global_session 0.9.0

data/lib/global_session/rack.rb

@@ -0,0 +1,162 @@
+basedir = File.dirname(__FILE__)
+
+# Make sure the namespace exists, to satisfy Rails auto-loading
+module GlobalSession
+  module Rack
+    # Global session middleware.  Note: this class relies on
+    # Rack::Cookies being used higher up in the chain.
+    class Middleware
+      # Make a new global session.
+      #
+      # The optional block here controls an alternate ticket retrieval
+      # method.  If no ticket is stored in the cookie jar, this
+      # function is called.  If it returns a non-nil value, that value
+      # is the ticket.
+      #
+      # === Parameters
+      # app(Rack client): application to run
+      # configuration(String or Configuration): global_session configuration.
+      #                                         If a string, is interpreted as a
+      #                                         filename to load the config from.
+      # directory(String or Directory):         Directory object that provides
+      #                                         trust services to the global
+      #                                         session implementation. If a
+      #                                         string, is interpreted as a
+      #                                         filesystem directory containing
+      #                                         the public and private keys of
+      #                                         authorities, from which default
+      #                                         trust services will be initialized.
+      #
+      # block: optional alternate ticket retrieval function
+      def initialize(app, configuration, directory, &block)
+        @app = app
+
+        if configuration.instance_of?(String)
+          @configuration = Configuration.new(configuration, ENV['RACK_ENV'] || 'development')
+        else
+          @configuration = configuration
+        end
+
+        if directory.instance_of?(String)
+          @directory = Directory.new(@configuration, directory)
+        else
+          @directory = directory
+        end
+
+        @cookie_retrieval = block
+        @cookie_name = @configuration['cookie']['name']
+      end
+
+      # Read a cookie from the Rack environment.
+      #
+      # === Parameters
+      # env(Hash): Rack environment.
+      def read_cookie(env)
+        if env['rack.cookies'].key?(@cookie_name)
+          env['global_session'] = Session.new(@directory,
+                                              env['rack.cookies'][@cookie_name])
+        elsif @cookie_retrieval && cookie = @cookie_retrieval.call(env)
+          env['global_session'] = Session.new(@directory, cookie)
+        else
+          env['global_session'] = Session.new(@directory)
+        end
+
+        true
+      end
+
+      # Renew the session ticket.
+      #
+      # === Parameters
+      # env(Hash): Rack environment
+      def renew_cookie(env)
+        if (renew = @configuration['renew']) && env['global_session'] &&
+            env['global_session.req.renew'] != false &&
+            env['global_session'].directory.local_authority_name &&
+            env['global_session'].expired_at < Time.at(Time.now.utc + 60 * renew.to_i)
+          env['global_session'].renew!
+        end
+      end
+
+      # Update the cookie jar with the revised ticket.
+      #
+      # === Parameters
+      # env(Hash): Rack environment
+      def update_cookie(env)
+        return if env['global_session.req.update'] == false
+
+        begin
+          domain = @configuration['cookie']['domain'] || env['SERVER_NAME']
+          if env['global_session'] && env['global_session'].valid?
+            value = env['global_session'].to_s
+            expires = @configuration['ephemeral'] ? nil : env['global_session'].expired_at
+            unless env['rack.cookies'].key?(@cookie_name) &&
+                env['rack.cookies'][@cookie_name] == value
+              env['rack.cookies'][@cookie_name] = {:value => value, :domain => domain, :expires => expires}
+            end
+          else
+            # write an empty cookie
+            env['rack.cookies'][@cookie_name] = {:value => nil, :domain => domain, :expires => Time.at(0)}
+          end
+        rescue Exception => e
+          wipe_cookie(env)
+          raise e
+        end
+      end
+
+      # Delete the ticket from the cookie jar.
+      #
+      # === Parameters
+      # env(Hash): Rack environment
+      def wipe_cookie(env)
+        domain = @configuration['cookie']['domain'] || env['SERVER_NAME']
+        env['rack.cookies'][@cookie_name] = {:value => nil, :domain => domain, :expires => Time.at(0)}
+      end
+
+      # Handle exceptions that occur during app invocation.
+      #
+      # === Parameters
+      # activity(String): name of activity in which error happened
+      # env(Hash): Rack environment
+      # e(Exception): error that happened
+      def handle_error(activity, env, e)
+        if e.is_a? ClientError
+          env['global_session.error'] = e
+          return @app.call(env)
+        elsif e.is_a? ConfigurationError
+          env['rack.logger'].error("#{e.class} while #{activity}: #{e} #{e.backtrace}") if env['rack.logger']
+          env['global_session.error'] = e
+          return @app.call(env)
+        else
+          raise e
+        end
+      end
+
+      # Rack request chain. Sets up the global session ticket from
+      # the environment and passes it up the chain.
+      def call(env)
+        env['rack.cookies'] = {} unless env['rack.cookies']
+
+        begin
+          read_cookie(env)
+        rescue Exception => e
+          env['global_session'] = Session.new(@directory)
+          return handle_error('reading session cookie', env, e)
+        end
+
+        begin
+          tuple = @app.call(env)
+          renew_cookie(env)
+          update_cookie(env)
+          return tuple
+        rescue Exception => e
+          wipe_cookie(env)
+          return handle_error('processing request', env, e)
+        end
+      end
+    end
+  end
+end
+
+module Rack
+  GlobalSession = GlobalSession::Rack::Middleware unless defined?(GlobalSession)
+end

data/lib/global_session/rails/action_controller_class_methods.rb

@@ -0,0 +1,61 @@
+module GlobalSession
+  module Rails
+    # Module that is mixed into ActionController's eigenclass; provides access to shared
+    # app-wide data such as the configuration object.
+    module ActionControllerClassMethods
+      def global_session_config
+        unless @global_session_config
+          config_file = File.join(::Rails.root, 'config', 'global_session.yml')
+          @global_session_config = GlobalSession::Configuration.new(config_file, RAILS_ENV)
+        end
+
+        return @global_session_config
+      end
+
+      def global_session_config=(config)
+        @global_session_config = config
+      end
+
+      def has_global_session(options={})
+        odefault = {:integrated=>false}
+        obase = self.superclass.global_session_options if self.superclass.respond_to?(:global_session_options)
+        options = odefault.merge(obase).merge(options)
+        
+        self.global_session_options = HashWithIndifferentAccess.new(options)
+        options = self.global_session_options
+
+        include GlobalSession::Rails::ActionControllerInstanceMethods
+
+        fopt = {}
+        inverse_fopt = {}
+        fopt[:only] = options[:only] if options[:only]
+        fopt[:except] = options[:except] if options[:except]
+        inverse_fopt[:only] = options[:except] if options[:except]
+        inverse_fopt[:except] = options[:only] if options[:only]
+
+        if fopt[:only] || fopt[:except]
+          before_filter :global_session_skip_renew, inverse_fopt
+          before_filter :global_session_skip_update, inverse_fopt
+        end
+
+        before_filter :global_session_initialize, fopt
+      end
+
+      def no_global_session
+        skip_before_filter :global_session_initialize
+        before_filter :global_session_skip_renew
+        before_filter :global_session_skip_update
+      end
+
+      protected
+
+      def global_session_options
+        @global_session_options || {}
+      end
+
+      def global_session_options=(options)
+        @global_session_options = options
+      end      
+    end
+  end
+end

data/lib/global_session/rails/action_controller_instance_methods.rb

@@ -0,0 +1,135 @@
+module GlobalSession
+  # Rails integration for GlobalSession.
+  #
+  # The configuration file for Rails apps is located in +config/global_session.yml+ and a generator
+  # (global_session_config) is available for creating a sensible default.
+  #
+  # There is also a generator (global_session_authority) for creating authority keypairs.
+  #
+  # The main integration touchpoint for Rails is the module ActionControllerInstanceMethods,
+  # which gets mixed into ActionController::Base. This is where all of the magic happens..
+  #
+  module Rails
+    # Module that is mixed into ActionController-derived classes when the class method
+    # +has_global_session+ is called.
+    #
+    module ActionControllerInstanceMethods
+      def self.included(base) # :nodoc:
+        base.alias_method_chain :session, :global_session
+      end
+
+      # Shortcut accessor for global session configuration object.
+      #
+      # === Return
+      # config(GlobalSession::Configuration)
+      def global_session_config
+        request.env['global_session.config']
+      end
+
+      def global_session_options
+        self.class.instance_variable_get(:@global_session_options)
+      end
+
+      # Global session reader.
+      #
+      # === Return
+      # session(Session):: the global session associated with the current request, nil if none
+      def global_session
+        @global_session
+      end
+
+      # Aliased version of ActionController::Base#session which will return the integrated
+      # global-and-local session object (IntegratedSession).
+      #
+      # === Return
+      # session(IntegratedSession):: the integrated session
+      def session_with_global_session
+        if global_session
+          unless @integrated_session &&
+                 (@integrated_session.local == session_without_global_session) && 
+                 (@integrated_session.global == global_session)
+            @integrated_session =
+              IntegratedSession.new(session_without_global_session, global_session)
+          end
+          
+          return @integrated_session
+        else
+          return session_without_global_session
+        end
+      end
+
+      # Filter to initialize the global session.
+      #
+      # === Return
+      # true:: Always returns true
+      def global_session_initialize
+        options = self.class.instance_variable_get(:@global_session_options) || {}
+
+        if (error = request.env['global_session.error'])
+          raise error unless options[:raise] == false
+        else
+          @global_session = request.env['global_session']
+          return true
+        end
+      end
+
+      # Filter to disable auto-renewal of the session.
+      #
+      # === Return
+      # true:: Always returns true
+      def global_session_skip_renew
+        request.env['global_session.req.renew'] = false
+        true
+      end
+
+      # Filter to disable updating of the session cookie
+      #
+      # === Return
+      # true:: Always returns true
+      def global_session_skip_update
+        request.env['global_session.req.update'] = false
+        true
+      end
+
+      # Override for the ActionController method of the same name that logs
+      # information about the request. Our version logs the global session ID
+      # instead of the local session ID.
+      #
+      # === Parameters
+      # name(Type):: Description
+      #
+      # === Return
+      # name(Type):: Description
+      def log_processing
+        if logger && logger.info?
+          log_processing_for_request_id
+          log_processing_for_parameters
+        end
+      end
+
+      def log_processing_for_request_id # :nodoc:
+        if global_session && global_session.id
+          session_id = global_session.id + " (#{session[:session_id]})"
+        elsif session[:session_id]
+          session_id = session[:session_id]
+        elsif request.session_options[:id]
+          session_id = request.session_options[:id]
+        end
+
+        request_id = "\n\nProcessing #{self.class.name}\##{action_name} "
+        request_id << "to #{params[:format]} " if params[:format]
+        request_id << "(for #{request_origin.split[0]}) [#{request.method.to_s.upcase}]"
+        request_id << "\n  Session ID: #{session_id}" if session_id
+
+        logger.info(request_id)
+      end
+
+      def log_processing_for_parameters # :nodoc:
+        parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup
+        parameters = parameters.except!(:controller, :action, :format, :_method)
+
+        logger.info "  Parameters: #{parameters.inspect}" unless parameters.empty?
+      end
+    end
+  end
+end

data/lib/global_session/rails.rb

@@ -0,0 +1,30 @@
+basedir = File.dirname(__FILE__)
+
+require 'rack/contrib/cookies'
+
+
+#Require the files necessary for Rails integration
+require 'global_session/rack'
+require 'global_session/rails/action_controller_class_methods'
+require 'global_session/rails/action_controller_instance_methods'
+
+module GlobalSession
+  module Rails
+    def self.activate(config)
+      # Enable ActionController integration.
+      class <<ActionController::Base
+        include GlobalSession::Rails::ActionControllerClassMethods
+      end
+
+      authorities = File.join(::Rails.root, 'config', 'authorities')
+      hgs_config  = ActionController::Base.global_session_config
+      hgs_dir     = GlobalSession::Directory.new(hgs_config, authorities)
+
+      # Add our middleware to the stack.
+      config.middleware.use ::Rack::Cookies
+      config.middleware.use ::Rack::GlobalSession, hgs_config, hgs_dir
+
+      return true
+    end
+  end
+end