refactor(backend): ♻️ move sessions middleware to own file to redure main middleware complexity

routes/_middleware.ts

@@ -1,7 +1,7 @@
 import { FreshContext } from '$fresh/server.ts'
 import { useCsp } from ':src/csp/middleware.ts'
 import { SessionStore } from ':src/session/mod.ts'
-import { getCookies, setCookie } from '@std/http/cookie'
+import { useSession } from ':src/session/middleware.ts'
 
 export async function handler(request: Request, ctx: FreshContext) {
 	// Update fresh context state with session
@@ -28,53 +28,12 @@ export async function handler(request: Request, ctx: FreshContext) {
 	//? fresh useCSP https://fresh.deno.dev/docs/examples/using-csp
 
 	await useCsp(request, response, ctx)
+	useSession(request, response, ctx)
 
 	// Allow service worker to serve root scope
 	if (ctx.url.pathname.endsWith('island-startserviceworker.js')) {
 		response.headers.set('Service-Worker-Allowed', '/')
 	}
 
-	// Start session
-	if (SessionStore.getFromRequest(request) === undefined) {
-		// Clear outdated cookies
-		for (const cookie in getCookies(request.headers)) {
-			setCookie(response.headers, {
-				name: cookie,
-				value: '',
-				path: '/',
-				expires: 0,
-			})
-		}
-
-		// Create new session
-		const session = SessionStore.createSession()
-		ctx.state = { ...ctx.state, session }
-
-		// Set session cookie
-		setCookie(response.headers, {
-			name: '__Secure-SESSION',
-			value: session.uuid,
-			httpOnly: true,
-			sameSite: 'Strict',
-			secure: true,
-			path: '/',
-			expires: SessionStore.maxAge,
-		})
-
-		// Set csrf
-		const csrf = crypto.randomUUID()
-		session.set('_csrf', csrf)
-
-		setCookie(response.headers, {
-			name: '__Host-CSRF',
-			value: csrf,
-			httpOnly: false,
-			sameSite: 'Strict',
-			secure: true,
-			path: '/',
-			expires: SessionStore.maxAge,
-		})
-	}
-
 	return response
 }

src/session/middleware.ts

@@ -0,0 +1,53 @@
+import { FreshContext } from '$fresh/server.ts'
+import { SessionStore } from ':src/session/mod.ts'
+import { getCookies, setCookie } from 'jsr:@std/http@^0.224.4/cookie'
+
+export function useSession(
+    request: Request,
+    response: Response,
+    ctx: FreshContext,
+) {
+    // Check if session already started
+    if (SessionStore.getFromRequest(request) !== undefined) {
+        return
+    }
+
+    // Clear outdated cookies
+    for (const cookie in getCookies(request.headers)) {
+        setCookie(response.headers, {
+            name: cookie,
+            value: '',
+            path: '/',
+            expires: 0,
+        })
+    }
+
+    // Create new session
+    const session = SessionStore.createSession()
+    ctx.state = { ...ctx.state, session }
+
+    // Set session cookie
+    setCookie(response.headers, {
+        name: '__Secure-SESSION',
+        value: session.uuid,
+        httpOnly: true,
+        sameSite: 'Strict',
+        secure: true,
+        path: '/',
+        expires: SessionStore.maxAge,
+    })
+
+    // Set csrf
+    const csrf = crypto.randomUUID()
+    session.set('_csrf', csrf)
+
+    setCookie(response.headers, {
+        name: '__Host-CSRF',
+        value: csrf,
+        httpOnly: false,
+        sameSite: 'Strict',
+        secure: true,
+        path: '/',
+        expires: SessionStore.maxAge,
+    })
+}