811 if (!persistedSession.antiCSRFToken) {
812 throw new Error("Internal error: persistedSession.antiCSRFToken is empty")
813 }
814 if (persistedSession.hashedSessionToken !== hash256(sessionToken)) {
815 debug("sessionToken hash did not match")
816 debug("persisted: ", persistedSession.hashedSessionToken)
817 debug("in req: ", hash256(sessionToken))
818 return null
819 }
820 if (persistedSession.expiresAt && isPast(persistedSession.expiresAt)) {
821 debug("Session expired")
822 return null

Callers 1

getSessionFunction · 0.85

Calls 14

COOKIE_SESSION_TOKENFunction · 0.90
COOKIE_REFRESH_TOKENFunction · 0.90
hash256Function · 0.90
isPastFunction · 0.90
differenceInMinutesFunction · 0.90
getCookiesFromHeaderFunction · 0.85
parseSessionTokenFunction · 0.85
refreshSessionFunction · 0.85
warnMethod · 0.80
parseMethod · 0.80

Tested by

no test coverage detected