feat: integrate @kinde/js-utils ExpressStore for session management

- Replace deprecated Kinde TS SDK session handling with js-utils ExpressStore
- Add @kinde/js-utils dependency (v0.29.0)
- Add sessionManager tests
- Update type definitions for express-session
- Configure pnpm workspace

Author: dtoxvanilla1991

package.json

@@ -81,6 +81,7 @@
   "private": false,
   "dependencies": {
     "@kinde-oss/kinde-typescript-sdk": "^2.13.0",
+    "@kinde/js-utils": "^0.29.0",
     "@kinde/jwt-validator": "^0.4.0",
     "aws-jwt-verify": "^5.0.0",
     "eslint-config-prettier": "^10.1.2",

pnpm-lock.yaml

@@ -0,0 +1,2 @@
+overrides:
+  "@kinde/js-utils": link:../js-utils

pnpm-workspace.yaml

@@ -1,34 +1,33 @@
+import type { Express } from "express";
 import {
   type SetupConfig,
   getInternalClient,
   setupInternalClient,
 } from "./setup/index.js";
 import { setupAuthRouter } from "./auth/index.js";
-import type { Express } from "express";
 import { jwtVerify } from "./helpers/kindeMiddlewareHelpers.js";
-
-import {
-  managementApi,
-  GrantType,
-  Configuration,
-} from "@kinde-oss/kinde-typescript-sdk";
-
+import { setupKindeSession } from "./setup/sessionManager.js";
+import type { GrantType } from "@kinde-oss/kinde-typescript-sdk";
 export * from "./helpers/index.js";
-export { managementApi, GrantType, Configuration, jwtVerify };
+export { jwtVerify };
 
 /**
- * Encapsulates Kinde setup by completing creating internal TypeScript SDK
- * client, setting up its session manager interface and attaching auth router
- * to provided express instance.
+ * Encapsulates Kinde setup for an Express application by setting up sessions,
+ * creating the client, and attaching authentication routes.
  *
- * @param {Express} app
- * @param {SetupConfig} config
+ * @param {SetupConfig} config The Kinde configuration object.
+ * @param {Express} app The Express application instance.
+ * @returns The initialized Kinde client.
  */
 export const setupKinde = <G extends GrantType>(
   config: SetupConfig<G>,
   app: Express,
 ) => {
-  setupInternalClient(app, config);
+  // setting up expressSession layer first for Kinde
+  setupKindeSession(app);
+  // initializing the Kinde SDK client
+  setupInternalClient(config);
+  // setting up the authentication routes
   setupAuthRouter(app, "/");
   return getInternalClient();
 };

src/index.ts

@@ -1,4 +1,5 @@
-import { GrantType, setupKinde } from "./index.js";
+import { GrantType } from "@kinde-oss/kinde-typescript-sdk";
+import { setupKinde } from "./index.js";
 import express from "express";
 
 export const mockClientConfig = {

src/mocks.ts

@@ -1,24 +1,10 @@
-import { setupKindeSession } from "./sessionManager.js";
-import { setupInternalClient as setupKindeClient } from "./kindeClient.js";
-import type { GrantType } from "@kinde-oss/kinde-typescript-sdk";
-import type { SetupConfig } from "./kindeSetupTypes.js";
-import type { Express } from "express";
+// this file only re-exports the necessary functions and types from the other files
+// in the setup directory
+export {
+  getInternalClient,
+  getInitialConfig,
+  setupInternalClient,
+} from "./kindeClient.js";
 
-export { getInternalClient, getInitialConfig } from "./kindeClient.js";
+export { getSessionManager, setupKindeSession } from "./sessionManager.js";
 export * from "./kindeSetupTypes.js";
-
-/**
- * Encapsulates Kinde setup of creatint creating internal TypeScript SDK
- * client, setting up its session manager interface and attaching session
- * manager to provided express instance.
- *
- * @param {Express} app
- * @param {SetupConfig} config
- */
-export const setupInternalClient = <G extends GrantType>(
-  app: Express,
-  config: SetupConfig<G>,
-): void => {
-  setupKindeSession(app);
-  setupKindeClient(config);
-};

src/setup/index.ts

@@ -6,7 +6,7 @@ import type {
   CCClientOptions,
 } from "@kinde-oss/kinde-typescript-sdk";
 
-interface CommonSetupConfigParams<G extends GrantType> {
+export interface CommonSetupConfigParams<G extends GrantType> {
   grantType: G;
   issuerBaseUrl: string;
   postLogoutRedirectUrl: string;
@@ -16,20 +16,20 @@ interface CommonSetupConfigParams<G extends GrantType> {
   scope?: string;
 }
 
-interface ACSetupConfigParams
+export interface ACSetupConfigParams
   extends CommonSetupConfigParams<GrantType.AUTHORIZATION_CODE> {
   secret: string;
   unAuthorisedUrl: string;
   redirectUrl: string;
 }
 
-interface PKCESetupConfigParams
+export interface PKCESetupConfigParams
   extends CommonSetupConfigParams<GrantType.PKCE> {
   unAuthorisedUrl: string;
   redirectUrl: string;
 }
 
-interface CCSetupConfigParams
+export interface CCSetupConfigParams
   extends CommonSetupConfigParams<GrantType.CLIENT_CREDENTIALS> {
   secret: string;
 }
@@ -38,7 +38,7 @@ export type ClientType<G extends GrantType> = ReturnType<
   typeof createKindeServerClient<G>
 >;
 
-export type SetupConfig<G> = G extends GrantType.PKCE
+export type SetupConfig<G extends GrantType> = G extends GrantType.PKCE
   ? PKCESetupConfigParams
   : G extends GrantType.AUTHORIZATION_CODE
     ? ACSetupConfigParams

src/setup/kindeSetupTypes.ts

@@ -0,0 +1,132 @@
+import { describe, it, expect, beforeEach } from "vitest";
+import express, { type Express } from "express";
+import request from "supertest";
+import session from "express-session";
+import { setupKindeSession } from "./sessionManager.js";
+
+describe("sessionManager", () => {
+  let app: Express;
+
+  beforeEach(() => {
+    app = express();
+    app.use(express.json());
+  });
+
+  describe("setupKindeSession()", () => {
+    it("should add session middleware if it has not been added", () => {
+      setupKindeSession(app);
+      const sessionMiddleware = app._router.stack.find(
+        (layer) => layer.name === "session",
+      );
+      expect(sessionMiddleware).toBeDefined();
+    });
+
+    it("should not add session middleware if it has already been added", () => {
+      app.use(
+        session({
+          secret:
+            process.env.TEST_SESSION_SECRET || "test-secret-" + Date.now(),
+          resave: false,
+          saveUninitialized: true,
+        }),
+      );
+      const sessionMiddlewareCount = app._router.stack.filter(
+        (layer) => layer.name === "session",
+      ).length;
+      expect(sessionMiddlewareCount).toBe(1);
+      setupKindeSession(app);
+      const sessionMiddlewareCountAfter = app._router.stack.filter(
+        (layer) => layer.name === "session",
+      ).length;
+      expect(sessionMiddlewareCountAfter).toBe(1);
+    });
+
+    it("should add getSessionManager middleware", () => {
+      const initialStackLength = app._router.stack.length;
+      setupKindeSession(app);
+      const finalStackLength = app._router.stack.length;
+      expect(finalStackLength).toBeGreaterThan(initialStackLength);
+    });
+  });
+
+  describe("ExpressSessionManager functionality", () => {
+    beforeEach(() => {
+      setupKindeSession(app);
+      app.get("/session-functions", (req, res) => {
+        res.json({
+          setSessionItem: typeof req.setSessionItem === "function",
+          getSessionItem: typeof req.getSessionItem === "function",
+          removeSessionItem: typeof req.removeSessionItem === "function",
+          destroySession: typeof req.destroySession === "function",
+        });
+      });
+
+      app.post("/set-item", async (req, res) => {
+        const { key, value } = req.body;
+        await req.setSessionItem(key, value);
+        res.sendStatus(200);
+      });
+
+      app.get("/get-item", async (req, res) => {
+        const { key } = req.query;
+        const value = await req.getSessionItem(key as string);
+        res.json({ value });
+      });
+
+      app.post("/remove-item", async (req, res) => {
+        const { key } = req.body;
+        await req.removeSessionItem(key);
+        res.sendStatus(200);
+      });
+
+      app.post("/destroy", async (req, res) => {
+        try {
+          await req.destroySession();
+          res.sendStatus(200);
+        } catch {
+          res.status(500).send("Error destroying session");
+        }
+      });
+    });
+
+    it("adds ExpressSessionManager methods to the request object", async () => {
+      const res = await request(app).get("/session-functions");
+      expect(res.status).toBe(200);
+      expect(res.body).toEqual({
+        setSessionItem: true,
+        getSessionItem: true,
+        removeSessionItem: true,
+        destroySession: true,
+      });
+    });
+
+    it("sets and gets a session item via ExpressSessionManager", async () => {
+      const agent = request.agent(app);
+      await agent
+        .post("/set-item")
+        .send({ key: "testKey", value: "testValue" });
+      const res = await agent.get("/get-item").query({ key: "testKey" });
+      expect(res.body.value).toBe("testValue");
+    });
+
+    it("removes a session item via ExpressSessionManager", async () => {
+      const agent = request.agent(app);
+      await agent
+        .post("/set-item")
+        .send({ key: "testKey", value: "testValue" });
+      await agent.post("/remove-item").send({ key: "testKey" });
+      const res = await agent.get("/get-item").query({ key: "testKey" });
+      expect(res.body.value).toBe(null);
+    });
+
+    it("destroys the session via ExpressSessionManager", async () => {
+      const agent = request.agent(app);
+      await agent
+        .post("/set-item")
+        .send({ key: "testKey", value: "testValue" });
+      await agent.post("/destroy");
+      const res = await agent.get("/get-item").query({ key: "testKey" });
+      expect(res.body.value).toBe(null);
+    });
+  });
+});

src/setup/sessionManager.test.ts

@@ -1,6 +1,7 @@
 import { ExpressMiddleware, randomString } from "../utils.js";
 import type { Express, Request, Response, NextFunction } from "express";
 import session, { type SessionOptions } from "express-session";
+import { ExpressSessionManager } from "@kinde/js-utils";
 
 const SESSION_MAX_AGE: number = 1000 * 60 * 60 * 24;
 
@@ -18,27 +19,27 @@ const sessionConfig: SessionOptions = {
 };
 
 /**
- * Sets up @type{import('@kinde-oss/kinde-typescript-sdk').SessionManager} as an
- * as an express middleware, with the assumption that `express-session` package
- * middleware has already been configured.
+ * Sets up the session manager by creating an instance of the
+ * `ExpressSessionManager` class from @kinde/js-utils for each request.
  *
  * @returns {ExpressMiddleware}
  */
-const getSessionManager = (): ExpressMiddleware<void> => {
+export const getSessionManager = (): ExpressMiddleware<void> => {
   return (req: Request, _: Response, next: NextFunction) => {
-    req.setSessionItem = async (itemKey, itemValue) => {
-      req.session[itemKey] = itemValue;
-    };
-    req.getSessionItem = async (itemKey) => {
-      return req.session[itemKey] ?? null;
-    };
-    req.removeSessionItem = async (itemKey) => {
-      delete req.session[itemKey];
-    };
-    req.destroySession = async () => {
-      req.session.destroy((e) => console.log(e));
-    };
-    next();
+    try {
+      // Ensuring the session is initialized
+      const manager = new ExpressSessionManager(req);
+
+      // Now bridging the methods from @kinde/js-utils to req object
+      req.setSessionItem = manager.setSessionItem.bind(manager);
+      req.getSessionItem = manager.getSessionItem.bind(manager);
+      req.removeSessionItem = manager.removeSessionItem.bind(manager);
+      req.destroySession = manager.destroySession.bind(manager);
+
+      next();
+    } catch (error) {
+      next(error);
+    }
   };
 };
 
@@ -51,8 +52,7 @@ const hasSessionMiddleware = (app: Express) => {
 };
 
 /**
- * Attaches the `express-session` middleware and the `SessionManager` for internal
- * typescript SDK (in middleware form).
+ * Attaches the `express-session` middleware and the Kinde ExpressSessionManager.
  * @param {Express} app
  */
 export const setupKindeSession = (app: Express): void => {