From 230b2a931f17c2d5f65cea4f839d6348a7e90efd Mon Sep 17 00:00:00 2001
From: Hoang Vo <dev+g@hvvo.dev>
Date: Sun, 19 Sep 2021 23:24:41 +0700
Subject: [PATCH] Replace express-session with next-session

---
 .env.example                   | 1 -
 README.md                      | 5 ++---
 api-lib/middlewares/auth.js    | 8 ++++----
 api-lib/middlewares/session.js | 9 ++-------
 package.json                   | 1 +
 5 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/.env.example b/.env.example
index 9b2e284..5e948cb 100644
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,4 @@
 WEB_URI=http://localhost:3000
 MONGODB_URI=mongodb+srv://testuser:dontreusethis@cluster0-gc0a7.mongodb.net/nextjsmongodbapp
-SESSION_SECRET=keyboard cat
 CLOUDINARY_URL=cloudinary://741947492169653:vkyuRmZ3EbSULnkfXJdtSqwhURw@dbplcha6k
 NODEMAILER_CONFIG={"service":"Yandex","auth":{"user":"hoangvvo.fake.dev@yandex.ru","pass":"cfpnbpilyraudeaa"}}
\ No newline at end of file
diff --git a/README.md b/README.md
index 9184254..81b2027 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 <div align="center">
   
-[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fhoangvvo%2Fnextjs-mongodb-app&env=MONGODB_URI,CLOUDINARY_URL,NODEMAILER_CONFIG,WEB_URI,SESSION_SECRET&envDescription=Environment%20Variables&envLink=https%3A%2F%2Fgithub.com%2Fhoangvvo%2Fnextjs-mongodb-app%23environmental-variables&demo-title=nextjs-mongodb-app%20demo&demo-description=A%20demo%20deployed%20on%20Vercel&demo-url=https%3A%2F%2Fnextjs-mongodb.vercel.app%2F)
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fhoangvvo%2Fnextjs-mongodb-app&env=MONGODB_URI,CLOUDINARY_URL,NODEMAILER_CONFIG,WEB_URI&envDescription=Environment%20Variables&envLink=https%3A%2F%2Fgithub.com%2Fhoangvvo%2Fnextjs-mongodb-app%23environmental-variables&demo-title=nextjs-mongodb-app%20demo&demo-description=A%20demo%20deployed%20on%20Vercel&demo-url=https%3A%2F%2Fnextjs-mongodb.vercel.app%2F)
 
 An [**Next.js**](https://github.com/zeit/next.js/) and [**MongoDB**](https://www.mongodb.com/) web application, designed with simplicity for learning and real-world applicability in mind.
 
@@ -90,7 +90,7 @@ This project uses the following dependencies:
 - `mongodb` - may be replaced by `mongoose`.
 - `passport`, `passport-local` - required after [#39](https://github.com/hoangvvo/nextjs-mongodb-app/pull/39) for authentication
 - `next-connect` - recommended if you want to use Express/Connect middleware and easier method routing.
-- `express-session`, `connect-mongo` - required for session, may be replaced with other session libraries such as `cookie-session` or `next-iron-session`.
+- `next-session`, `connect-mongo` - required for session, may be replaced with other session libraries such as `cookie-session`, `next-iron-session`, or `express-session` (`express-session` is observed not to work properly on Next.js 11+).
 - `bcryptjs` - optional, may be replaced with any password-hashing library. `argon2` recommended.
 - `validator` - optional but recommended.
 - `multer` - may be replaced with any middleware that handles `multipart/form-data`
@@ -102,7 +102,6 @@ Environmental variables in this project include:
 
 - `MONGODB_URI` The MongoDB Connection String (with credentials and database name)
 - `WEB_URI` The _URL_ of your web.
-- `SESSION_SECRET` (only if you use `express-session`) The secret to be used in `express-session`.
 - `CLOUDINARY_URL` (optional, Cloudinary **only**) Cloudinary environment variable for configuration. See [this](https://cloudinary.com/documentation/node_integration#configuration).
 - `NODEMAILER_CONFIG` (optional, if using nodemailer **only**) JSON stringified nodemailer config. See `.env.example`.
 
diff --git a/api-lib/middlewares/auth.js b/api-lib/middlewares/auth.js
index 83acbcb..85b0adc 100644
--- a/api-lib/middlewares/auth.js
+++ b/api-lib/middlewares/auth.js
@@ -1,7 +1,7 @@
-import { passport } from "@/api-lib/auth";
-import { ncOpts } from "@/api-lib/nc";
-import nc from "next-connect";
-import session from "./session";
+import { passport } from '@/api-lib/auth';
+import { ncOpts } from '@/api-lib/nc';
+import nc from 'next-connect';
+import session from './session';
 
 const auth = nc(ncOpts)
   .use(session)
diff --git a/api-lib/middlewares/session.js b/api-lib/middlewares/session.js
index 5554fbc..da09289 100644
--- a/api-lib/middlewares/session.js
+++ b/api-lib/middlewares/session.js
@@ -1,15 +1,10 @@
 import MongoStore from 'connect-mongo';
-import expressSession from 'express-session';
+import { session as nextSession } from 'next-session';
 
 export default function session(req, res, next) {
   const mongoStore = MongoStore.create({
     client: req.dbClient,
     stringify: false,
   });
-  return expressSession({
-    secret: process.env.SESSION_SECRET,
-    resave: false,
-    saveUninitialized: false,
-    store: mongoStore,
-  })(req, res, next);
+  return nextSession({ store: mongoStore })(req, res, next);
 }
diff --git a/package.json b/package.json
index fc32eca..e4d9d85 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,7 @@
     "nanoid": "^3.1.25",
     "next": "^11.1.2",
     "next-connect": "^0.10.2",
+    "next-session": "^3.4.1",
     "nodemailer": "^6.6.3",
     "passport": "^0.4.1",
     "passport-local": "^1.0.0",