feat: return with the getAll method (#77)

* feat: return with the getAll method

* refactor(SHAPE-10063): apply Johannes feedback

* docs: update README with Alba feedback

Author: demetriusfeijoo

README.md

@@ -25,9 +25,10 @@ const sessionStore = getSessionStore(authHandlerParams)({
 })
 ```
 
-The `sessionStore` created by `sessionCookieStore` now has three methods: `get`, `put`, and `remove`. The `getAll` method is no longer provided. If you believe the `getAll` method is still useful for your use case, please let us know by opening a GitHub issue.
+The `sessionStore` created by `sessionCookieStore` now exposes four methods: `get`, `getAll`, `put`, and `remove`.
 
-The `put` and `remove` methods now return a `Promise<boolean>` instead of a `Promise<void>`.
+- The `getAll` method returns all app sessions, regardless of the spaces that the user has open.
+- The `put` and `remove` methods now return a `Promise<boolean>` instead of a `Promise<void>`.
 
 ### `AuthHandlerParams`
 
@@ -202,14 +203,13 @@ const href = `/my/other/page?spaceId=${spaceId}&userId=${userId}`
 
 To run OAuth locally, pass the `storyblokApiBaseUrl` property to the params object when calling the `authHandler` function in the target project (i.e. the plugin or application you want to test). With this parameter, you can change the target's backend environment.
 
-
 ```typescript
 import { AuthHandlerParams } from '@storyblok/app-extension-auth'
 
 import { authHandler } from '@storyblok/app-extension-auth'
 const params: AuthHandlerParams = {
   // ...
-  storyblokApiBaseUrl: 'http://localhost:1234'
+  storyblokApiBaseUrl: 'http://localhost:1234',
 }
 authHandler(params)
 ```

src/session-adapters/createCookieAdapter.ts

@@ -1,4 +1,10 @@
-import { expireCookie, getCookie, setCookie, verifyData } from '../utils'
+import {
+  expireCookie,
+  getAllCookies,
+  getCookie,
+  setCookie,
+  verifyData,
+} from '../utils'
 import jwt from 'jsonwebtoken'
 import { Adapter } from './publicAdapter'
 import { isAppSession } from '../session'
@@ -32,6 +38,20 @@ export const createCookieAdapter: CreateCookieAdapter = (params) => {
       return verifiedData
     },
 
+    getAllSessions: ({ req }) => {
+      return getAllCookies(req, key)
+        .map((cookie) => {
+          const verifiedData = verifyData(clientSecret, cookie)
+
+          if (!isAppSession(verifiedData)) {
+            return undefined
+          }
+
+          return verifiedData
+        })
+        .filter((cookie) => cookie !== undefined)
+    },
+
     setSession: ({ res, spaceId, userId, session }) => {
       const expires = createExpirationDate(7)
 

src/session-adapters/internalAdapter.ts

@@ -21,6 +21,8 @@ export type InternalAdapter = {
     userId: string
   }) => MaybePromise<AppSession | undefined>
 
+  getAllSessions?: () => MaybePromise<AppSession[] | undefined>
+
   setSession: (params: {
     spaceId: string
     userId: string
@@ -85,6 +87,23 @@ export const createInternalAdapter: CreateInternalAdapter = ({
       }
     },
 
+    getAllSessions: async () => {
+      try {
+        if (!adapter.getAllSessions) {
+          return undefined
+        }
+
+        const sessions = await adapter.getAllSessions({
+          req,
+        })
+
+        return sessions
+      } catch (e) {
+        console.log('Retrieving all the sessions failed: ', e)
+        return undefined
+      }
+    },
+
     setSession: async ({ spaceId, userId, session }) => {
       try {
         const isSessionSet = await adapter.setSession({

src/session-adapters/publicAdapter.ts

@@ -3,8 +3,10 @@ import { AppSession } from '../session'
 
 export type MaybePromise<T> = T | Promise<T>
 
+// eslint-disable-next-line functional/no-mixed-types
 export type Adapter = {
   getSession: GetSession
+  getAllSessions?: GetAllSessions
   setSession: SetSession
   removeSession: RemoveSession
   hasSession: HasSession
@@ -22,6 +24,10 @@ type GetSession = (
   params: BaseSessionParams,
 ) => MaybePromise<AppSession | undefined>
 
+type GetAllSessions = (
+  params: Pick<BaseSessionParams, 'req'>,
+) => MaybePromise<AppSession[]>
+
 type SetSession = (
   params: BaseSessionParams & {
     session: AppSession

src/session/sessionStore.ts

@@ -30,6 +30,11 @@ export const getSessionStore: AppSessionCookieStoreFactory =
         })
         return await refreshStoredAppSession(params, adapter, session)
       },
+      getAll: async () => {
+        const sessions = await adapter.getAllSessions?.()
+
+        return sessions || []
+      },
       put: async (session) =>
         await adapter.setSession({
           spaceId: String(session.spaceId),

src/session/types/AppSessionStore.ts

@@ -8,6 +8,7 @@ export type AppSessionStore = {
       autoRefresh?: boolean
     },
   ) => Promise<AppSession | undefined>
+  getAll?: () => Promise<AppSession[]>
   put: (session: AppSession) => Promise<boolean>
   remove: (keys: AppSessionQuery) => Promise<boolean>
 }

src/storyblok-auth-api/refreshToken.ts

@@ -40,7 +40,7 @@ export const refreshToken =
         )
       }
       return tokenSet
-    } catch (e) {
+    } catch {
       return new Error('Refresh token failed unexpectedly with an exception')
     }
   }

src/utils/cookie/getCookie/getCookie.test.ts

@@ -1,5 +1,5 @@
 import httpMocks from 'node-mocks-http'
-import { getCookie } from './getCookie'
+import { getAllCookies, getCookie } from './getCookie'
 
 const cookieName = 'myCookie'
 const cookieValue = 'abc123'
@@ -42,4 +42,14 @@ describe('Getting app cookies', () => {
     )
     expect(getCookie(req, cookieName)).toBeUndefined()
   })
+  it('Should get all the app cookies by name/key (ignoring its scope)', () => {
+    const req = mockRequest(
+      `firstCookie=firstCookieValue; 111111:222222:myCookie=sessionCookieValue1; 888888:999999:myCookie=sessionCookieValue2; lastCookie=lastCookieValue`,
+    )
+
+    expect(getAllCookies(req, cookieName)).toEqual([
+      'sessionCookieValue1',
+      'sessionCookieValue2',
+    ])
+  })
 })

src/utils/cookie/getCookie/getCookie.ts

@@ -3,31 +3,42 @@ import http from 'http'
 /**
  * RegExp to match all characters to escape in a RegExp.
  */
-
 const REGEXP_ESCAPE_CHARS_REGEXP = /[\^$\\.*+?()[\]{}|]/g
 
 const getPattern = (name: string) =>
   new RegExp(
-    '(?:^|;) *' + name.replace(REGEXP_ESCAPE_CHARS_REGEXP, '\\$&') + '=([^;]*)',
+    '(?:^|;)*[0-9:]*' +
+      name.replace(REGEXP_ESCAPE_CHARS_REGEXP, '\\$&') +
+      '=([^;]*)',
   )
 
 export const getCookie = (
   request: http.IncomingMessage,
   name: string,
 ): string | undefined => {
-  const header = request.headers['cookie']
-  if (!header) {
-    return undefined
-  }
-
-  const match = header.match(getPattern(name))
-  if (!match) {
-    return undefined
-  }
-
-  const value = match[1]
-  if (value[0] === '"') {
-    return value.slice(1, -1)
-  }
-  return value
+  return getAllCookies(request, name)[0]
+}
+
+export const getAllCookies = (
+  request: http.IncomingMessage,
+  name: string,
+): string[] => {
+  const headerCookies = (request.headers['cookie'] || '').split(/;\s*/)
+
+  return headerCookies
+    .map((cookie) => {
+      const match = cookie.match(getPattern(name))
+      if (!match) {
+        return undefined
+      }
+
+      const value = match[1]
+
+      if (value[0] === '"') {
+        return value.slice(1, -1)
+      }
+
+      return value
+    })
+    .filter((cookie) => cookie !== undefined)
 }

src/utils/verifyData/verifyData.ts

@@ -10,7 +10,7 @@ export const verifyData = <Data>(secret: string, jwtToken: string): unknown => {
       return undefined
     }
     return payload.data as Data
-  } catch (e) {
+  } catch {
     return undefined
   }
 }