Class: Session

session.Session

A session represents a trusted connection between a Server and Client which can be used to authenticate requests, allowing both parties to verify the other parties identity and check the request/response bodies integrity. The authentication flow usually works as follows:

// CLIENT

const request = createRequest();
await this.session.authenticate(request);

// SERVER

if (!(await context.session.verify(request))) {
    throw "Failed to verify request!";
}

const response = processRequest(request);
await context.session.authenticate(response);

// CLIENT

if (!(await context.session.verify(response))) {
    throw "Failed to verify response!";
}

processResponse(response);

                       ┌──────────┐     ┌──────────┐
                       │Client (C)│     │Server (S)│
                       └─────┬────┘     └────┬─────┘
┌──────────────────────────┐ │               │
│req = [request body]      │ │   req, sid,   │
│t1 = [timestamp]          │ │   t1, sig1    │ ┌──────────────────────────┐
│sig1 = HMAC(K, sid|t1|req)│ │──────────────▶│ │=> verify sig1            │
└──────────────────────────┘ │               │ │res = [response body]     │
                             │               │ │t2 = [timestamp]          │
            ┌──────────────┐ │ res, t2, sig2 │ │sig2 = HMAC(K, sid|t2|res)│
            │=> verify sig2│ │◁ ─ ─ ─ ─ ─ ─ ─│ └──────────────────────────┘
            └──────────────┘ │               │
                             │               │
                             ▼               ▼

Hierarchy

Serializable

↳ Session

Implements

Storable

Constructors

constructor

• new Session()

Inherited from

Serializable.constructor

Properties

_propertySerializationOptions

• _propertySerializationOptions: SerializationOptions[]

Implementation of

Storable._propertySerializationOptions

Inherited from

Serializable._propertySerializationOptions

Defined in

core/src/encoding.ts:163

account

• account: string = ""

Associated Account

Defined in

core/src/session.ts:90

created

• created: Date

Time of creation

Defined in

core/src/session.ts:94

device

• Optional device: DeviceInfo

Info about the device the client is running on

Defined in

core/src/session.ts:114

expires

• Optional expires: Date

Expiration time

Defined in

core/src/session.ts:106

id

• id: string = ""

Unique identifier

Implementation of

Storable.id

Defined in

core/src/session.ts:87

key

• Optional key: Uint8Array

Session key used to sign/verify requests and responses

Defined in

core/src/session.ts:110

lastLocation

• Optional lastLocation: Object = undefined

Type declaration

Name	Type
`city?`	`string`
`country?`	`string`

Defined in

core/src/session.ts:116

lastUsed

• lastUsed: Date

When this session was last used to authenticate a request

Defined in

core/src/session.ts:102

updated

• updated: Date

Time of last update

Defined in

core/src/session.ts:98

Accessors

info

• get info(): SessionInfo

Public session info

Returns

SessionInfo

Defined in

core/src/session.ts:124

kind

• get kind(): string

A string representing the objects "type", useful for segmenting storage, among other things. Defaults to the lowercase class name, but can be overwritten by subclasses

Returns

string

Implementation of

Storable.kind

Inherited from

Serializable.kind

Defined in

core/src/encoding.ts:159

Methods

_fromRaw

▸ Protected _fromRaw(raw): void

Restore values from a raw object. The default implementation simply copies over all iterable properties from the base object. Overwrite this method for properties that require special treatment

Parameters

Name	Type
`raw`	`any`

Returns

void

Implementation of

Storable._fromRaw

Inherited from

Serializable._fromRaw

Defined in

core/src/encoding.ts:286

_sign

▸ Private _sign(data): Promise<RequestAuthentication>

Parameters

Name	Type
`data`	`any`

Returns

Promise<RequestAuthentication>

Defined in

core/src/session.ts:160

_toRaw

▸ Protected _toRaw(version): any

Transform this object into a raw javascript object used for serialization. The default implementation simply copies all iterable properties not included in the [[exlude]] array and calls toRaw on any properties that are themselfes instances of Serializable. This method should be overwritten by subclasses if certain properties require special treatment.

Parameters

Name	Type
`version`	`undefined` \| `string`

Returns

any

Implementation of

Storable._toRaw

Inherited from

Serializable._toRaw

Defined in

core/src/encoding.ts:257

_verify

▸ Private _verify(auth, data): Promise<boolean>

Parameters

Name	Type
`auth`	`RequestAuthentication`
`data`	`any`

Returns

Promise<boolean>

Defined in

core/src/session.ts:172

authenticate

▸ authenticate(r): Promise<void>

Authenticates a Request or Response by signing the session id, timestamp and request/response body using the session key.

Parameters

Name	Type
`r`	`Request` \| `Response`

Returns

Promise<void>

Defined in

core/src/session.ts:141

clone

▸ clone(): Session

Creates a deep clone of the object

Returns

Session

Implementation of

Storable.clone

Inherited from

Serializable.clone

Defined in

core/src/encoding.ts:244

fromBytes

▸ fromBytes(bytes): Session

Deserializes the object from a byte array

Parameters

Name	Type
`bytes`	`Uint8Array`

Returns

Session

Implementation of

Storable.fromBytes

Inherited from

Serializable.fromBytes

Defined in

core/src/encoding.ts:237

fromJSON

▸ fromJSON(json): Session

Deserializes the object from a JSON string

Parameters

Name	Type
`json`	`string`

Returns

Session

Implementation of

Storable.fromJSON

Inherited from

Serializable.fromJSON

Defined in

core/src/encoding.ts:223

fromRaw

▸ fromRaw(raw): Session

Restores propertiers from a raw object of the same form generated by toRaw. The base implementation blindly copies over values from the raw object via Object.assign so subclasses should explictly process any propertyies that need special treatment.

Also takes are of validation and "upgrading" in case the raw object has an old version. Use the protected _fromRaw method to implement subclass-specific behavior.

Parameters

Name	Type
`raw`	`any`

Returns

Session

Implementation of

Storable.fromRaw

Inherited from

Serializable.fromRaw

Defined in

core/src/encoding.ts:196

toBytes

▸ toBytes(): Uint8Array

Returns a serialization of the object in form of a byte array

Returns

Uint8Array

Implementation of

Storable.toBytes

Inherited from

Serializable.toBytes

Defined in

core/src/encoding.ts:230

toJSON

▸ toJSON(): string

Returns a JSON serialization of the object

Returns

string

Implementation of

Storable.toJSON

Inherited from

Serializable.toJSON

Defined in

core/src/encoding.ts:216

toRaw

▸ toRaw(version?): any

Creates a raw javascript object representation of the class, which can be used for storage or data transmission. Also handles "downgrading" to previous versions. Use _toRaw for subclass-specific behavior.

Parameters

Name	Type
`version?`	`string`

Returns

any

Implementation of

Storable.toRaw

Inherited from

Serializable.toRaw

Defined in

core/src/encoding.ts:179

validate

▸ validate(): boolean

This is called during deserialization and should verify that all properties have been populated with values of the correct type. Subclasses should implement this method based on their class structure.

Returns

boolean

Implementation of

Storable.validate

Inherited from

Serializable.validate

Defined in

core/src/encoding.ts:170

verify

▸ verify(r): Promise<boolean>

Verifies session id, timestamp and request/response body of a given Request or Response using the session key.

Parameters

Name	Type
`r`	`Request` \| `Response`

Returns

Promise<boolean>

Defined in

core/src/session.ts:150