feat(#1): Store session request for concurrent fetches

package.json

@@ -1,6 +1,6 @@
 {
   "name": "pouchdb-session-authentication",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Plugin that forces session authentication for PouchDb http adapter",
   "main": "src/index.js",
   "scripts": {

src/index.js

@@ -33,13 +33,6 @@ const parseCookie = (response) => {
   };
 };
 
-const getExistingSession = (db) => {
-  const urlString = getSessionKey(db);
-  if (sessions[urlString] && !isExpired(sessions[urlString])) {
-    return sessions[urlString];
-  }
-};
-
 const getSessionKey = (db) => {
   const sessionUrl = getSessionUrl(db);
   return `${db.credentials.username}:${db.credentials.password}:${sessionUrl}`;
@@ -60,24 +53,33 @@ const authenticate = async (db) => {
 
   const body = JSON.stringify({ name: db.credentials.username, password: db.credentials.password});
   const response = await db.originalFetch(url.toString(), { method: 'POST', headers, body });
-  updateSession(db, response);
+  return updateSession(db, response);
 };
 
 const updateSession = (db, response) => {
   const session = parseCookie(response);
   if (session) {
-    const url = getSessionKey(db);
-    sessions[url] = session;
+    const sessionKey = getSessionKey(db);
+    sessions[sessionKey] = session;
+    return session;
   }
 };
 
 const invalidateSession = db => {
-  const url = getSessionKey(db);
-  delete sessions[url];
+  const sessionKey = getSessionKey(db);
+  delete sessions[sessionKey];
 };
 
-const isExpired = (session) => {
-  return Date.now() > session.expires;
+const getSession = async (db) => {
+  const sessionKey = getSessionKey(db);
+  const session = sessions[sessionKey];
+
+  if (session) {
+    return session;
+  }
+
+  sessions[sessionKey] = authenticate(db);
+  return sessions[sessionKey];
 };
 
 const extractAuth = (opts) => {
@@ -96,6 +98,20 @@ const extractAuth = (opts) => {
   };
 };
 
+const validateSession = (db, session) => {
+  if (!session || !session.expires) {
+    return;
+  }
+
+  const isExpired =  Date.now() > session.expires;
+  if (isExpired) {
+    invalidateSession(db);
+    return getSession(db);
+  }
+
+  return session;
+};
+
 // eslint-disable-next-line func-style
 function wrapAdapter (PouchDB, HttpPouch) {
   // eslint-disable-next-line func-style
@@ -108,11 +124,7 @@ function wrapAdapter (PouchDB, HttpPouch) {
 
     db.originalFetch = db.fetch || PouchDB.fetch;
     db.fetch = async (url, opts = {}) => {
-      let session = getExistingSession(db);
-      if (!session) {
-        await authenticate(db);
-        session = getExistingSession(db);
-      }
+      const session = await validateSession(db, await getSession(db));
 
       if (session) {
         opts.headers = opts.headers || new Headers();

test/integration/index.spec.js

@@ -143,5 +143,24 @@ describe(`integration with ${authType}`, function () {
     const logs = await collectLogs(1000);
     expect(utils.getSessionRequests(logs).length).to.equal(1);
   });
+
+  it('should only request session once for concurrent requests', async () => {
+    const auth = { username: tempAdminName, password: 'new_password' };
+    await utils.createAdmin(auth.username, auth.password);
+    await utils.createDb(tempDbName);
+
+    tempDb = getDb(tempDbName, auth, authType);
+    const collectLogs = await utils.getDockerContainerLogs();
+    await Promise.all([
+      tempDb.allDocs(),
+      tempDb.allDocs(),
+      tempDb.allDocs(),
+      tempDb.allDocs(),
+      tempDb.allDocs(),
+    ]);
+
+    const logs = await collectLogs();
+    expect(utils.getSessionRequests(logs).length).to.equal(1);
+  });
 });
 

test/unit/index.spec.js

@@ -289,6 +289,55 @@ describe('Pouchdb Session authentication plugin', () => {
         { headers: new Headers({ 'Cookie': 'AuthSession=user2session' }) }
       ]);
     });
+
+    it('should only request session once for concurrent requests', async () => {
+      db = { name: 'http://admin:pass@localhost:5984/mydb' };
+      plugin(PoudhDb);
+      PoudhDb.adapters.http(db);
+
+      fetch.resolves({ ok: true, status: 200 });
+      fetch.withArgs('http://admin:pass@localhost:5984/_session').resolves({
+        ok: true,
+        status: 200,
+        headers: new Headers({ 'set-cookie': getSession('theonetruesession') })
+      });
+
+      await Promise.all([
+        db.fetch('randomUrl1'),
+        db.fetch('randomUrl2'),
+        db.fetch('randomUrl3'),
+        db.fetch('randomUrl4'),
+      ]);
+
+      expect(fetch.callCount).to.equal(5);
+      expect(fetch.args[0]).to.deep.equal([
+        'http://admin:pass@localhost:5984/_session',
+        {
+          method: 'POST',
+          headers: new Headers({
+            'Content-Type': 'application/json',
+            'Accept': 'application/json',
+          }),
+          body: JSON.stringify({ name: 'admin', password: 'pass' }),
+        }
+      ]);
+      expect(fetch.args[1]).to.deep.equal([
+        'randomUrl1',
+        { headers: new Headers({ 'Cookie': 'AuthSession=theonetruesession' }) }
+      ]);
+      expect(fetch.args[2]).to.deep.equal([
+        'randomUrl2',
+        { headers: new Headers({ 'Cookie': 'AuthSession=theonetruesession' }) }
+      ]);
+      expect(fetch.args[3]).to.deep.equal([
+        'randomUrl3',
+        { headers: new Headers({ 'Cookie': 'AuthSession=theonetruesession' }) }
+      ]);
+      expect(fetch.args[4]).to.deep.equal([
+        'randomUrl4',
+        { headers: new Headers({ 'Cookie': 'AuthSession=theonetruesession' }) }
+      ]);
+    });
 
     it('should update the session if server responds with new cookie', async () => {
       db = { name: 'http://admin:pass@localhost:5984/mydb' };