isomorfeus-transport 1.0.0.zeta16 → 1.0.0.zeta17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 797021fb762ad1532142818458f9aadedbd08b47b7022dd4e6870a68292e1383
-  data.tar.gz: 2a18e11f99ae8ed6212bd4e7ee6651c4f8dbd7f7780bd930dd7c36b3b79292a4
+  metadata.gz: 22eeb2de4df1584feb9dd4cb3eb042b8a281125b82368fa3b3e173cbcf5e63bb
+  data.tar.gz: c9466283b250e36751be1474d8a862c3146a76e296f740c8ef4999fa91d2e8ca
 SHA512:
-  metadata.gz: 58ade34fbf719ae7a840661e15b7ccc98b8340522af12ace8c81d79b28ea2d7c497df0a2d3fae7eafd1e62b60d22dddf0c8f6269a22eb33cc9a6864deeb0261e
-  data.tar.gz: 1697fc639609a39a5aaf5dac32e84c8390a274bc8c560328dd84fde3cab160064725af6e5f0144e1e1b70809058977898b1d578840754f6fb68f51963ed7cb13
+  metadata.gz: 27ab776d59f7faf791cda3cad826634e317bbf8876811a5eb243ea84c0cf71556f3e29322116870d979f490bdc0083762829ab732c7b56eed43475df005783d7
+  data.tar.gz: 809334de83bd13045111ce18cbfe1b0948757e6b06473b14fa3a55991c118787f9c26a34f44b70c4b2539cd8018f861f857c2b3c90c23739797561702af939dd

data/lib/isomorfeus-transport.rb

@@ -10,20 +10,24 @@ if RUBY_ENGINE == 'opal'
   require 'isomorfeus/transport/client_processor'
   require 'isomorfeus/transport/websocket'
   require 'isomorfeus/transport'
+  require 'isomorfeus/transport/ssr_login'
   require 'lucid_channel/mixin'
   require 'lucid_channel/base'
   Isomorfeus.zeitwerk.push_dir('channels')
   Isomorfeus.add_client_init_class_name('Isomorfeus::Transport')
+  Isomorfeus.add_transport_init_class_name('Isomorfeus::Transport::SsrLogin') if Isomorfeus.on_ssr?
 else
   require 'base64'
   require 'digest'
+  require 'bcrypt'
   require 'ostruct'
   require 'socket'
   require 'oj'
   require 'websocket/driver'
   require 'active_support'
   require 'iodine'
-  require 'isomorfeus/transport/thread_session_store'
+  require 'dbm'
+  require 'isomorfeus/transport/dbm_session_store'
   require 'isomorfeus/config'
   require 'isomorfeus/promise'
   require 'isomorfeus/transport/version'

data/lib/isomorfeus/transport/config.rb

@@ -3,6 +3,7 @@ module Isomorfeus
 
   if RUBY_ENGINE == 'opal'
     add_client_option(:api_websocket_path)
+    add_client_option(:cookie_eater_path)
     add_client_option(:transport_init_class_names, [])
 
     def self.add_transport_init_class_name(init_class_name)
@@ -10,16 +11,31 @@ module Isomorfeus
     end
 
     def self.current_user
-      @current_user ||= Anonymous.new
+      @current_user ||= init_current_user
+    end
+
+    def self.init_current_user
+      if Isomorfeus.current_user_sid
+        Isomorfeus.instance_from_sid(Isomorfeus.current_user_sid)
+      else
+        Anonymous.new
+      end
     end
 
     def self.set_current_user(user)
-      @current_user = user ? user : Anonymous.new
+      if user
+        @current_user = user
+        Isomorfeus.current_user_sid = user.to_sid
+      else
+        @current_user = Anonymous.new
+      end
     end
   else
     class << self
       attr_accessor :api_websocket_path
+      attr_accessor :cookie_eater_path
       attr_accessor :session_store
+      attr_accessor :cookie_dbm_path
 
       def add_middleware(middleware)
         Isomorfeus.middlewares << middleware
@@ -132,9 +148,11 @@ module Isomorfeus
       end
     end
 
-    self.session_store = Isomorfeus::Transport::ThreadSessionStore.new # dont use this one, but we keep it here to have at least something
+    self.cookie_dbm_path = 'cookie'
+    self.session_store = Isomorfeus::Transport::DbmSessionStore.new # dont use this one, but we keep it here to have at least something
   end
 
   # defaults
   self.api_websocket_path = '/isomorfeus/api/websocket'
+  self.cookie_eater_path = '/isomorfeus/cookie/eat'
 end

data/lib/isomorfeus/transport/dbm_session_store.rb

@@ -0,0 +1,51 @@
+module Isomorfeus
+  module Transport
+    class DbmSessionStore
+      def initialize
+        DBM.open(Isomorfeus.cookie_dbm_path, 0640, DBM::NEWDB).close
+      end
+
+      def add(session_id:, cookie:, user:, accessor:)
+        DBM.open(Isomorfeus.cookie_dbm_path, 0640, DBM::WRITER) do |dbm|
+          dbm[session_id] = Oj.dump([user.class.to_s, user.key], mode: :strict)
+          dbm[accessor] = cookie
+        end
+      end
+
+      def take_cookie(accessor:)
+        DBM.open(Isomorfeus.cookie_dbm_path, 0640, DBM::WRITER) do |dbm|
+          cookie = dbm[accessor]
+          if cookie
+            session_info = cookie.split('; ').first
+            session_id = session_info.split('=').last.strip
+            dbm["eaten_#{accessor}"] = session_id
+            dbm.delete(accessor)
+          else
+            # asked for the same cookie a second time
+            # can probably only be due to session hijacking
+            # so delete all sessions associated with that accessor
+            session_id = dbm["eaten_#{accessor}"]
+            dbm.delete(session_id) if session_id
+          end
+          cookie
+        end
+      end
+
+      def get_user(session_id:)
+        json = DBM.open(Isomorfeus.cookie_dbm_path, 0640, DBM::READER) do |dbm|
+          dbm[session_id]
+        end
+        if json
+          user_info = Oj.load(json, mode: :strict)
+          user_info[0].constantize.load(key: user_info[1]) if user_info
+        end
+      end
+
+      def remove(session_id:)
+        DBM.open(Isomorfeus.cookie_dbm_path, 0640, DBM::WRITER) do |dbm|
+          dbm.delete(session_id)
+        end
+      end
+    end
+  end
+end

data/lib/isomorfeus/transport/handler/authentication_handler.rb

@@ -18,26 +18,37 @@ module Isomorfeus
                 user = nil
                 if Isomorfeus.valid_user_class_name?(user_class_name)
                   user_class = Isomorfeus.cached_user_class(user_class_name)
-                  response_agent.request['login'][user_class_name].each_key do |user_identifier|
-                    promise = user_class.promise_login(user: user_identifier, pass: response_agent.request['login'][user_class_name][user_identifier])
-                    unless promise.realized?
-                      start = Time.now
-                      until promise.realized?
-                        break if (Time.now - start) > TIMEOUT
-                        sleep 0.01
-                      end
+                  user_identifier = response_agent.request['login'][user_class_name].keys.first
+                  promise = user_class.promise_login(user: user_identifier, pass: response_agent.request['login'][user_class_name][user_identifier])
+                  unless promise.realized?
+                    start = Time.now
+                    until promise.realized?
+                      break if (Time.now - start) > TIMEOUT
+                      sleep 0.01
                     end
-                    user = promise.value
-                    break if user
                   end
+                  user = promise.value
                 end
                 if user
-                  session_cookie = "session=#{SecureRandom.uuid};max-age=2592000"
+                  session_id = SecureRandom.uuid
+                  session_cookie = "session=#{session_id}; SameSite=Strict; HttpOnly; Path=/; Max-Age=2592000#{'; Secure' if Isomorfeus.production?}"
+                  session_cookie_accessor = SecureRandom.uuid
                   Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_user, user)
                   Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_authentication_tries, nil)
                   Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_session_cookie, session_cookie)
-                  Isomorfeus.session_store.add(cookie: session_cookie, user: user)
-                  response_agent.agent_result = { success: 'ok', data: user.to_transport, session_cookie: session_cookie }
+                  Isomorfeus.session_store.add(session_id: session_id, cookie: session_cookie, user: user, accessor: session_cookie_accessor)
+                  response_agent.agent_result = { success: 'ok', data: user.to_transport, session_cookie_accessor: session_cookie_accessor }
+                end
+              end
+            elsif login_or_logout == 'ssr_login'
+              response_agent.agent_result = { error: 'Authentication failed' }
+              response_agent.request['ssr_login'].each_key do |session_id|
+                user = Isomorfeus.session_store.get_user(session_id: session_id)
+                if user
+                  Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_user, user)
+                  Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_authentication_tries, nil)
+                  Isomorfeus.pub_sub_client.instance_variable_set(:@isomorfeus_session_cookie, nil)
+                  response_agent.agent_result = { success: 'ok', data: user.to_transport }
                 end
               end
             elsif login_or_logout == 'logout'

data/lib/isomorfeus/transport/rack_middleware.rb

@@ -12,12 +12,42 @@ module Isomorfeus
       def call(env)
         if env['PATH_INFO'] == Isomorfeus.api_websocket_path
           if env['rack.upgrade?'] == :websocket
-            # TODO get session cookie
             env['rack.upgrade'] = Isomorfeus::Transport::ServerSocketProcessor.new
           end
           WS_RESPONSE
+        elsif env['PATH_INFO'] == Isomorfeus.cookie_eater_path
+          cookie_accessor, new_path = env['QUERY_STRING'].split('=')
+          cookie = Isomorfeus.session_store.take_cookie(accessor: cookie_accessor)
+          if new_path.start_with?('/')
+            if cookie
+              [302, { 'Location' => new_path, 'Set-Cookie' => cookie }, ["Cookie eaten!"]]
+            else
+              [302, { 'Location' => new_path }, ["No Cookie!"]]
+            end
+          else
+            [404, {}, ["Must specify relative path!"]]
+          end
         else
-          @app.call(env)
+          cookies = env['HTTP_COOKIE']
+          if cookies
+            cookies = cookies.split('; ')
+            cookie = cookies.detect { |c| c.start_with?('session=') }
+            if cookie
+              session_id = cookie[8..-1]
+              user = Isomorfeus.session_store.get_user(session_id: session_id)
+              if user
+                Thread.current[:isomorfeus_user] = user
+                Thread.current[:isomorfeus_session_id] = session_id
+              end
+            end
+          end
+          begin
+            result = @app.call(env)
+          ensure
+            Thread.current[:isomorfeus_user] = nil
+            Thread.current[:isomorfeus_session_id] = nil
+          end
+          result
         end
       end
     end

data/lib/isomorfeus/transport/server_socket_processor.rb

@@ -45,10 +45,8 @@ module Isomorfeus
       end
 
       def user(client)
-        # TODO get session cooke and load user from session
         current_user = client.instance_variable_get(:@isomorfeus_user)
         return current_user if current_user
-        # TODO get session cooke and load user from session
         Anonymous.new
       end
     end

data/lib/isomorfeus/transport/ssr_login.rb

@@ -0,0 +1,28 @@
+module Isomorfeus
+  module Transport
+    class SsrLogin
+      def self.init
+        session_id = `global.IsomorfeusSessionId`
+        if session_id && session_id.size > 0
+          Isomorfeus::Transport.promise_send_path('Isomorfeus::Transport::Handler::AuthenticationHandler', 'ssr_login', session_id).then do |agent|
+            if agent.processed
+              agent.result
+            else
+              agent.processed = true
+              if agent.response.key?(:success)
+                Isomorfeus.store.dispatch(type: 'DATA_LOAD', data: agent.response[:data])
+                class_name = agent.response[:data].keys.first
+                key = agent.response[:data][class_name].keys.first
+                logged_in_user = Isomorfeus.cached_data_class(class_name).new(key: key)
+                Isomorfeus.set_current_user(logged_in_user)
+              else
+                error = agent.response[:error]
+                Isomorfeus.raise_error(message: "SSR Login failed, #{error}!") # triggers .fail
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/isomorfeus/transport/version.rb

@@ -1,5 +1,5 @@
 module Isomorfeus
   module Transport
-    VERSION = '1.0.0.zeta16'
+    VERSION = '1.0.0.zeta17'
   end
 end

data/lib/lucid_authentication/mixin.rb

@@ -10,11 +10,11 @@ module LucidAuthentication
           def execute_login(&block)
           end
 
-          def promise_login(user: nil, pass: nil, scheme: :isomorfeus)
-              send("promise_authentication_with_#{scheme}",user: user, pass: pass)
+          def promise_login(user: nil, pass: nil, scheme: :isomorfeus, &block)
+            send("promise_authentication_with_#{scheme}", user: user, pass: pass, &block)
           end
 
-          def promise_authentication_with_isomorfeus(user: nil, pass: nil)
+          def promise_authentication_with_isomorfeus(user: nil, pass: nil, &block)
             if Isomorfeus.production?
               Isomorfeus.raise_error(message: "Connection not secure, can't login") unless Isomorfeus::Transport.socket.url.start_with?('wss:')
             else
@@ -29,12 +29,19 @@ module LucidAuthentication
                   Isomorfeus.store.dispatch(type: 'DATA_LOAD', data: agent.response[:data])
                   class_name = agent.response[:data].keys.first
                   key = agent.response[:data][class_name].keys.first
-
-                  # TODO set session cookie
-                  # agent.response[:session_cookie]
                   logged_in_user = Isomorfeus.cached_data_class(class_name).new(key: key)
-                  Isomorfeus.set_current_user(logged_in_user)
-                  agent.result = logged_in_user
+                  cookie_accessor = agent.response[:session_cookie_accessor]
+                  begin
+                    target = if block_given?
+                               block.call(logged_in_user)
+                             else
+                               `window.location.pathname`
+                             end
+                  rescue
+                    target = `window.location.pathname`
+                  end
+                  cookie_query = "#{Isomorfeus.cookie_eater_path}?#{cookie_accessor}=#{target}"
+                  `window.location = cookie_query` # doing page load and redirect
                 else
                   error = agent.response[:error]
                   `console.err(error)` if error
@@ -52,9 +59,9 @@ module LucidAuthentication
 
       def promise_deauthentication_with_isomorfeus
         Isomorfeus::Transport.promise_send_path('Isomorfeus::Transport::Handler::AuthenticationHandler', 'logout', 'logout').then do |agent|
-          # TODO unset session cookie
-          # agent.response[:session_cookie]
+          `document.cookie = "session="`
           Isomorfeus.set_current_user(nil)
+          Isomorfeus.force_init_store!
           agent.processed = true
           agent.response.key?(:success) ? true : raise('Logout failed!')
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: isomorfeus-transport
 version: !ruby/object:Gem::Version
-  version: 1.0.0.zeta16
+  version: 1.0.0.zeta17
 platform: ruby
 authors:
 - Jan Biedermann
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-11 00:00:00.000000000 Z
+date: 2020-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -100,28 +100,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 16.12.17
+        version: 16.12.18
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 16.12.17
+        version: 16.12.18
 - !ruby/object:Gem::Dependency
   name: isomorfeus-policy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta16
+        version: 1.0.0.zeta17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta16
+        version: 1.0.0.zeta17
 - !ruby/object:Gem::Dependency
   name: websocket-driver
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta16
+        version: 1.0.0.zeta17
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta16
+        version: 1.0.0.zeta17
 - !ruby/object:Gem::Dependency
   name: opal-webpack-loader
   requirement: !ruby/object:Gem::Requirement
@@ -204,6 +204,7 @@ files:
 - lib/isomorfeus/transport.rb
 - lib/isomorfeus/transport/client_processor.rb
 - lib/isomorfeus/transport/config.rb
+- lib/isomorfeus/transport/dbm_session_store.rb
 - lib/isomorfeus/transport/handler/authentication_handler.rb
 - lib/isomorfeus/transport/middlewares.rb
 - lib/isomorfeus/transport/rack_middleware.rb
@@ -211,7 +212,7 @@ files:
 - lib/isomorfeus/transport/response_agent.rb
 - lib/isomorfeus/transport/server_processor.rb
 - lib/isomorfeus/transport/server_socket_processor.rb
-- lib/isomorfeus/transport/thread_session_store.rb
+- lib/isomorfeus/transport/ssr_login.rb
 - lib/isomorfeus/transport/version.rb
 - lib/isomorfeus/transport/websocket.rb
 - lib/lucid_authentication/mixin.rb

data/lib/isomorfeus/transport/thread_session_store.rb

@@ -1,20 +0,0 @@
-module Isomorfeus
-  module Transport
-    class ThreadSessionStore
-
-      def add(cookie:, user:)
-        store[cookie] = user
-      end
-
-      def remove(cookie:)
-        store.delete(cookie)
-      end
-
-      private
-
-      def store
-        Thread.current[:isomorfeus_session_store] ||= {}
-      end
-    end
-  end
-end