({
headers,
method,
}: {
headers: Headers
method: string | undefined
})
| 763 | // Get Session |
| 764 | // -------------------------------- |
| 765 | async function getSessionKernel({ |
| 766 | headers, |
| 767 | method, |
| 768 | }: { |
| 769 | headers: Headers |
| 770 | method: string | undefined |
| 771 | }): Promise<SessionKernel | null> { |
| 772 | const cookies = getCookiesFromHeader(headers) |
| 773 | const anonymousSessionToken = cookies[COOKIE_ANONYMOUS_SESSION_TOKEN()] |
| 774 | const sessionToken = cookies[COOKIE_SESSION_TOKEN()] // for essential method |
| 775 | const idRefreshToken = cookies[COOKIE_REFRESH_TOKEN()] // for advanced method |
| 776 | const antiCSRFToken = headers.get(HEADER_CSRF) |
| 777 | debug("getSessionKernel", { |
| 778 | anonymousSessionToken, |
| 779 | sessionToken, |
| 780 | idRefreshToken, |
| 781 | antiCSRFToken, |
| 782 | }) |
| 783 | |
| 784 | const enableCsrfProtection = |
| 785 | method !== "GET" && |
| 786 | method !== "OPTIONS" && |
| 787 | method !== "HEAD" && |
| 788 | !process.env.DANGEROUSLY_DISABLE_CSRF_PROTECTION |
| 789 | |
| 790 | if (sessionToken) { |
| 791 | debug("[getSessionKernel] Request has sessionToken") |
| 792 | const {handle, version, hashedPublicData} = parseSessionToken(sessionToken) |
| 793 | |
| 794 | if (!handle) { |
| 795 | debug("No handle in sessionToken") |
| 796 | return null |
| 797 | } |
| 798 | |
| 799 | if (version !== SESSION_TOKEN_VERSION_0) { |
| 800 | console.log( |
| 801 | new AuthenticationError("Session token version is not " + SESSION_TOKEN_VERSION_0), |
| 802 | ) |
| 803 | return null |
| 804 | } |
| 805 | debug("(global as any) session config", global.sessionConfig) |
| 806 | const persistedSession = await global.sessionConfig.getSession(handle) |
| 807 | if (!persistedSession) { |
| 808 | debug("Session not found in DB") |
| 809 | return null |
| 810 | } |
| 811 | if (!persistedSession.antiCSRFToken) { |
| 812 | throw new Error("Internal error: persistedSession.antiCSRFToken is empty") |
| 813 | } |
| 814 | if (persistedSession.hashedSessionToken !== hash256(sessionToken)) { |
| 815 | debug("sessionToken hash did not match") |
| 816 | debug("persisted: ", persistedSession.hashedSessionToken) |
| 817 | debug("in req: ", hash256(sessionToken)) |
| 818 | return null |
| 819 | } |
| 820 | if (persistedSession.expiresAt && isPast(persistedSession.expiresAt)) { |
| 821 | debug("Session expired") |
| 822 | return null |
no test coverage detected