rack 0.9.1 → 1.0.0

data/lib/rack/session/abstract/id.rb

@@ -1,54 +1,67 @@
 # AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
 # bugrep: Andreas Zehnder
 
-require 'rack/utils'
 require 'time'
+require 'rack/request'
+require 'rack/response'
 
 module Rack
+
   module Session
+
     module Abstract
+
       # ID sets up a basic framework for implementing an id based sessioning
       # service. Cookies sent to the client for maintaining sessions will only
-      # contain an id reference. Only #get_session and #set_session should
-      # need to be overwritten.
+      # contain an id reference. Only #get_session and #set_session are
+      # required to be overwritten.
       #
       # All parameters are optional.
       # * :key determines the name of the cookie, by default it is
       #   'rack.session'
-      # * :domain and :path set the related cookie values, by default
-      #   domain is nil, and the path is '/'.
-      # * :expire_after is the number of seconds in which the session
-      #   cookie will expire. By default it is set not to provide any
-      #   expiry time.
+      # * :path, :domain, :expire_after, :secure, and :httponly set the related
+      #   cookie options as by Rack::Response#add_cookie
+      # * :defer will not set a cookie in the response.
+      # * :renew (implementation dependent) will prompt the generation of a new
+      #   session id, and migration of data to be referenced at the new id. If
+      #   :defer is set, it will be overridden and the cookie will be set.
+      # * :sidbits sets the number of bits in length that a generated session
+      #   id will be.
+      #
+      # These options can be set on a per request basis, at the location of
+      # env['rack.session.options']. Additionally the id of the session can be
+      # found within the options hash at the key :id. It is highly not
+      # recommended to change its value.
+      #
+      # Is Rack::Utils::Context compatible.
+
       class ID
-        attr_reader :key
         DEFAULT_OPTIONS = {
-          :key =>           'rack.session',
           :path =>          '/',
           :domain =>        nil,
           :expire_after =>  nil,
           :secure =>        false,
           :httponly =>      true,
+          :defer =>         false,
+          :renew =>         false,
           :sidbits =>       128
         }
 
+        attr_reader :key, :default_options
         def initialize(app, options={})
+          @app = app
+          @key = options[:key] || "rack.session"
           @default_options = self.class::DEFAULT_OPTIONS.merge(options)
-          @key = @default_options[:key]
-          @default_context = context app
         end
 
         def call(env)
-          @default_context.call(env)
+          context(env)
         end
 
-        def context(app)
-          Rack::Utils::Context.new self, app do |env|
-            load_session env
-            response = app.call(env)
-            commit_session env, response
-            response
-          end
+        def context(env, app=@app)
+          load_session(env)
+          status, headers, body = app.call(env)
+          commit_session(env, status, headers, body)
         end
 
         private
@@ -56,6 +69,7 @@ module Rack
         # Generate a new session id using Ruby #rand.  The size of the
         # session id is controlled by the :sidbits option.
         # Monkey patch this to use custom methods for session id generation.
+
         def generate_sid
           "%0#{@default_options[:sidbits] / 4}x" %
             rand(2**@default_options[:sidbits] - 1)
@@ -65,87 +79,62 @@ module Rack
         # environment to #get_session. It then sets the resulting session into
         # 'rack.session', and places options and session metadata into
         # 'rack.session.options'.
+
         def load_session(env)
-          sid           = (env['HTTP_COOKIE']||'')[/#{@key}=([^,;]+)/,1]
-          sid, session  = get_session(env, sid)
-          unless session.is_a?(Hash)
-            puts 'Session: '+sid.inspect+"\n"+session.inspect if $DEBUG
-            raise TypeError, 'Session not a Hash'
+          request = Rack::Request.new(env)
+          session_id = request.cookies[@key]
+
+          begin
+            session_id, session = get_session(env, session_id)
+            env['rack.session'] = session
+          rescue
+            env['rack.session'] = Hash.new
           end
 
-          options = @default_options.
-            merge({ :id => sid, :by => self, :at => Time.now })
-
-          env['rack.session'] = session
-          env['rack.session.options'] = options
-
-          return true
+          env['rack.session.options'] = @default_options.
+            merge(:id => session_id)
         end
 
         # Acquires the session from the environment and the session id from
-        # the session options and passes them to #set_session. It then
-        # proceeds to set a cookie up in the response with the session's id.
-        def commit_session(env, response)
-          unless response.is_a?(Array)
-            puts 'Response: '+response.inspect if $DEBUG
-            raise ArgumentError, 'Response is not an array.'
-          end
+        # the session options and passes them to #set_session. If successful
+        # and the :defer option is not true, a cookie will be added to the
+        # response with the session's id.
 
+        def commit_session(env, status, headers, body)
+          session = env['rack.session']
           options = env['rack.session.options']
-          unless options.is_a?(Hash)
-            puts 'Options: '+options.inspect if $DEBUG
-            raise TypeError, 'Options not a Hash'
+          session_id = options[:id]
+
+          if not session_id = set_session(env, session_id, session, options)
+            env["rack.errors"].puts("Warning! #{self.class.name} failed to save session. Content dropped.")
+            [status, headers, body]
+          elsif options[:defer] and not options[:renew]
+            env["rack.errors"].puts("Defering cookie for #{session_id}") if $VERBOSE
+            [status, headers, body]
+          else
+            cookie = Hash.new
+            cookie[:value] = session_id
+            cookie[:expires] = Time.now + options[:expire_after] unless options[:expire_after].nil?
+            response = Rack::Response.new(body, status, headers)
+            response.set_cookie(@key, cookie.merge(options))
+            response.to_a
           end
-
-          sid, time, z = options.values_at(:id, :at, :by)
-          unless self == z
-            warn "#{self} not managing this session."
-            return
-          end
-
-          unless env['rack.session'].is_a?(Hash)
-            warn 'Session: '+sid.inspect+"\n"+session.inspect if $DEBUG
-            raise TypeError, 'Session not a Hash'
-          end
-
-          unless set_session(env, sid)
-            warn "Session not saved." if $DEBUG
-            warn "#{env['rack.session'].inspect} has been lost."if $DEBUG
-            return false
-          end
-
-          cookie = Utils.escape(@key)+'='+Utils.escape(sid)
-          cookie<< "; domain=#{options[:domain]}" if options[:domain]
-          cookie<< "; path=#{options[:path]}" if options[:path]
-          if options[:expire_after]
-            expiry = time + options[:expire_after]
-            cookie<< "; expires=#{expiry.httpdate}"
-          end
-          cookie<< "; Secure" if options[:secure]
-          cookie<< "; HttpOnly" if options[:httponly]
-
-          case a = (h = response[1])['Set-Cookie']
-          when Array then  a << cookie
-          when String then h['Set-Cookie'] = [a, cookie]
-          when nil then    h['Set-Cookie'] = cookie
-          end
-
-          return true
         end
 
-        # Should return [session_id, session]. All thread safety and session
-        # retrival proceedures should occur here.
+        # All thread safety and session retrival proceedures should occur here.
+        # Should return [session_id, session].
         # If nil is provided as the session id, generation of a new valid id
         # should occur within.
+
         def get_session(env, sid)
-          raise '#get_session needs to be implemented.'
+          raise '#get_session not implemented.'
         end
 
         # All thread safety and session storage proceedures should occur here.
         # Should return true or false dependant on whether or not the session
         # was saved or not.
-        def set_session(env, sid)
-          raise '#set_session needs to be implemented.'
+        def set_session(env, sid, session, options)
+          raise '#set_session not implemented.'
         end
       end
     end

data/lib/rack/session/cookie.rb

@@ -1,4 +1,6 @@
 require 'openssl'
+require 'rack/request'
+require 'rack/response'
 
 module Rack
 

data/lib/rack/session/memcache.rb

@@ -21,76 +21,88 @@ module Rack
 
     class Memcache < Abstract::ID
       attr_reader :mutex, :pool
-      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge({
+      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge \
         :namespace => 'rack:session',
         :memcache_server => 'localhost:11211'
-      })
 
       def initialize(app, options={})
         super
-        @pool = MemCache.new @default_options[:memcache_server], @default_options
-        unless @pool.servers.any?{|s|s.alive?}
-          raise "#{self} unable to find server during initialization."
-        end
+
         @mutex = Mutex.new
+        @pool = MemCache.
+          new @default_options[:memcache_server], @default_options
+        raise 'No memcache servers' unless @pool.servers.any?{|s|s.alive?}
       end
 
-      private
+      def generate_sid
+        loop do
+          sid = super
+          break sid unless @pool.get(sid, true)
+        end
+      end
 
       def get_session(env, sid)
-        session = sid && @pool.get(sid)
-        unless session and session.is_a?(Hash)
+        session = @pool.get(sid) if sid
+        @mutex.lock if env['rack.multithread']
+        unless sid and session
+          env['rack.errors'].puts("Session '#{sid.inspect}' not found, initializing...") if $VERBOSE and not sid.nil?
           session = {}
-          lc = 0
-          @mutex.synchronize do
-            begin
-              raise RuntimeError, 'Unique id finding looping excessively' if (lc+=1) > 1000
-              sid = generate_sid
-              ret = @pool.add(sid, session)
-            end until /^STORED/ =~ ret
-          end
-        end
-        class << session
-          @deleted = []
-          def delete key
-            (@deleted||=[]) << key
-            super
-          end
+          sid = generate_sid
+          ret = @pool.add sid, session
+          raise "Session collision on '#{sid.inspect}'" unless /^STORED/ =~ ret
         end
-        [sid, session]
+        session.instance_variable_set('@old', {}.merge(session))
+        return [sid, session]
       rescue MemCache::MemCacheError, Errno::ECONNREFUSED # MemCache server cannot be contacted
         warn "#{self} is unable to find server."
         warn $!.inspect
         return [ nil, {} ]
+      ensure
+        @mutex.unlock if env['rack.multithread']
       end
 
-      def set_session(env, sid)
-        session = env['rack.session']
-        options = env['rack.session.options']
-        expiry  = options[:expire_after] || 0
-        o, s = @mutex.synchronize do
-          old_session = @pool.get(sid)
-          unless old_session.is_a?(Hash)
-            warn 'Session not properly initialized.' if $DEBUG
-            old_session = {}
-            @pool.add sid, old_session, expiry
-          end
-          session.instance_eval do
-            @deleted.each{|k| old_session.delete(k) } if defined? @deleted
-          end
-          @pool.set sid, old_session.merge(session), expiry
-          [old_session, session]
+      def set_session(env, session_id, new_session, options)
+        expiry = options[:expire_after]
+        expiry = expiry.nil? ? 0 : expiry + 1
+
+        @mutex.lock if env['rack.multithread']
+        session = @pool.get(session_id) || {}
+        if options[:renew] or options[:drop]
+          @pool.delete session_id
+          return false if options[:drop]
+          session_id = generate_sid
+          @pool.add session_id, 0 # so we don't worry about cache miss on #set
         end
-        s.each do |k,v|
-          next unless o.has_key?(k) and v != o[k]
-          warn "session value assignment collision at #{k.inspect}:"+
-            "\n\t#{o[k].inspect}\n\t#{v.inspect}"
-        end if $DEBUG and env['rack.multithread']
-        return true
+        old_session = new_session.instance_variable_get('@old') || {}
+        session = merge_sessions session_id, old_session, new_session, session
+        @pool.set session_id, session, expiry
+        return session_id
       rescue MemCache::MemCacheError, Errno::ECONNREFUSED # MemCache server cannot be contacted
         warn "#{self} is unable to find server."
         warn $!.inspect
         return false
+      ensure
+        @mutex.unlock if env['rack.multithread']
+      end
+
+      private
+
+      def merge_sessions sid, old, new, cur=nil
+        cur ||= {}
+        unless Hash === old and Hash === new
+          warn 'Bad old or new sessions provided.'
+          return cur
+        end
+
+        delete = old.keys - new.keys
+        warn "//@#{sid}: delete #{delete*','}" if $VERBOSE and not delete.empty?
+        delete.each{|k| cur.delete k }
+
+        update = new.keys.select{|k| new[k] != old[k] }
+        warn "//@#{sid}: update #{update*','}" if $VERBOSE and not update.empty?
+        update.each{|k| cur[k] = new[k] }
+
+        cur
       end
     end
   end

data/lib/rack/session/pool.rb

@@ -13,19 +13,20 @@ module Rack
     # In the context of a multithreaded environment, sessions being
     # committed to the pool is done in a merging manner.
     #
+    # The :drop option is available in rack.session.options if you with to
+    # explicitly remove the session from the session cache.
+    #
     # Example:
     #   myapp = MyRackApp.new
     #   sessioned = Rack::Session::Pool.new(myapp,
-    #     :key => 'rack.session',
     #     :domain => 'foo.com',
-    #     :path => '/',
     #     :expire_after => 2592000
     #   )
     #   Rack::Handler::WEBrick.run sessioned
 
     class Pool < Abstract::ID
       attr_reader :mutex, :pool
-      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.dup
+      DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge :drop => false
 
       def initialize(app, options={})
         super
@@ -33,40 +34,66 @@ module Rack
         @mutex = Mutex.new
       end
 
-      private
+      def generate_sid
+        loop do
+          sid = super
+          break sid unless @pool.key? sid
+        end
+      end
 
       def get_session(env, sid)
-        session = @mutex.synchronize do
-          unless sess = @pool[sid] and ((expires = sess[:expire_at]).nil? or expires > Time.now)
-            @pool.delete_if{|k,v| expiry = v[:expire_at] and expiry < Time.now }
-            begin
-              sid = generate_sid
-            end while @pool.has_key?(sid)
-          end
-          @pool[sid] ||= {}
+        session = @pool[sid] if sid
+        @mutex.lock if env['rack.multithread']
+        unless sid and session
+          env['rack.errors'].puts("Session '#{sid.inspect}' not found, initializing...") if $VERBOSE and not sid.nil?
+          session = {}
+          sid = generate_sid
+          @pool.store sid, session
         end
-        [sid, session]
+        session.instance_variable_set('@old', {}.merge(session))
+        return [sid, session]
+      ensure
+        @mutex.unlock if env['rack.multithread']
       end
 
-      def set_session(env, sid)
-        options = env['rack.session.options']
-        expiry = options[:expire_after] && options[:at]+options[:expire_after]
-        @mutex.synchronize do
-          old_session = @pool[sid]
-          old_session[:expire_at] = expiry if expiry
-          session = old_session.merge(env['rack.session'])
-          @pool[sid] = session
-          session.each do |k,v|
-            next unless old_session.has_key?(k) and v != old_session[k]
-            warn "session value assignment collision at #{k}: #{old_session[k]} <- #{v}"
-          end if $DEBUG and env['rack.multithread']
+      def set_session(env, session_id, new_session, options)
+        @mutex.lock if env['rack.multithread']
+        session = @pool[session_id]
+        if options[:renew] or options[:drop]
+          @pool.delete session_id
+          return false if options[:drop]
+          session_id = generate_sid
+          @pool.store session_id, 0
         end
-        return true
+        old_session = new_session.instance_variable_get('@old') || {}
+        session = merge_sessions session_id, old_session, new_session, session
+        @pool.store session_id, session
+        return session_id
       rescue
-        warn "#{self} is unable to find server."
-        warn "#{env['rack.session'].inspect} has been lost."
+        warn "#{new_session.inspect} has been lost."
         warn $!.inspect
-        return false
+      ensure
+        @mutex.unlock if env['rack.multithread']
+      end
+
+      private
+
+      def merge_sessions sid, old, new, cur=nil
+        cur ||= {}
+        unless Hash === old and Hash === new
+          warn 'Bad old or new sessions provided.'
+          return cur
+        end
+
+        delete = old.keys - new.keys
+        warn "//@#{sid}: dropping #{delete*','}" if $DEBUG and not delete.empty?
+        delete.each{|k| cur.delete k }
+
+        update = new.keys.select{|k| new[k] != old[k] }
+        warn "//@#{sid}: updating #{update*','}" if $DEBUG and not update.empty?
+        update.each{|k| cur[k] = new[k] }
+
+        cur
       end
     end
   end