website/routes/_middleware.ts

import { FreshContext } from '$fresh/server.ts'
import { SessionStore } from ':src/session/mod.ts'
import { getCookies, setCookie } from '@std/http/cookie'

export async function handler(request: Request, ctx: FreshContext) {
	// Update fresh context state with session
	ctx.state = { ...ctx.state, session: SessionStore.getFromRequest(request) }

	// Allow service worker to serve root scope
	const response = await ctx.next()
	const url = new URL(request.url)
	if (url.pathname.endsWith('island-startserviceworker.js')) {
		response.headers.set('Service-Worker-Allowed', '/')
	}

	// Start session
	if (SessionStore.getFromRequest(request) === undefined) {
		// Clear outdated cookies
		for (const cookie in getCookies(request.headers)) {
			setCookie(response.headers, {
				name: cookie,
				value: '',
				path: '/',
				expires: 0,
			})
		}

		// Create new session
		const session = SessionStore.createSession()
		ctx.state = { ...ctx.state, session }

		// Set session cookie
		setCookie(response.headers, {
			name: '_SESSION',
			value: session.uuid,
			httpOnly: true,
			sameSite: 'Strict',
			secure: true,
			path: '/',
			expires: SessionStore.maxAge,
		})

		// Set csrf
		const csrf = crypto.randomUUID()
		session.set('_csrf', csrf)

		setCookie(response.headers, {
			name: '_CSRF',
			value: csrf,
			httpOnly: false,
			sameSite: 'Strict',
			secure: true,
			path: '/',
			expires: SessionStore.maxAge,
		})
	}

	return response
}
feat(pwa): :sparkles: add service worker and registration 2024-06-11 17:02:00 +02:00			`import { FreshContext } from '$fresh/server.ts'`
refactor: :recycle: update import map to simplify local imports paths 2024-07-01 13:11:20 +02:00			`import { SessionStore } from ':src/session/mod.ts'`
fix: :bug: patch cookie clear process 2024-06-13 14:42:39 +02:00			`import { getCookies, setCookie } from '@std/http/cookie'`
feat(pwa): :sparkles: add service worker and registration 2024-06-11 17:02:00 +02:00
			`export async function handler(request: Request, ctx: FreshContext) {`
feat: :sparkles: pass session state to downstream contexts 2024-06-13 23:50:32 +02:00			`// Update fresh context state with session`
			`ctx.state = { ...ctx.state, session: SessionStore.getFromRequest(request) }`

feat(pwa): :sparkles: add service worker and registration 2024-06-11 17:02:00 +02:00			`// Allow service worker to serve root scope`
			`const response = await ctx.next()`
			`const url = new URL(request.url)`
			`if (url.pathname.endsWith('island-startserviceworker.js')) {`
			`response.headers.set('Service-Worker-Allowed', '/')`
			`}`
feat: :lock: add csrf checks 2024-06-13 12:20:47 +02:00
refactor: :recycle: rewrite cookie and session lifecycle to remove `_INSTANCE` cookie 2024-06-13 18:38:34 +02:00			`// Start session`
refactor: :recycle: remove code duplication 2024-06-13 18:40:49 +02:00			`if (SessionStore.getFromRequest(request) === undefined) {`
refactor: :recycle: rewrite cookie and session lifecycle to remove `_INSTANCE` cookie 2024-06-13 18:38:34 +02:00			`// Clear outdated cookies`
refactor: :recycle: remove code duplication 2024-06-13 18:40:49 +02:00			`for (const cookie in getCookies(request.headers)) {`
fix: :bug: patch cookie clear process 2024-06-13 14:42:39 +02:00			`setCookie(response.headers, {`
			`name: cookie,`
			`value: '',`
fix: :bug: force global cookies path 2024-06-13 17:20:15 +02:00			`path: '/',`
fix: :bug: patch cookie clear process 2024-06-13 14:42:39 +02:00			`expires: 0,`
			`})`
feat: :sparkles: add cookies auto reset 2024-06-13 13:47:46 +02:00			`}`

refactor: :recycle: rewrite cookie and session lifecycle to remove `_INSTANCE` cookie 2024-06-13 18:38:34 +02:00			`// Create new session`
feat: :lock: add csrf checks 2024-06-13 12:20:47 +02:00			`const session = SessionStore.createSession()`
feat: :sparkles: pass session state to downstream contexts 2024-06-13 23:50:32 +02:00			`ctx.state = { ...ctx.state, session }`
feat: :lock: add csrf checks 2024-06-13 12:20:47 +02:00
			`// Set session cookie`
			`setCookie(response.headers, {`
			`name: '_SESSION',`
			`value: session.uuid,`
			`httpOnly: true,`
			`sameSite: 'Strict',`
			`secure: true,`
fix: :bug: enforce global cookies path 2024-06-13 14:38:27 +02:00			`path: '/',`
feat: :lock: add csrf checks 2024-06-13 12:20:47 +02:00			`expires: SessionStore.maxAge,`
			`})`

			`// Set csrf`
			`const csrf = crypto.randomUUID()`
			`session.set('_csrf', csrf)`

			`setCookie(response.headers, {`
			`name: '_CSRF',`
			`value: csrf,`
			`httpOnly: false,`
			`sameSite: 'Strict',`
			`secure: true,`
fix: :bug: enforce global cookies path 2024-06-13 14:38:27 +02:00			`path: '/',`
feat: :lock: add csrf checks 2024-06-13 12:20:47 +02:00			`expires: SessionStore.maxAge,`
			`})`
			`}`

feat(pwa): :sparkles: add service worker and registration 2024-06-11 17:02:00 +02:00			`return response`
			`}`