kv-storage #142
Open
kv-storage #142
+1,293
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WalkthroughA new Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant KvStorage
participant CloudflareKV
Client->>KvStorage: setSessionItem(key, value)
KvStorage->>CloudflareKV: put(key_chunkN, value_chunkN, {ttl})
CloudflareKV-->>KvStorage: ack
KvStorage-->>Client: done
Client->>KvStorage: getSessionItem(key)
KvStorage->>CloudflareKV: get(key_chunkN)
CloudflareKV-->>KvStorage: value_chunkN
KvStorage-->>Client: value (concatenated)
Client->>KvStorage: removeSessionItem(key)
KvStorage->>CloudflareKV: delete(key_chunkN)
CloudflareKV-->>KvStorage: ack
KvStorage-->>Client: done
Client->>KvStorage: destroySession()
KvStorage->>CloudflareKV: list(prefix)
CloudflareKV-->>KvStorage: [key_chunk1, key_chunk2, ...]
KvStorage->>CloudflareKV: delete(each key_chunk)
CloudflareKV-->>KvStorage: ack
KvStorage-->>Client: done
sequenceDiagram
participant Client
participant CookieStorage
participant CookieAdapter
Client->>CookieStorage: setSessionItem(key, value)
CookieStorage->>CookieAdapter: delete(existing chunks)
CookieStorage->>CookieAdapter: set(chunked cookies with options)
CookieAdapter-->>CookieStorage: ack
CookieStorage-->>Client: done
Client->>CookieStorage: getSessionItem(key)
CookieStorage->>CookieAdapter: get(chunked cookies)
CookieAdapter-->>CookieStorage: cookie chunks
CookieStorage-->>Client: value (concatenated)
Client->>CookieStorage: removeSessionItem(key)
CookieStorage->>CookieAdapter: delete(chunked cookies)
CookieAdapter-->>CookieStorage: ack
CookieStorage-->>Client: done
Client->>CookieStorage: destroySession()
CookieStorage->>CookieAdapter: delete(all session keys cookies)
CookieAdapter-->>CookieStorage: ack
CookieStorage-->>Client: done
Suggested reviewers
✨ Finishing Touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
lib/sessionManager/stores/kvStorage.test.ts (1)
124-130: Tests confirm string conversion behaviorThese tests verify that non-string values are converted to strings. As noted in the implementation review, this approach has limitations for complex objects. Consider adding tests for object values to demonstrate the current behavior and guide future improvements.
Add a test case to clarify object handling:
it("should handle non-string values by casting to string", async () => { await sessionManager.setSessionItem(StorageKeys.state, true); expect(await sessionManager.getSessionItem(StorageKeys.state)).toBe("true"); await sessionManager.setSessionItem(StorageKeys.state, 42); expect(await sessionManager.getSessionItem(StorageKeys.state)).toBe("42"); + + // Document current behavior for objects + await sessionManager.setSessionItem(StorageKeys.state, { foo: "bar" }); + expect(await sessionManager.getSessionItem(StorageKeys.state)).toBe("[object Object]"); });
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
lib/main.ts(1 hunks)lib/sessionManager/index.ts(1 hunks)lib/sessionManager/stores/kvStorage.test.ts(1 hunks)lib/sessionManager/stores/kvStorage.ts(1 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (1)
lib/sessionManager/stores/kvStorage.test.ts (2)
lib/sessionManager/index.ts (3)
KvStorage(28-28)storageSettings(3-21)StorageKeys(31-31)lib/sessionManager/stores/kvStorage.ts (1)
KvStorage(16-171)
🔇 Additional comments (4)
lib/sessionManager/stores/kvStorage.ts (2)
23-31: Good security warning implementation!The constructor properly warns about security implications when
useInsecureForRefreshTokenis enabled. The default TTL of 3600 seconds (1 hour) is a reasonable default for session data.
131-155: Efficient chunk removal implementation!The method efficiently identifies all chunks by checking existence rather than listing all keys, then deletes them in parallel. Good error handling pattern.
lib/main.ts (1)
60-60: LGTM!KvStorage is correctly added to the exports alongside other storage implementations.
lib/sessionManager/index.ts (1)
28-28: Export correctly added!The KvStorage export follows the established pattern and is properly placed with other storage implementations.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
lib/sessionManager/stores/cookieStorage.test.ts (1)
44-51: Consider improving test isolation for global state modifications.Modifying
storageSettings.useInsecureForRefreshTokendirectly could cause issues if tests run in parallel. Consider saving and restoring the original value in a try/finally block to ensure proper cleanup.it("should show warning when using insecure refresh token setting", () => { + const originalValue = storageSettings.useInsecureForRefreshToken; + try { storageSettings.useInsecureForRefreshToken = true; new CookieStorage(mockCookies.adapter); expect(consoleSpy).toHaveBeenCalledWith( "CookieStorage: useInsecureForRefreshToken is enabled - refresh tokens will be stored in cookies which may have security implications" ); - storageSettings.useInsecureForRefreshToken = false; + } finally { + storageSettings.useInsecureForRefreshToken = originalValue; + } });
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
lib/main.ts(2 hunks)lib/sessionManager/index.ts(1 hunks)lib/sessionManager/stores/cookieStorage.test.ts(1 hunks)lib/sessionManager/stores/cookieStorage.ts(1 hunks)lib/sessionManager/stores/kvStorage.test.ts(1 hunks)lib/sessionManager/stores/kvStorage.ts(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
- lib/main.ts
- lib/sessionManager/stores/kvStorage.test.ts
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/token/refreshToken.ts:54-57
Timestamp: 2025-01-20T20:01:21.460Z
Learning: In the Kinde JS utils library, when not using a custom domain, local storage is used by default for storing refresh tokens. This is an intentional design decision that will be documented. Users can explicitly opt out of this behavior if needed.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#128
File: lib/utils/generateProfileUrl.ts:30-35
Timestamp: 2025-05-28T10:56:50.579Z
Learning: In the Kinde js-utils codebase, if the storage system returns non-string values for access tokens, it indicates wider systemic issues. The team prefers to keep simple type casting in generateProfileUrl rather than adding defensive type checking, as the root cause would need to be addressed elsewhere.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:75-80
Timestamp: 2024-10-25T14:24:05.260Z
Learning: All storage classes (`MemoryStorage`, `LocalStorage`, `ChromeStore`, `ExpoSecureStore`) extend `SessionBase`, inheriting the `setItems` method, so they do not need to implement `setItems` explicitly.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/token/index.test.ts:59-62
Timestamp: 2024-11-19T20:31:59.197Z
Learning: In `lib/utils/token/index.test.ts`, the test "getInsecureStorage returns active storage when no insecure storage is set" is intentional. It verifies that when insecure storage is not set, `getInsecureStorage()` returns the active storage as a fallback, preferring secure storage but allowing for insecure storage when needed by consumers of the library.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#15
File: lib/utils/generateAuthUrl.ts:27-30
Timestamp: 2024-10-25T23:50:56.599Z
Learning: In `lib/utils/generateAuthUrl.ts`, `StorageKeys` is imported from `../main` and includes the `state` key.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/exchangeAuthCode.ts:51-51
Timestamp: 2024-11-10T23:29:36.293Z
Learning: In `lib/utils/exchangeAuthCode.ts`, the `exchangeAuthCode` function intentionally uses `getInsecureStorage()` to store temporary authentication flow values locally between sessions. This is necessary for storing data needed for the return trip. The `getInsecureStorage()` function returns the secure storage if no active insecure storage is defined.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.307Z
Learning: Security documentation for configuration options in this codebase should be placed in the implementation file (e.g., index.ts) rather than the types file, as demonstrated with `useInsecureForRefreshToken` in `lib/sessionManager/index.ts`.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/main.test.ts:57-60
Timestamp: 2024-11-19T20:28:09.344Z
Learning: The insecure storage methods (`clearInsecureStorage`, `getInsecureStorage`, `hasInsecureStorage`, `setInsecureStorage`) are provided to temporarily store data for front-end SDKs, and their usage is optional.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/exchangeAuthCode.ts:152-154
Timestamp: 2025-01-28T14:24:26.982Z
Learning: Security implications of insecure token storage for non-custom domains in js-utils are documented in the library documentation, and warnings are implemented through the localStorage implementation.
lib/sessionManager/index.ts (10)
Learnt from: DanielRivers
PR: kinde-oss/js-utils#15
File: lib/utils/generateAuthUrl.ts:27-30
Timestamp: 2024-10-25T23:50:56.599Z
Learning: In `lib/utils/generateAuthUrl.ts`, `StorageKeys` is imported from `../main` and includes the `state` key.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#12
File: lib/main.ts:0-0
Timestamp: 2024-10-08T23:57:58.113Z
Learning: When exporting modules in `lib/main.ts`, ensure that paths to modules like `./utils/token` are explicitly set to include `index.ts` (e.g., `./utils/token/index.ts`) to prevent missing export issues.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#12
File: lib/main.ts:0-0
Timestamp: 2024-09-23T22:08:18.788Z
Learning: When exporting modules in `lib/main.ts`, ensure that paths to modules like `./utils/token` are explicitly set to include `index.ts` (e.g., `./utils/token/index.ts`) to prevent missing export issues.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.307Z
Learning: Security documentation for configuration options in this codebase should be placed in the implementation file (e.g., index.ts) rather than the types file, as demonstrated with `useInsecureForRefreshToken` in `lib/sessionManager/index.ts`.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/exchangeAuthCode.ts:51-51
Timestamp: 2024-11-10T23:29:36.293Z
Learning: In `lib/utils/exchangeAuthCode.ts`, the `exchangeAuthCode` function intentionally uses `getInsecureStorage()` to store temporary authentication flow values locally between sessions. This is necessary for storing data needed for the return trip. The `getInsecureStorage()` function returns the secure storage if no active insecure storage is defined.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/token/index.test.ts:59-62
Timestamp: 2024-11-19T20:31:59.197Z
Learning: In `lib/utils/token/index.test.ts`, the test "getInsecureStorage returns active storage when no insecure storage is set" is intentional. It verifies that when insecure storage is not set, `getInsecureStorage()` returns the active storage as a fallback, preferring secure storage but allowing for insecure storage when needed by consumers of the library.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:75-80
Timestamp: 2024-10-25T14:24:05.260Z
Learning: All storage classes (`MemoryStorage`, `LocalStorage`, `ChromeStore`, `ExpoSecureStore`) extend `SessionBase`, inheriting the `setItems` method, so they do not need to implement `setItems` explicitly.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/main.test.ts:57-60
Timestamp: 2024-11-19T20:28:09.344Z
Learning: The insecure storage methods (`clearInsecureStorage`, `getInsecureStorage`, `hasInsecureStorage`, `setInsecureStorage`) are provided to temporarily store data for front-end SDKs, and their usage is optional.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/token/refreshToken.ts:54-57
Timestamp: 2025-01-20T20:01:21.460Z
Learning: In the Kinde JS utils library, when not using a custom domain, local storage is used by default for storing refresh tokens. This is an intentional design decision that will be documented. Users can explicitly opt out of this behavior if needed.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/exchangeAuthCode.ts:152-154
Timestamp: 2025-01-28T14:24:26.982Z
Learning: Security implications of insecure token storage for non-custom domains in js-utils are documented in the library documentation, and warnings are implemented through the localStorage implementation.
lib/sessionManager/stores/cookieStorage.test.ts (11)
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/token/index.test.ts:59-62
Timestamp: 2024-11-19T20:31:59.197Z
Learning: In `lib/utils/token/index.test.ts`, the test "getInsecureStorage returns active storage when no insecure storage is set" is intentional. It verifies that when insecure storage is not set, `getInsecureStorage()` returns the active storage as a fallback, preferring secure storage but allowing for insecure storage when needed by consumers of the library.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.307Z
Learning: Security documentation for configuration options in this codebase should be placed in the implementation file (e.g., index.ts) rather than the types file, as demonstrated with `useInsecureForRefreshToken` in `lib/sessionManager/index.ts`.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#8
File: lib/utils/token/testUtils/index.ts:3-39
Timestamp: 2024-09-19T22:17:02.939Z
Learning: The file `lib/utils/token/testUtils/index.ts` is a test utility, not production code.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#8
File: lib/utils/token/testUtils/index.ts:3-39
Timestamp: 2024-10-08T23:57:58.113Z
Learning: The file `lib/utils/token/testUtils/index.ts` is a test utility, not production code.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#15
File: lib/utils/generateAuthUrl.ts:27-30
Timestamp: 2024-10-25T23:50:56.599Z
Learning: In `lib/utils/generateAuthUrl.ts`, `StorageKeys` is imported from `../main` and includes the `state` key.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/exchangeAuthCode.ts:152-154
Timestamp: 2025-01-28T14:24:26.982Z
Learning: Security implications of insecure token storage for non-custom domains in js-utils are documented in the library documentation, and warnings are implemented through the localStorage implementation.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/exchangeAuthCode.ts:51-51
Timestamp: 2024-11-10T23:29:36.293Z
Learning: In `lib/utils/exchangeAuthCode.ts`, the `exchangeAuthCode` function intentionally uses `getInsecureStorage()` to store temporary authentication flow values locally between sessions. This is necessary for storing data needed for the return trip. The `getInsecureStorage()` function returns the secure storage if no active insecure storage is defined.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#128
File: lib/utils/generateProfileUrl.ts:30-35
Timestamp: 2025-05-28T10:56:50.579Z
Learning: In the Kinde js-utils codebase, if the storage system returns non-string values for access tokens, it indicates wider systemic issues. The team prefers to keep simple type casting in generateProfileUrl rather than adding defensive type checking, as the root cause would need to be addressed elsewhere.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:34-42
Timestamp: 2024-10-25T15:15:13.928Z
Learning: In `lib/sessionManager/types.ts`, the `setItems` method is unlikely to be used with large batches of items, so chunking is not necessary.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/token/refreshToken.ts:54-57
Timestamp: 2025-01-20T20:01:21.460Z
Learning: In the Kinde JS utils library, when not using a custom domain, local storage is used by default for storing refresh tokens. This is an intentional design decision that will be documented. Users can explicitly opt out of this behavior if needed.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#15
File: lib/utils/generateAuthUrl.test.ts:104-104
Timestamp: 2024-10-25T23:53:26.124Z
Learning: In `lib/utils/generateAuthUrl.test.ts`, the code is test code and may not require strict adherence to PKCE specifications.
lib/sessionManager/stores/kvStorage.ts (10)
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:75-80
Timestamp: 2024-10-25T14:24:05.260Z
Learning: All storage classes (`MemoryStorage`, `LocalStorage`, `ChromeStore`, `ExpoSecureStore`) extend `SessionBase`, inheriting the `setItems` method, so they do not need to implement `setItems` explicitly.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.307Z
Learning: Security documentation for configuration options in this codebase should be placed in the implementation file (e.g., index.ts) rather than the types file, as demonstrated with `useInsecureForRefreshToken` in `lib/sessionManager/index.ts`.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:34-42
Timestamp: 2024-10-25T15:15:13.928Z
Learning: In `lib/sessionManager/types.ts`, the `setItems` method is unlikely to be used with large batches of items, so chunking is not necessary.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/main.test.ts:57-60
Timestamp: 2024-11-19T20:28:09.344Z
Learning: The insecure storage methods (`clearInsecureStorage`, `getInsecureStorage`, `hasInsecureStorage`, `setInsecureStorage`) are provided to temporarily store data for front-end SDKs, and their usage is optional.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#15
File: lib/utils/generateAuthUrl.ts:27-30
Timestamp: 2024-10-25T23:50:56.599Z
Learning: In `lib/utils/generateAuthUrl.ts`, `StorageKeys` is imported from `../main` and includes the `state` key.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/token/refreshToken.ts:54-57
Timestamp: 2025-01-20T20:01:21.460Z
Learning: In the Kinde JS utils library, when not using a custom domain, local storage is used by default for storing refresh tokens. This is an intentional design decision that will be documented. Users can explicitly opt out of this behavior if needed.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/exchangeAuthCode.ts:51-51
Timestamp: 2024-11-10T23:29:36.293Z
Learning: In `lib/utils/exchangeAuthCode.ts`, the `exchangeAuthCode` function intentionally uses `getInsecureStorage()` to store temporary authentication flow values locally between sessions. This is necessary for storing data needed for the return trip. The `getInsecureStorage()` function returns the secure storage if no active insecure storage is defined.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#128
File: lib/utils/generateProfileUrl.ts:30-35
Timestamp: 2025-05-28T10:56:50.579Z
Learning: In the Kinde js-utils codebase, if the storage system returns non-string values for access tokens, it indicates wider systemic issues. The team prefers to keep simple type casting in generateProfileUrl rather than adding defensive type checking, as the root cause would need to be addressed elsewhere.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/token/index.test.ts:59-62
Timestamp: 2024-11-19T20:31:59.197Z
Learning: In `lib/utils/token/index.test.ts`, the test "getInsecureStorage returns active storage when no insecure storage is set" is intentional. It verifies that when insecure storage is not set, `getInsecureStorage()` returns the active storage as a fallback, preferring secure storage but allowing for insecure storage when needed by consumers of the library.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.306Z
Learning: The `useInsecureForRefreshToken` setting in `lib/sessionManager/index.ts` should only be used when not using a custom domain and when there's no backend app to authenticate on, as documented in the implementation file.
lib/sessionManager/stores/cookieStorage.ts (10)
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.307Z
Learning: Security documentation for configuration options in this codebase should be placed in the implementation file (e.g., index.ts) rather than the types file, as demonstrated with `useInsecureForRefreshToken` in `lib/sessionManager/index.ts`.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/exchangeAuthCode.ts:51-51
Timestamp: 2024-11-10T23:29:36.293Z
Learning: In `lib/utils/exchangeAuthCode.ts`, the `exchangeAuthCode` function intentionally uses `getInsecureStorage()` to store temporary authentication flow values locally between sessions. This is necessary for storing data needed for the return trip. The `getInsecureStorage()` function returns the secure storage if no active insecure storage is defined.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:75-80
Timestamp: 2024-10-25T14:24:05.260Z
Learning: All storage classes (`MemoryStorage`, `LocalStorage`, `ChromeStore`, `ExpoSecureStore`) extend `SessionBase`, inheriting the `setItems` method, so they do not need to implement `setItems` explicitly.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#15
File: lib/utils/generateAuthUrl.ts:27-30
Timestamp: 2024-10-25T23:50:56.599Z
Learning: In `lib/utils/generateAuthUrl.ts`, `StorageKeys` is imported from `../main` and includes the `state` key.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#16
File: lib/sessionManager/types.ts:34-42
Timestamp: 2024-10-25T15:15:13.928Z
Learning: In `lib/sessionManager/types.ts`, the `setItems` method is unlikely to be used with large batches of items, so chunking is not necessary.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/main.test.ts:57-60
Timestamp: 2024-11-19T20:28:09.344Z
Learning: The insecure storage methods (`clearInsecureStorage`, `getInsecureStorage`, `hasInsecureStorage`, `setInsecureStorage`) are provided to temporarily store data for front-end SDKs, and their usage is optional.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#61
File: lib/sessionManager/types.ts:20-20
Timestamp: 2025-01-16T21:47:40.306Z
Learning: The `useInsecureForRefreshToken` setting in `lib/sessionManager/index.ts` should only be used when not using a custom domain and when there's no backend app to authenticate on, as documented in the implementation file.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/token/refreshToken.ts:54-57
Timestamp: 2025-01-20T20:01:21.460Z
Learning: In the Kinde JS utils library, when not using a custom domain, local storage is used by default for storing refresh tokens. This is an intentional design decision that will be documented. Users can explicitly opt out of this behavior if needed.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#11
File: lib/utils/token/index.test.ts:59-62
Timestamp: 2024-11-19T20:31:59.197Z
Learning: In `lib/utils/token/index.test.ts`, the test "getInsecureStorage returns active storage when no insecure storage is set" is intentional. It verifies that when insecure storage is not set, `getInsecureStorage()` returns the active storage as a fallback, preferring secure storage but allowing for insecure storage when needed by consumers of the library.
Learnt from: DanielRivers
PR: kinde-oss/js-utils#69
File: lib/utils/exchangeAuthCode.ts:152-154
Timestamp: 2025-01-28T14:24:26.982Z
Learning: Security implications of insecure token storage for non-custom domains in js-utils are documented in the library documentation, and warnings are implemented through the localStorage implementation.
🧬 Code Graph Analysis (2)
lib/sessionManager/stores/cookieStorage.test.ts (3)
lib/sessionManager/index.ts (6)
CookieOptions(30-30)CookieAdapter(30-30)CookieStorage(29-29)storageSettings(3-21)StorageKeys(32-32)createGenericCookieAdapter(29-29)lib/sessionManager/stores/cookieStorage.ts (4)
CookieOptions(17-25)CookieAdapter(8-12)CookieStorage(44-215)createGenericCookieAdapter(220-230)lib/main.ts (6)
CookieOptions(82-82)CookieAdapter(82-82)CookieStorage(61-61)storageSettings(56-56)StorageKeys(63-63)createGenericCookieAdapter(62-62)
lib/sessionManager/stores/kvStorage.ts (2)
lib/sessionManager/index.ts (4)
KvStorage(28-28)StorageKeys(32-32)SessionManager(33-33)storageSettings(3-21)lib/main.ts (5)
KvStorage(58-58)StorageKeys(63-63)SessionManager(82-82)storageSettings(56-56)splitString(18-18)
🔇 Additional comments (7)
lib/sessionManager/index.ts (1)
28-30: LGTM!The exports for the new storage implementations are correctly added and follow the established pattern in this file.
lib/sessionManager/stores/cookieStorage.test.ts (1)
164-303: Excellent test coverage!The test suite comprehensively covers:
- Custom key types with generics
- Error handling for all operations
- The adapter factory function
- Chunking behavior with edge cases
The use of small chunk sizes in the chunking tests makes the behavior easy to verify.
lib/sessionManager/stores/kvStorage.ts (3)
89-98: The serialization logic looks correct.The implementation properly handles non-string values by using JSON.stringify for objects and String() for other types. This addresses the serialization concerns effectively.
112-196: Well-designed eventual consistency handling!The implementation includes:
- Configurable retry logic with exponential backoff
- Proper chunk reconstruction
- Write verification through
waitForConsistency- Clear separation between retry logic and actual retrieval
This provides robust handling for Cloudflare KV's eventual consistency model.
201-213: Smart handling of batch operations!The method intelligently switches between sequential processing (for consistency verification) and parallel processing (for performance) based on the
enableConsistencyChecksflag.lib/sessionManager/stores/cookieStorage.ts (2)
8-36: Well-designed interfaces with secure defaults!The
CookieAdapterinterface provides a clean abstraction for cookie operations, and the default options follow security best practices (httpOnly, secure, sameSite='lax').
82-189: Robust cookie management implementation!The session management methods properly handle:
- Chunking for large string values
- JSON serialization for objects
- Correct cookie deletion with path option
- Comprehensive error handling
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Cloudflare KV Storage Support
Summary
Adds KvStorage class to provide session management using Cloudflare KV storage for server-side environments.
Implementation
Extends SessionBase and implements SessionManager interface
Consistent with existing store patterns (localStorage, memory, etc.)
Testing
test coverage including standard operations, custom keys, chunking, and error scenarios