aws-sessionstore-dynamodb 0.5.0

data/lib/aws/session_store/dynamo_db/locking/pessimistic.rb

@@ -0,0 +1,160 @@
+# Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+
+module AWS::SessionStore::DynamoDB::Locking
+  # This class implements a pessimistic locking strategy for the
+  # DynamoDB session handler. Sessions obtain an exclusive lock
+  # for reads that is only released when the session is saved.
+  class Pessimistic < AWS::SessionStore::DynamoDB::Locking::Base
+    WAIT_ERROR =
+
+    # Saves the session.
+    def set_session_data(env, sid, session, options = {})
+      super(env, sid, session, set_lock_options(env, options))
+    end
+
+    # Gets session from database and places a lock on the session
+    # while you are reading from the database.
+    def get_session_data(env, sid)
+      handle_error(env) do
+        get_session_with_lock(env, sid)
+      end
+    end
+
+    private
+
+    # Get session with implemented locking strategy.
+    def get_session_with_lock(env, sid)
+      expires_at = nil
+      result = nil
+      max_attempt_date = Time.now.to_f + @config.lock_max_wait_time
+      while result.nil?
+        exceeded_wait_time?(max_attempt_date)
+        begin
+          result = attempt_set_lock(sid)
+        rescue AWS::DynamoDB::Errors::ConditionalCheckFailedException
+          expires_at ||= get_expire_date(sid)
+          next if expires_at.nil?
+          result = bust_lock(sid, expires_at)
+          wait_to_retry(result)
+        end
+      end
+      get_data(env, result)
+    end
+
+    # Determine if session has waited too long to obtain lock.
+    #
+    # @raise [Error] When time for attempting to get lock has
+    #   been exceeded.
+    def exceeded_wait_time?(max_attempt_date)
+      lock_error = AWS::SessionStore::DynamoDB::LockWaitTimeoutError
+      raise lock_error if Time.now.to_f > max_attempt_date
+    end
+
+    # @return [Hash] Options hash for placing a lock on a session.
+    def get_lock_time_opts(sid)
+      merge_all(table_opts(sid), lock_opts)
+    end
+
+    # @return [Time] Time stamp for which the session was locked.
+    def lock_time(sid)
+      result = @config.dynamo_db_client.get_item(get_lock_time_opts(sid))
+      (result[:item]["locked_at"][:n]).to_f if result[:item]["locked_at"]
+    end
+
+    # @return [String] Session data.
+    def get_data(env, result)
+      lock_time = result[:attributes]["locked_at"][:n]
+      env["locked_at"] = (lock_time).to_f
+      env['rack.initial_data'] = result[:item]["data"][:s] if result[:item]
+      unpack_data(result[:attributes]["data"][:s])
+    end
+
+    # Attempt to bust the lock if the expiration date has expired.
+    def bust_lock(sid, expires_at)
+      if expires_at < Time.now.to_f
+        @config.dynamo_db_client.update_item(obtain_lock_opts(sid))
+      end
+    end
+
+    # @return [Hash] Options hash for obtaining the lock.
+    def obtain_lock_opts(sid, add_opt = {})
+      merge_all(table_opts(sid), lock_attr, add_opt)
+    end
+
+    # Sleep for given time period if the session is currently locked.
+    def wait_to_retry(result)
+      sleep(0.001 * @config.lock_retry_delay) if result.nil?
+    end
+
+    # Get the expiration date for the session
+    def get_expire_date(sid)
+      lock_date = lock_time(sid)
+      lock_date + (0.001 * @config.lock_expiry_time) if lock_date
+    end
+
+    # Attempt to place a lock on the session.
+    def attempt_set_lock(sid)
+      @config.dynamo_db_client.update_item(obtain_lock_opts(sid, lock_expect))
+    end
+
+    # Lock attribute - time stamp of when session was locked.
+    def lock_attr
+      {
+        :attribute_updates => {"locked_at" => updated_at},
+        :return_values => "ALL_NEW"
+      }
+    end
+
+    # Time in which session was updated.
+    def updated_at
+      { :value => {:n => "#{(Time.now).to_f}"}, :action  => "PUT" }
+    end
+
+    # Attributes for locking.
+    def add_lock_attrs(env)
+      {
+        :add_attrs => add_attr, :expect_attr => expect_lock_time(env)
+      }
+    end
+
+    # Lock options for setting lock.
+    def set_lock_options(env, options = {})
+      merge_all(options, add_lock_attrs(env))
+    end
+
+    # Lock expectation.
+    def lock_expect
+      { :expected => { "locked_at" => { :exists => false } } }
+    end
+
+    # Option to delete lock.
+    def add_attr
+      { "locked_at" => {:action => "DELETE"} }
+    end
+
+    # Expectation of when lock was set.
+    def expect_lock_time(env)
+      { :expected => {"locked_at" => {
+        :value => {:n => "#{env["locked_at"]}"}, :exists => true}} }
+    end
+
+    # Attributes to be retrieved via client
+    def lock_opts
+      {:attributes_to_get => ["locked_at"],
+      :consistent_read => @config.consistent_read}
+    end
+
+  end
+end

data/lib/aws/session_store/dynamo_db/missing_secret_key_error.rb

@@ -0,0 +1,21 @@
+# Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+
+module AWS::SessionStore::DynamoDB
+  class MissingSecretKeyError < RuntimeError
+    def initialize(msg = "No secret key provided!")
+      super
+    end
+  end
+end

data/lib/aws/session_store/dynamo_db/rack_middleware.rb

@@ -0,0 +1,130 @@
+# Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'rack/session/abstract/id'
+require 'openssl'
+require 'aws-sdk'
+
+module AWS::SessionStore::DynamoDB
+  # This class is an ID based Session Store Rack Middleware
+  # that uses a DynamoDB backend for session storage.
+  class RackMiddleware < Rack::Session::Abstract::ID
+
+    # Initializes SessionStore middleware.
+    #
+    # @param app Rack application.
+    # @option (see Configuration#initialize)
+    # @raise [AWS::DynamoDB::Errors::ResourceNotFoundException] If valid table
+    #   name is not provided.
+    # @raise [AWS::SessionStore::DynamoDB::MissingSecretKey] If secret key is
+    #   not provided.
+    def initialize(app, options = {})
+      super
+      @config = Configuration.new(options)
+      set_locking_strategy
+    end
+
+    private
+
+    # Sets locking strategy for session handler
+    #
+    # @return [Locking::Null] If locking is not enabled.
+    # @return [Locking::Pessimistic] If locking is enabled.
+    def set_locking_strategy
+      if @config.enable_locking
+        @lock = AWS::SessionStore::DynamoDB::Locking::Pessimistic.new(@config)
+      else
+        @lock = AWS::SessionStore::DynamoDB::Locking::Null.new(@config)
+      end
+    end
+
+    # Determines if the correct session table name is being used for
+    # this application. Also tests existence of secret key.
+    #
+    # @raise [AWS::DynamoDB::Errors::ResourceNotFoundException] If wrong table
+    #   name.
+    def validate_config
+      raise MissingSecretKeyError unless @config.secret_key
+    end
+
+    # Gets session data.
+    def get_session(env, sid)
+      validate_config
+      case verify_hmac(sid)
+      when nil
+        set_new_session_properties(env)
+      when false
+        handle_error {raise InvalidIDError}
+        set_new_session_properties(env)
+      else
+        data = @lock.get_session_data(env, sid)
+        [sid, data || {}]
+      end
+    end
+
+    def set_new_session_properties(env)
+      env['dynamo_db.new_session'] = 'true'
+      [generate_sid, {}]
+    end
+
+    # Sets the session in the database after packing data.
+    #
+    # @return [Hash] If session has been saved.
+    # @return [false] If session has could not be saved.
+    def set_session(env, sid, session, options)
+      @lock.set_session_data(env, sid, session, options)
+    end
+
+    # Destroys session and removes session from database.
+    #
+    # @return [String] return a new session id or nil if options[:drop]
+    def destroy_session(env, sid, options)
+      @lock.delete_session(env, sid)
+      generate_sid unless options[:drop]
+    end
+
+    # Each database operation is placed in this rescue wrapper.
+    # This wrapper will call the method, rescue any exceptions and then pass
+    # exceptions to the configured session handler.
+    def handle_error(env = nil, &block)
+      begin
+        yield
+      rescue AWS::DynamoDB::Errors::Base,
+             AWS::SessionStore::DynamoDB::InvalidIDError => e
+        @config.error_handler.handle_error(e, env)
+      end
+    end
+
+    # Generate HMAC hash based on MD5
+    def generate_hmac(sid, secret)
+      OpenSSL::HMAC.hexdigest(OpenSSL::Digest::MD5.new, secret, sid).strip()
+    end
+
+    # Generate sid with HMAC hash
+    def generate_sid(secure = @sid_secure)
+      sid = super(secure)
+      sid = "#{generate_hmac(sid, @config.secret_key)}--" + sid
+    end
+
+    # Verify digest of HMACed hash
+    #
+    # @return [true] If the HMAC id has been verified.
+    # @return [false] If the HMAC id has been corrupted.
+    def verify_hmac(sid)
+      return unless sid
+      digest, ver_sid  = sid.split("--")
+      return false unless ver_sid
+      digest == generate_hmac(ver_sid, @config.secret_key)
+    end
+  end
+end

data/lib/aws/session_store/dynamo_db/railtie.rb

@@ -0,0 +1,28 @@
+# Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+
+module AWS::SessionStore::DynamoDB
+  class Railtie < Rails::Railtie
+    initializer 'aws-sessionstore-dynamodb-rack-middleware' do
+      ActionDispatch::Session::DynamodbStore = AWS::SessionStore::DynamoDB::RackMiddleware
+    end
+
+    # Load all rake tasks
+    rake_tasks do
+      Dir[File.expand_path("../tasks/*.rake", __FILE__)].each do |rake_task|
+        load rake_task
+      end
+    end
+  end
+end

data/lib/aws/session_store/dynamo_db/table.rb

@@ -0,0 +1,98 @@
+# Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws-sdk'
+require 'logger'
+
+module AWS::SessionStore::DynamoDB
+  # This class provides a way to create and delete a session table.
+  module Table
+    module_function
+
+    # Creates a session table.
+    # @option (see Configuration#initialize)
+    def create_table(options = {})
+      config = load_config(options)
+      ddb_options = properties(config.table_name, config.table_key).merge(
+          throughput(config.read_capacity, config.write_capacity)
+        )
+      config.dynamo_db_client.create_table(ddb_options)
+      logger << "Table #{config.table_name} created, waiting for activation...\n"
+      block_until_created(config)
+      logger << "Table #{config.table_name} is now ready to use.\n"
+    rescue AWS::DynamoDB::Errors::ResourceInUseException
+      logger << "Table #{config.table_name} already exists, skipping creation.\n"
+    end
+
+    # Deletes a session table.
+    # @option (see Configuration#initialize)
+    def delete_table(options = {})
+      config = load_config(options)
+      config.dynamo_db_client.delete_table(:table_name => config.table_name)
+    end
+
+    # @api private
+    def logger
+      @logger ||= Logger.new($STDOUT)
+    end
+
+    # Loads configuration options.
+    # @option (see Configuration#initialize)
+    # @api private
+    def load_config(options = {})
+      AWS::SessionStore::DynamoDB::Configuration.new(options)
+    end
+
+    # @return [Hash] Attribute settings for creating a session table.
+    # @api private
+    def attributes(hash_key)
+      attributes = [{:attribute_name => hash_key, :attribute_type => 'S'}]
+      { :attribute_definitions => attributes }
+    end
+
+    # @return Shema values for session table
+    # @api private
+    def schema(table_name, hash_key)
+      {
+        :table_name => table_name,
+        :key_schema => [ {:attribute_name => hash_key, :key_type => 'HASH'} ]
+      }
+    end
+
+    # @return Throughput for Session table
+    # @api private
+    def throughput(read, write)
+      units = {:read_capacity_units=> read, :write_capacity_units => write}
+      { :provisioned_throughput => units }
+    end
+
+    # @return Properties for Session table
+    # @api private
+    def properties(table_name, hash_key)
+      attributes(hash_key).merge(schema(table_name, hash_key))
+    end
+
+    # @api private
+    def block_until_created(config)
+      created = false
+      until created
+        params = { :table_name => config.table_name }
+        response = config.dynamo_db_client.describe_table(params)
+        created = response[:table][:table_status] == 'ACTIVE'
+
+        sleep 10
+      end
+    end
+
+  end
+end

data/lib/aws/session_store/dynamo_db/tasks/session_table.rake

@@ -0,0 +1,21 @@
+# Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+namespace "db" do
+  namespace "sessions" do
+    desc 'Clean up old sessions in Amazon DynamoDB session store'
+    task :cleanup => :environment do |t|
+      AWS::SessionStore::DynamoDB::GarbageCollection.collect_garbage
+    end
+  end
+end