big_session 0.1.0

data/examples/landing_page_app_and_core_app/app_lp/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup).
+#
+# Examples:
+#
+#   movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
+#   Character.create(name: 'Luke', movie: movies.first)

data/examples/landing_page_app_and_core_app/app_lp/entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+# Remove a potentially pre-existing server.pid for Rails.
+rm -f /app/tmp/pids/server.pid
+
+# Then exec the container's main process (what's set as CMD in the Dockerfile).
+exec "$@"

data/examples/landing_page_app_and_core_app/app_lp/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "app",
+  "private": true,
+  "dependencies": {}
+}

data/examples/landing_page_app_and_core_app/app_lp/public/404.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <div>
+      <h1>The page you were looking for doesn't exist.</h1>
+      <p>You may have mistyped the address or the page may have moved.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/examples/landing_page_app_and_core_app/app_lp/public/422.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <div>
+      <h1>The change you wanted was rejected.</h1>
+      <p>Maybe you tried to change something you didn't have access to.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/examples/landing_page_app_and_core_app/app_lp/public/500.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/examples/landing_page_app_and_core_app/app_lp/public/robots.txt

@@ -0,0 +1 @@
+# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file

data/examples/landing_page_app_and_core_app/app_lp/test/application_system_test_case.rb

@@ -0,0 +1,5 @@
+require "test_helper"
+
+class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
+end

data/examples/landing_page_app_and_core_app/app_lp/test/test_helper.rb

@@ -0,0 +1,10 @@
+ENV['RAILS_ENV'] ||= 'test'
+require_relative '../config/environment'
+require 'rails/test_help'
+
+class ActiveSupport::TestCase
+  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/examples/landing_page_app_and_core_app/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3'
+services:
+  db:
+    image: postgres
+    volumes:
+      - ./tmp/db:/var/lib/postgresql/data
+  app_core:
+    build: app_core
+    command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'"
+    volumes:
+      - ./app_core:/app
+      - ./big_session:/mnt/big_session
+    ports:
+      - "3000:3000"
+    depends_on:
+      - db
+  app_lp:
+    build: app_lp
+    command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'"
+    volumes:
+      - ./app_lp:/app
+      - ./big_session:/mnt/big_session
+    ports:
+      - "3001:3000"
+    depends_on:
+      - db

data/lib/big_session.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'big_session/version'
+require 'big_session/faraday'
+require 'big_session/rack_middleware'
+require 'big_session/session_id'
+
+module BigSession
+  class Error < StandardError; end
+
+  BIG_SESSION_HEADER_NAME = 'X-Bigse-SessionID'
+  BIG_SESSION_SIGNATURE_HEADER_NAME = 'X-Bigse-Sig'
+  THREAD_BIG_SESSION_ID_KEY = 'big_session_id'
+  RAILS_SESSION_BIG_SESSION_ID_KEY = 'big_session_id'
+end

data/lib/big_session/faraday.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'faraday'
+require 'openssl'
+
+module BigSession
+  # This middleware will add BigSession header to request_headers of outgoing
+  # connections done by Faraday
+  class FaradayBigSession < ::Faraday::Middleware
+    class << self
+      def activate
+        ::Faraday::Middleware.register_middleware big_session: ::BigSession::FaradayBigSession
+      end
+    end
+
+    def initialize(app, header_secret = nil)
+      @app = app
+      @header_secret = header_secret
+    end
+
+    def call(env)
+      if SessionId.current
+        headers = { ::BigSession::BIG_SESSION_HEADER_NAME => SessionId.current, }
+
+        if @header_secret
+          sig = OpenSSL::HMAC.hexdigest('sha256', @header_secret, SessionId.current)
+          headers[::BigSession::BIG_SESSION_SIGNATURE_HEADER_NAME] = sig
+        end
+
+        env[:request_headers].merge!(headers)
+      end
+      @app.call(env)
+    end
+  end
+end

data/lib/big_session/rack_middleware.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'openssl'
+require 'logger'
+
+module BigSession
+  # This middleware reads BigSession headers from the request and sets/creates a
+  # SessionId usable by the rest of the app
+  class RackMiddleware
+    class << self
+      def activate(header_secret = nil)
+        Rails.application.config.middleware.use ::BigSession::RackMiddleware, header_secret
+      end
+    end
+
+    def initialize(app, header_secret = nil)
+      @app = app
+      @header_secret = header_secret
+    end
+
+    def call(env)
+      header_session_id, header_signature = env.values_at(
+        'HTTP_' + ::BigSession::BIG_SESSION_HEADER_NAME.upcase.gsub(/-/, '_'),
+        'HTTP_' + ::BigSession::BIG_SESSION_SIGNATURE_HEADER_NAME
+          .upcase.gsub(/-/, '_')
+      )
+
+      if header_session_id
+        env['rack.session'][::BigSession::RAILS_SESSION_BIG_SESSION_ID_KEY] =
+          if @header_secret
+            validate_header_session_id(header_session_id, header_signature)
+          else
+            header_session_id
+          end
+
+        SessionId.set(env['rack.session'][::BigSession::RAILS_SESSION_BIG_SESSION_ID_KEY])
+      else
+        SessionId.set(env['rack.session'][::BigSession::RAILS_SESSION_BIG_SESSION_ID_KEY]) unless SessionId.current
+        env['rack.session'][::BigSession::RAILS_SESSION_BIG_SESSION_ID_KEY] = SessionId.current
+      end
+
+      @app.call(env)
+    end
+
+    private
+
+    def validate_header_session_id(header_session_id, header_signature)
+      digest = OpenSSL::HMAC.hexdigest('sha256', @header_secret, header_session_id)
+      return header_session_id if digest == header_signature
+
+      logger = Logger.new(STDOUT)
+      logger.warn('Failed to validate big session header signature.')
+      nil
+    end
+  end
+end

data/lib/big_session/session_id.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module BigSession
+  # SessionId object bridges an access from users to session id
+  class SessionId
+    class << self
+      def current
+        Thread.current[::BigSession::THREAD_BIG_SESSION_ID_KEY]
+      end
+
+      def set(value = nil)
+        Thread.current[::BigSession::THREAD_BIG_SESSION_ID_KEY] =
+          value || new_session_id
+      end
+
+      def new_session_id
+        SecureRandom.hex(16)
+      end
+    end
+
+    private_class_method :new_session_id
+  end
+end