api-session

A session manager for APIs

📦 Installation

npm install @janiscommerce/api-session

⚙️ API

The package exports two classes ApiSession and ApiSessionError.

constructor(authorizationData, client)

Creates an APISession with the authorizationData provided or the client for direct injection.

Parameters

• authorizationData is an optional object with the following (also optional) properties: { userId, clientId, clientCode, profileId, permissions, hasAccessToAllLocations, locations, warehousesIds }
• client is an optional object for client injection without performing any DB gets

validateLocation(locationId)

Validate if the location given is valid for the session. It validates against the locations and the hasAccessToAllLocations boolean. Returns Boolean.

validateWarehouse(warehouseId). Since 3.3.0

Validate if the warehouse given is valid for the session. It validates against the warehousesIds and the hasAccessToAllLocations boolean. Returns Boolean.

APISession getters

ApiSession has the following getters:

• userId {string} The ID of the user or undefined in case there is no user
• userIsDev {boolean} If user is dev
• serviceName {string} The name of the service or undefined in case there is no service
• isService {boolean} If session is associated to a service
• clientId {string} The ID of the client or undefined in case there is no client
• clientCode {string} The code of the client or undefined in case there is no client
• currency {string|undefined} The currency of the client or undefined in case there is no client nor currency related. Since 3.4.0
• currencyDisplay {string} The currency display of the client or default value in case there is no client. Possible values: code, symbol. Default: symbol. Since 3.4.0
• profileId {string} The ID of the profile or undefined in case there is no profile
• hasAccessToAllLocations {boolean} If has access to all locations
• locations {array} The List of Locations to which the user has permissions
• warehousesIds {array} The List of Warehouses to which the user has permissions. Since 3.3.0
• permissions {array} The permission keys or undefined in case there are no permissions associated
• async client {object} Resolves to the client object with the getInstance() method injected. The properties depend on your client internal structure. The client is injected with a getInstance() method to propagate the session to other instances.

Model Client

The package uses the Client Model in our service for getting the clients. For more information see @janiscommerce/model

Usage

const { ApiSession, ApiSessionError } = require('@janiscommerce/api-session');

Examples

const { ApiSession } = require('@janiscommerce/api-session');

const SomeModel = require('../models/some-model');

const session = new ApiSession({
	userId: 1,
	userIsDev: false,
	clientId: 2,
	clientCode: 'janis',
	profileId: 5,
	permissions: [
		'catalog:product:read',
		'catalog:product:write'
	],
	locations: ['location-1'],
	hasAccessToAllLocations: false
});

console.log(`Session created for user ${session.userId} on client ${session.clientCode}.`);

const sessionInjectedModel = session.getSessionInstance(SomeModel, 'some-param', 'some-other-param');

console.log(`Session is propagated for user ${sessionInjectedModel.session.userId} on client ${sessionInjectedModel.session.clientCode}.`);

const client = await sessionInjectedModel.session.client;

console.log(client);
// Outputs your client object

const hasAccess = session.validateLocation('location-1');

console.log(`Session has access to location 1: ${hasAccess}`);
// Outputs 'Session has access to location 1: true'