1
0
mirror of https://github.com/fafhrd91/actix-web synced 2024-11-29 02:04:24 +01:00
actix-web/src/middleware/session.rs

440 lines
13 KiB
Rust
Raw Normal View History

2017-11-25 18:52:32 +01:00
use std::rc::Rc;
use std::sync::Arc;
2017-12-09 13:33:40 +01:00
use std::marker::PhantomData;
2017-11-27 02:30:35 +01:00
use std::collections::HashMap;
2017-11-25 18:52:32 +01:00
use serde_json;
2017-11-27 02:30:35 +01:00
use serde_json::error::Error as JsonError;
2017-11-25 18:52:32 +01:00
use serde::{Serialize, Deserialize};
use http::header::{self, HeaderValue};
use cookie::{CookieJar, Cookie, Key};
use futures::Future;
use futures::future::{FutureResult, ok as FutOk, err as FutErr};
use error::{Result, Error, ResponseError};
2017-11-25 18:52:32 +01:00
use httprequest::HttpRequest;
use httpresponse::HttpResponse;
2017-12-27 04:59:41 +01:00
use middleware::{Middleware, Started, Response};
2017-11-25 18:52:32 +01:00
/// The helper trait to obtain your session data from a request.
2017-12-20 01:09:19 +01:00
///
/// ```rust
/// use actix_web::*;
2017-12-27 04:59:41 +01:00
/// use actix_web::middleware::RequestSession;
2017-12-20 01:09:19 +01:00
///
/// fn index(mut req: HttpRequest) -> Result<&'static str> {
/// // access session data
/// if let Some(count) = req.session().get::<i32>("counter")? {
/// req.session().set("counter", count+1)?;
/// } else {
/// req.session().set("counter", 1)?;
/// }
///
/// Ok("Welcome!")
/// }
/// # fn main() {}
/// ```
2017-11-25 18:52:32 +01:00
pub trait RequestSession {
fn session(&mut self) -> Session;
}
impl<S> RequestSession for HttpRequest<S> {
2017-11-25 18:52:32 +01:00
fn session(&mut self) -> Session {
if let Some(s_impl) = self.extensions().get_mut::<Arc<SessionImplBox>>() {
if let Some(s) = Arc::get_mut(s_impl) {
return Session(s.0.as_mut())
}
}
Session(unsafe{&mut DUMMY})
2017-11-25 18:52:32 +01:00
}
}
/// The high-level interface you use to modify session data.
///
/// Session object could be obtained with
/// [`RequestSession::session`](trait.RequestSession.html#tymethod.session)
/// method. `RequestSession` trait is implemented for `HttpRequest`.
2017-12-20 00:44:25 +01:00
///
/// ```rust
/// use actix_web::*;
2017-12-27 04:59:41 +01:00
/// use actix_web::middleware::RequestSession;
2017-12-20 00:44:25 +01:00
///
/// fn index(mut req: HttpRequest) -> Result<&'static str> {
/// // access session data
/// if let Some(count) = req.session().get::<i32>("counter")? {
/// req.session().set("counter", count+1)?;
/// } else {
/// req.session().set("counter", 1)?;
/// }
///
/// Ok("Welcome!")
/// }
/// # fn main() {}
/// ```
2017-11-25 18:52:32 +01:00
pub struct Session<'a>(&'a mut SessionImpl);
impl<'a> Session<'a> {
/// Get a `value` from the session.
pub fn get<T: Deserialize<'a>>(&'a self, key: &str) -> Result<Option<T>> {
if let Some(s) = self.0.get(key) {
Ok(Some(serde_json::from_str(s)?))
} else {
Ok(None)
}
}
/// Set a `value` from the session.
2018-02-28 20:35:26 +01:00
pub fn set<T: Serialize>(&mut self, key: &str, value: T) -> Result<()> {
2017-11-25 18:52:32 +01:00
self.0.set(key, serde_json::to_string(&value)?);
Ok(())
}
/// Remove value from the session.
pub fn remove(&'a mut self, key: &str) {
self.0.remove(key)
}
/// Clear the session.
pub fn clear(&'a mut self) {
self.0.clear()
}
}
struct SessionImplBox(Box<SessionImpl>);
#[doc(hidden)]
unsafe impl Send for SessionImplBox {}
#[doc(hidden)]
unsafe impl Sync for SessionImplBox {}
/// Session storage middleware
2017-12-20 00:44:25 +01:00
///
/// ```rust
/// # extern crate actix;
/// # extern crate actix_web;
2018-03-31 09:16:55 +02:00
/// use actix_web::App;
/// use actix_web::middleware::{SessionStorage, CookieSessionBackend};
2017-12-20 00:44:25 +01:00
///
/// fn main() {
2018-03-31 09:16:55 +02:00
/// let app = App::new().middleware(
2017-12-27 04:59:41 +01:00
/// SessionStorage::new( // <- create session middleware
2017-12-20 01:09:19 +01:00
/// CookieSessionBackend::build(&[0; 32]) // <- create cookie session backend
/// .secure(false)
/// .finish())
2017-12-20 00:44:25 +01:00
/// );
/// }
/// ```
2017-12-09 13:33:40 +01:00
pub struct SessionStorage<T, S>(T, PhantomData<S>);
2017-11-25 18:52:32 +01:00
2017-12-09 13:33:40 +01:00
impl<S, T: SessionBackend<S>> SessionStorage<T, S> {
2017-11-25 18:52:32 +01:00
/// Create session storage
2017-12-09 13:33:40 +01:00
pub fn new(backend: T) -> SessionStorage<T, S> {
SessionStorage(backend, PhantomData)
2017-11-25 18:52:32 +01:00
}
}
2017-12-09 13:33:40 +01:00
impl<S: 'static, T: SessionBackend<S>> Middleware<S> for SessionStorage<T, S> {
2017-11-25 18:52:32 +01:00
2018-01-10 07:48:35 +01:00
fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
2017-11-27 06:47:33 +01:00
let mut req = req.clone();
2017-11-25 18:52:32 +01:00
let fut = self.0.from_request(&mut req)
2017-11-27 06:47:33 +01:00
.then(move |res| {
2017-11-25 18:52:32 +01:00
match res {
Ok(sess) => {
req.extensions().insert(Arc::new(SessionImplBox(Box::new(sess))));
2017-11-27 06:47:33 +01:00
FutOk(None)
2017-11-25 18:52:32 +01:00
},
Err(err) => FutErr(err)
}
});
2018-01-10 07:48:35 +01:00
Ok(Started::Future(Box::new(fut)))
2017-11-25 18:52:32 +01:00
}
2018-01-10 07:48:35 +01:00
fn response(&self, req: &mut HttpRequest<S>, resp: HttpResponse) -> Result<Response> {
2017-11-25 18:52:32 +01:00
if let Some(s_box) = req.extensions().remove::<Arc<SessionImplBox>>() {
s_box.0.write(resp)
} else {
2018-01-10 07:48:35 +01:00
Ok(Response::Done(resp))
2017-11-25 18:52:32 +01:00
}
}
}
/// A simple key-value storage interface that is internally used by `Session`.
#[doc(hidden)]
pub trait SessionImpl: 'static {
fn get(&self, key: &str) -> Option<&str>;
fn set(&mut self, key: &str, value: String);
fn remove(&mut self, key: &str);
fn clear(&mut self);
/// Write session to storage backend.
2018-01-10 07:48:35 +01:00
fn write(&self, resp: HttpResponse) -> Result<Response>;
2017-11-25 18:52:32 +01:00
}
/// Session's storage backend trait definition.
#[doc(hidden)]
2017-12-09 13:33:40 +01:00
pub trait SessionBackend<S>: Sized + 'static {
2017-11-25 18:52:32 +01:00
type Session: SessionImpl;
type ReadFuture: Future<Item=Self::Session, Error=Error>;
/// Parse the session from request and load data from a storage backend.
2017-12-09 13:33:40 +01:00
fn from_request(&self, request: &mut HttpRequest<S>) -> Self::ReadFuture;
2017-11-25 18:52:32 +01:00
}
/// Dummy session impl, does not do anything
struct DummySessionImpl;
static mut DUMMY: DummySessionImpl = DummySessionImpl;
2017-11-25 18:52:32 +01:00
impl SessionImpl for DummySessionImpl {
fn get(&self, _: &str) -> Option<&str> { None }
fn set(&mut self, _: &str, _: String) {}
fn remove(&mut self, _: &str) {}
2017-11-25 18:52:32 +01:00
fn clear(&mut self) {}
2018-01-10 07:48:35 +01:00
fn write(&self, resp: HttpResponse) -> Result<Response> {
Ok(Response::Done(resp))
2017-11-25 18:52:32 +01:00
}
}
/// Session that uses signed cookies as session storage
pub struct CookieSession {
2017-11-27 02:30:35 +01:00
changed: bool,
state: HashMap<String, String>,
inner: Rc<CookieSessionInner>,
}
2018-01-15 22:47:25 +01:00
/// Errors that can occur during handling cookie session
2017-11-27 02:30:35 +01:00
#[derive(Fail, Debug)]
pub enum CookieSessionError {
/// Size of the serialized session is greater than 4000 bytes.
#[fail(display="Size of the serialized session is greater than 4000 bytes.")]
Overflow,
/// Fail to serialize session.
#[fail(display="Fail to serialize session")]
Serialize(JsonError),
2017-11-25 18:52:32 +01:00
}
impl ResponseError for CookieSessionError {}
2017-11-27 02:30:35 +01:00
2017-11-25 18:52:32 +01:00
impl SessionImpl for CookieSession {
fn get(&self, key: &str) -> Option<&str> {
2017-11-27 02:30:35 +01:00
if let Some(s) = self.state.get(key) {
Some(s)
} else {
None
}
2017-11-25 18:52:32 +01:00
}
fn set(&mut self, key: &str, value: String) {
2017-11-27 02:30:35 +01:00
self.changed = true;
self.state.insert(key.to_owned(), value);
2017-11-25 18:52:32 +01:00
}
fn remove(&mut self, key: &str) {
2017-11-27 02:30:35 +01:00
self.changed = true;
self.state.remove(key);
2017-11-25 18:52:32 +01:00
}
fn clear(&mut self) {
2017-11-27 02:30:35 +01:00
self.changed = true;
self.state.clear()
2017-11-25 18:52:32 +01:00
}
2018-01-10 07:48:35 +01:00
fn write(&self, mut resp: HttpResponse) -> Result<Response> {
2017-11-27 02:30:35 +01:00
if self.changed {
let _ = self.inner.set_cookie(&mut resp, &self.state);
2017-11-25 18:52:32 +01:00
}
2018-01-10 07:48:35 +01:00
Ok(Response::Done(resp))
2017-11-25 18:52:32 +01:00
}
}
2017-11-27 02:30:35 +01:00
struct CookieSessionInner {
key: Key,
name: String,
path: String,
domain: Option<String>,
secure: bool,
}
impl CookieSessionInner {
fn new(key: &[u8]) -> CookieSessionInner {
CookieSessionInner {
key: Key::from_master(key),
2017-12-29 10:01:31 +01:00
name: "actix-session".to_owned(),
2017-11-27 02:30:35 +01:00
path: "/".to_owned(),
domain: None,
2017-11-29 18:17:00 +01:00
secure: true }
2017-11-27 02:30:35 +01:00
}
fn set_cookie(&self, resp: &mut HttpResponse, state: &HashMap<String, String>) -> Result<()> {
let value = serde_json::to_string(&state)
.map_err(CookieSessionError::Serialize)?;
if value.len() > 4064 {
return Err(CookieSessionError::Overflow.into())
}
let mut cookie = Cookie::new(self.name.clone(), value);
cookie.set_path(self.path.clone());
cookie.set_secure(self.secure);
2017-11-29 18:17:00 +01:00
cookie.set_http_only(true);
2017-11-27 02:30:35 +01:00
if let Some(ref domain) = self.domain {
cookie.set_domain(domain.clone());
}
let mut jar = CookieJar::new();
jar.signed(&self.key).add(cookie);
for cookie in jar.delta() {
let val = HeaderValue::from_str(&cookie.to_string())?;
resp.headers_mut().append(header::SET_COOKIE, val);
}
Ok(())
}
2017-12-09 13:33:40 +01:00
fn load<S>(&self, req: &mut HttpRequest<S>) -> HashMap<String, String> {
2017-12-08 03:00:20 +01:00
if let Ok(cookies) = req.cookies() {
2017-11-27 02:30:35 +01:00
for cookie in cookies {
if cookie.name() == self.name {
let mut jar = CookieJar::new();
jar.add_original(cookie.clone());
if let Some(cookie) = jar.signed(&self.key).get(&self.name) {
if let Ok(val) = serde_json::from_str(cookie.value()) {
return val;
}
}
}
}
}
HashMap::new()
}
}
2017-11-25 18:52:32 +01:00
/// Use signed cookies as session storage.
///
2017-11-27 02:30:35 +01:00
/// `CookieSessionBackend` creates sessions which are limited to storing
/// fewer than 4000 bytes of data (as the payload must fit into a single cookie).
/// Internal server error get generated if session contains more than 4000 bytes.
///
2017-11-25 18:52:32 +01:00
/// You need to pass a random value to the constructor of `CookieSessionBackend`.
/// This is private key for cookie session, When this value is changed, all session data is lost.
///
/// Note that whatever you write into your session is visible by the user (but not modifiable).
///
/// Constructor panics if key length is less than 32 bytes.
2017-11-27 02:30:35 +01:00
pub struct CookieSessionBackend(Rc<CookieSessionInner>);
2017-11-25 18:52:32 +01:00
impl CookieSessionBackend {
/// Construct new `CookieSessionBackend` instance.
///
/// Panics if key length is less than 32 bytes.
2017-11-27 02:30:35 +01:00
pub fn new(key: &[u8]) -> CookieSessionBackend {
CookieSessionBackend(
Rc::new(CookieSessionInner::new(key)))
}
/// Creates a new `CookieSessionBackendBuilder` instance from the given key.
///
/// Panics if key length is less than 32 bytes.
///
/// # Example
///
/// ```
2017-12-27 04:59:41 +01:00
/// use actix_web::middleware::CookieSessionBackend;
2017-11-27 02:30:35 +01:00
///
/// let backend = CookieSessionBackend::build(&[0; 32]).finish();
/// ```
pub fn build(key: &[u8]) -> CookieSessionBackendBuilder {
CookieSessionBackendBuilder::new(key)
2017-11-25 18:52:32 +01:00
}
}
2017-12-09 13:33:40 +01:00
impl<S> SessionBackend<S> for CookieSessionBackend {
2017-11-25 18:52:32 +01:00
type Session = CookieSession;
type ReadFuture = FutureResult<CookieSession, Error>;
2017-12-09 13:33:40 +01:00
fn from_request(&self, req: &mut HttpRequest<S>) -> Self::ReadFuture {
2017-11-27 02:30:35 +01:00
let state = self.0.load(req);
FutOk(
CookieSession {
changed: false,
inner: Rc::clone(&self.0),
2018-02-26 23:33:56 +01:00
state,
2017-11-27 02:30:35 +01:00
})
}
}
/// Structure that follows the builder pattern for building `CookieSessionBackend` structs.
///
/// To construct a backend:
///
/// 1. Call [`CookieSessionBackend::build`](struct.CookieSessionBackend.html#method.build) to start building.
/// 2. Use any of the builder methods to set fields in the backend.
/// 3. Call [finish](#method.finish) to retrieve the constructed backend.
///
/// # Example
///
/// ```rust
/// # extern crate actix_web;
2017-12-27 04:59:41 +01:00
/// use actix_web::middleware::CookieSessionBackend;
2017-11-27 02:30:35 +01:00
///
/// # fn main() {
/// let backend: CookieSessionBackend = CookieSessionBackend::build(&[0; 32])
/// .domain("www.rust-lang.org")
2017-12-28 13:02:46 +01:00
/// .name("actix_session")
2017-11-27 02:30:35 +01:00
/// .path("/")
/// .secure(true)
/// .finish();
/// # }
/// ```
pub struct CookieSessionBackendBuilder(CookieSessionInner);
impl CookieSessionBackendBuilder {
pub fn new(key: &[u8]) -> CookieSessionBackendBuilder {
CookieSessionBackendBuilder(
CookieSessionInner::new(key))
}
/// Sets the `path` field in the session cookie being built.
pub fn path<S: Into<String>>(mut self, value: S) -> CookieSessionBackendBuilder {
self.0.path = value.into();
self
}
2017-12-28 13:02:46 +01:00
/// Sets the `name` field in the session cookie being built.
pub fn name<S: Into<String>>(mut self, value: S) -> CookieSessionBackendBuilder {
self.0.name = value.into();
self
}
2017-11-27 02:30:35 +01:00
/// Sets the `domain` field in the session cookie being built.
pub fn domain<S: Into<String>>(mut self, value: S) -> CookieSessionBackendBuilder {
self.0.domain = Some(value.into());
self
}
/// Sets the `secure` field in the session cookie being built.
pub fn secure(mut self, value: bool) -> CookieSessionBackendBuilder {
self.0.secure = value;
self
}
/// Finishes building and returns the built `CookieSessionBackend`.
pub fn finish(self) -> CookieSessionBackend {
CookieSessionBackend(Rc::new(self.0))
2017-11-25 18:52:32 +01:00
}
}