1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-25 00:12:59 +01:00
actix-extras/src/middlewares/session.rs

229 lines
6.1 KiB
Rust
Raw Normal View History

2017-11-25 18:52:32 +01:00
#![allow(dead_code, unused_imports, unused_variables)]
use std::any::Any;
use std::rc::Rc;
use std::sync::Arc;
use serde_json;
use serde::{Serialize, Deserialize};
use http::header::{self, HeaderValue};
use cookie::{CookieJar, Cookie, Key};
use futures::Future;
use futures::future::{FutureResult, ok as FutOk, err as FutErr};
use error::{Result, Error, ErrorResponse};
use httprequest::HttpRequest;
use httpresponse::HttpResponse;
use middlewares::{Middleware, Started, Response};
/// The helper trait to obtain your session data from a request.
pub trait RequestSession {
fn session(&mut self) -> Session;
}
impl RequestSession for HttpRequest {
fn session(&mut self) -> Session {
if let Some(s_impl) = self.extensions().get_mut::<Arc<SessionImplBox>>() {
if let Some(s) = Arc::get_mut(s_impl) {
return Session(s.0.as_mut())
}
}
//Session(&mut DUMMY)
unreachable!()
}
}
/// The high-level interface you use to modify session data.
///
/// Session object could be obtained with
/// [`RequestSession::session`](trait.RequestSession.html#tymethod.session)
/// method. `RequestSession` trait is implemented for `HttpRequest`.
pub struct Session<'a>(&'a mut SessionImpl);
impl<'a> Session<'a> {
/// Get a `value` from the session.
pub fn get<T: Deserialize<'a>>(&'a self, key: &str) -> Result<Option<T>> {
if let Some(s) = self.0.get(key) {
Ok(Some(serde_json::from_str(s)?))
} else {
Ok(None)
}
}
/// Set a `value` from the session.
pub fn set<T: Serialize>(&'a mut self, key: &str, value: T) -> Result<()> {
self.0.set(key, serde_json::to_string(&value)?);
Ok(())
}
/// Remove value from the session.
pub fn remove(&'a mut self, key: &str) {
self.0.remove(key)
}
/// Clear the session.
pub fn clear(&'a mut self) {
self.0.clear()
}
}
struct SessionImplBox(Box<SessionImpl>);
#[doc(hidden)]
unsafe impl Send for SessionImplBox {}
#[doc(hidden)]
unsafe impl Sync for SessionImplBox {}
/// Session storage middleware
pub struct SessionStorage<T>(T);
impl<T: SessionBackend> SessionStorage<T> {
/// Create session storage
pub fn new(backend: T) -> SessionStorage<T> {
SessionStorage(backend)
}
}
impl<T: SessionBackend> Middleware for SessionStorage<T> {
fn start(&self, mut req: HttpRequest) -> Started {
let fut = self.0.from_request(&mut req)
.then(|res| {
match res {
Ok(sess) => {
req.extensions().insert(Arc::new(SessionImplBox(Box::new(sess))));
let resp: Option<HttpResponse> = None;
FutOk((req, resp))
},
Err(err) => FutErr(err)
}
});
Started::Future(Box::new(fut))
}
fn response(&self, req: &mut HttpRequest, resp: HttpResponse) -> Response {
if let Some(s_box) = req.extensions().remove::<Arc<SessionImplBox>>() {
s_box.0.write(resp)
} else {
2017-11-25 19:24:45 +01:00
Response::Done(resp)
2017-11-25 18:52:32 +01:00
}
}
}
/// A simple key-value storage interface that is internally used by `Session`.
#[doc(hidden)]
pub trait SessionImpl: 'static {
fn get(&self, key: &str) -> Option<&str>;
fn set(&mut self, key: &str, value: String);
fn remove(&mut self, key: &str);
fn clear(&mut self);
/// Write session to storage backend.
fn write(&self, resp: HttpResponse) -> Response;
}
/// Session's storage backend trait definition.
#[doc(hidden)]
pub trait SessionBackend: Sized + 'static {
type Session: SessionImpl;
type ReadFuture: Future<Item=Self::Session, Error=Error>;
/// Parse the session from request and load data from a storage backend.
fn from_request(&self, request: &mut HttpRequest) -> Self::ReadFuture;
}
/// Dummy session impl, does not do anything
struct DummySessionImpl;
static DUMMY: DummySessionImpl = DummySessionImpl;
impl SessionImpl for DummySessionImpl {
fn get(&self, key: &str) -> Option<&str> {
None
}
fn set(&mut self, key: &str, value: String) {}
fn remove(&mut self, key: &str) {}
fn clear(&mut self) {}
fn write(&self, resp: HttpResponse) -> Response {
2017-11-25 19:24:45 +01:00
Response::Done(resp)
2017-11-25 18:52:32 +01:00
}
}
/// Session that uses signed cookies as session storage
pub struct CookieSession {
jar: CookieJar,
key: Rc<Key>,
}
impl SessionImpl for CookieSession {
fn get(&self, key: &str) -> Option<&str> {
unimplemented!()
}
fn set(&mut self, key: &str, value: String) {
unimplemented!()
}
fn remove(&mut self, key: &str) {
unimplemented!()
}
fn clear(&mut self) {
2017-11-25 19:24:45 +01:00
let cookies: Vec<_> = self.jar.iter().cloned().collect();
2017-11-25 18:52:32 +01:00
for cookie in cookies {
self.jar.remove(cookie);
}
}
fn write(&self, mut resp: HttpResponse) -> Response {
for cookie in self.jar.delta() {
match HeaderValue::from_str(&cookie.to_string()) {
2017-11-25 19:24:45 +01:00
Err(err) => return Response::Err(err.into()),
2017-11-25 18:52:32 +01:00
Ok(val) => resp.headers.append(header::SET_COOKIE, val),
};
}
2017-11-25 19:24:45 +01:00
Response::Done(resp)
2017-11-25 18:52:32 +01:00
}
}
/// Use signed cookies as session storage.
///
/// You need to pass a random value to the constructor of `CookieSessionBackend`.
/// This is private key for cookie session, When this value is changed, all session data is lost.
///
/// Note that whatever you write into your session is visible by the user (but not modifiable).
///
/// Constructor panics if key length is less than 32 bytes.
pub struct CookieSessionBackend {
key: Rc<Key>,
}
impl CookieSessionBackend {
/// Construct new `CookieSessionBackend` instance.
///
/// Panics if key length is less than 32 bytes.
pub fn new(key: &[u8]) -> Self {
CookieSessionBackend {
key: Rc::new(Key::from_master(key)),
}
}
}
impl SessionBackend for CookieSessionBackend {
type Session = CookieSession;
type ReadFuture = FutureResult<CookieSession, Error>;
fn from_request(&self, req: &mut HttpRequest) -> Self::ReadFuture {
unimplemented!()
}
}