redis-client-session-store 0.12

data/lib/redis-client-session-store.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require 'redis-client'
+
+# Redis session storage for Rails, and for Rails only. Derived from
+# the MemCacheStore code, simply dropping in Redis instead.
+class RedisSessionStore < ActionDispatch::Session::AbstractSecureStore
+  VERSION = '0.12'
+  # Rails 3.1 and beyond defines the constant elsewhere
+  unless defined?(ENV_SESSION_OPTIONS_KEY)
+    ENV_SESSION_OPTIONS_KEY = if Rack.release.split('.').first.to_i > 1
+                                Rack::RACK_SESSION_OPTIONS
+                              else
+                                Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY
+                              end
+  end
+
+  USE_INDIFFERENT_ACCESS = defined?(ActiveSupport).freeze
+  # ==== Options
+  # * +:key+ - Same as with the other cookie stores, key name
+  # * +:redis+ - A hash with redis-specific options
+  #   * +:url+ - Redis url, default is redis://localhost:6379/0
+  #   * +:key_prefix+ - Prefix for keys used in Redis, e.g. +myapp:+
+  #   * +:expire_after+ - A number in seconds for session timeout
+  #   * +:client+ - Connect to Redis with given object rather than create one
+  # * +:on_redis_down:+ - Called with err, env, and SID on Errno::ECONNREFUSED
+  # * +:on_session_load_error:+ - Called with err and SID on Marshal.load fail
+  # * +:serializer:+ - Serializer to use on session data, default is :marshal.
+  #
+  # ==== Examples
+  #
+  #     Rails.application.config.session_store :redis_client_session_store,
+  #       key: 'your_session_key',
+  #       redis: {
+  #         expire_after: 120.minutes,
+  #         key_prefix: 'myapp:session:',
+  #         url: 'redis://localhost:6379/0'
+  #       },
+  #       on_redis_down: ->(*a) { logger.error("Redis down! #{a.inspect}") },
+  #       serializer: :hybrid # migrate from Marshal to JSON
+  #
+  def initialize(app, options = {})
+    super
+
+    @default_options[:namespace] = 'rack:session'
+    @default_options.merge!(options[:redis] || {})
+    init_options = options[:redis]&.reject do |k, _v|
+      %i[expire_after key_prefix ttl].include?(k)
+    end || {}
+    @redis = init_options[:client] || RedisClient.new(init_options)
+    @on_redis_down = options[:on_redis_down]
+    @serializer = determine_serializer(options[:serializer])
+    @on_session_load_error = options[:on_session_load_error]
+    verify_handlers!
+  end
+
+  attr_accessor :on_redis_down, :on_session_load_error
+
+  private
+
+  attr_reader :redis, :key, :default_options, :serializer
+
+  # overrides method defined in rack to actually verify session existence
+  # Prevents needless new sessions from being created in scenario where
+  # user HAS session id, but it already expired, or is invalid for some
+  # other reason, and session was accessed only for reading.
+  def session_exists?(env)
+    value = current_session_id(env)
+
+    !!(
+      value && !value.empty? &&
+      key_exists_with_fallback?(value)
+    )
+  rescue Errno::ECONNREFUSED, RedisClient::CannotConnectError => e
+    on_redis_down.call(e, env, value) if on_redis_down
+
+    true
+  end
+
+  def key_exists_with_fallback?(value)
+    return false if private_session_id?(value.public_id)
+
+    key_exists?(value.private_id) || key_exists?(value.public_id)
+  end
+
+  def key_exists?(value)
+    redis.call('EXISTS', prefixed(value)).positive?
+  end
+
+  def private_session_id?(value)
+    value.match?(/\A\d+::/)
+  end
+
+  def verify_handlers!
+    %w(on_redis_down on_session_load_error).each do |h|
+      next unless (handler = public_send(h)) && !handler.respond_to?(:call)
+
+      raise ArgumentError, "#{h} handler is not callable"
+    end
+  end
+
+  def prefixed(sid)
+    "#{default_options[:key_prefix]}#{sid}"
+  end
+
+  def session_default_values
+    [generate_sid, USE_INDIFFERENT_ACCESS ? {}.with_indifferent_access : {}]
+  end
+
+  def get_session(env, sid)
+    sid && (session = load_session_with_fallback(sid)) ? [sid, session] : session_default_values
+  rescue Errno::ECONNREFUSED, RedisClient::CannotConnectError => e
+    on_redis_down.call(e, env, sid) if on_redis_down
+    session_default_values
+  end
+  alias find_session get_session
+
+  def load_session_with_fallback(sid)
+    return nil if private_session_id?(sid.public_id)
+
+    load_session_from_redis(
+      key_exists?(sid.private_id) ? sid.private_id : sid.public_id
+    )
+  end
+
+  def load_session_from_redis(sid)
+    data = redis.call('GET', prefixed(sid))
+    begin
+      data ? decode(data) : nil
+    rescue StandardError => e
+      destroy_session_from_sid(sid, drop: true)
+      on_session_load_error.call(e, sid) if on_session_load_error
+      nil
+    end
+  end
+
+  def decode(data)
+    session = serializer.load(data)
+    USE_INDIFFERENT_ACCESS ? session.with_indifferent_access : session
+  end
+
+  def set_session(env, sid, session_data, options = nil)
+    expiry = get_expiry(env, options)
+    if expiry
+      redis.call('SETEX', prefixed(sid.private_id), expiry, encode(session_data))
+    else
+      redis.call('SET', prefixed(sid.private_id), encode(session_data))
+    end
+    sid
+  rescue Errno::ECONNREFUSED, RedisClient::CannotConnectError => e
+    on_redis_down.call(e, env, sid) if on_redis_down
+    false
+  end
+  alias write_session set_session
+
+  def get_expiry(env, options)
+    session_storage_options = options || env.fetch(ENV_SESSION_OPTIONS_KEY, {})
+    session_storage_options[:ttl] || session_storage_options[:expire_after]
+  end
+
+  def encode(session_data)
+    serializer.dump(session_data)
+  end
+
+  def destroy_session(env, sid, options)
+    destroy_session_from_sid(sid.public_id, (options || {}).to_hash.merge(env:, drop: true))
+    destroy_session_from_sid(sid.private_id, (options || {}).to_hash.merge(env:))
+  end
+  alias delete_session destroy_session
+
+  def destroy(env)
+    if env['rack.request.cookie_hash'] &&
+       (sid = env['rack.request.cookie_hash'][key])
+      sid = Rack::Session::SessionId.new(sid)
+      destroy_session_from_sid(sid.private_id, drop: true, env:)
+      destroy_session_from_sid(sid.public_id, drop: true, env:)
+    end
+    false
+  end
+
+  def destroy_session_from_sid(sid, options = {})
+    redis.call('DEL', prefixed(sid))
+    (options || {})[:drop] ? nil : generate_sid
+  rescue Errno::ECONNREFUSED, RedisClient::CannotConnectError => e
+    on_redis_down.call(e, options[:env] || {}, sid) if on_redis_down
+  end
+
+  def determine_serializer(serializer)
+    serializer ||= :marshal
+    case serializer
+    when :marshal then Marshal
+    when :json    then JsonSerializer
+    when :hybrid  then HybridSerializer
+    else serializer
+    end
+  end
+
+  # Uses built-in JSON library to encode/decode session
+  class JsonSerializer
+    def self.load(value)
+      JSON.parse(value, quirks_mode: true)
+    end
+
+    def self.dump(value)
+      JSON.generate(value, quirks_mode: true)
+    end
+  end
+
+  # Transparently migrates existing session values from Marshal to JSON
+  class HybridSerializer < JsonSerializer
+    MARSHAL_SIGNATURE = "\x04\x08"
+
+    def self.load(value)
+      if needs_migration?(value)
+        Marshal.load(value)
+      else
+        super
+      end
+    end
+
+    def self.needs_migration?(value)
+      value.start_with?(MARSHAL_SIGNATURE)
+    end
+  end
+end

data/redis-client-session-store.gemspec

@@ -0,0 +1,26 @@
+Gem::Specification.new do |gem|
+  gem.name = 'redis-client-session-store'
+  gem.authors = ['Andrey "Zed" Zaikin']
+  gem.email = ['zed.0xff@gmail.com']
+  gem.summary = 'Rails session store using low-level redis-client for Redis 6+'
+  gem.description = "#{gem.summary} For great glory!"
+  gem.homepage = 'https://github.com/zed-0xff/redis-client-session-store'
+  gem.license = 'MIT'
+
+  gem.extra_rdoc_files = %w(LICENSE AUTHORS.md CONTRIBUTING.md)
+
+  gem.files = `git ls-files -z`.split("\x0")
+  gem.require_paths = %w(lib)
+  gem.version = File.read('lib/redis-client-session-store.rb')
+                    .match(/^  VERSION = '(.*)'/)[1]
+
+  gem.add_runtime_dependency 'actionpack', '>= 5.2.4.1', '< 8'
+  gem.add_runtime_dependency 'redis-client'
+
+  gem.add_development_dependency 'rake', '~> 13'
+  gem.add_development_dependency 'rspec', '~> 3'
+  gem.add_development_dependency 'rubocop', '~> 1.25'
+  gem.add_development_dependency 'rubocop-rake', '~> 0.6'
+  gem.add_development_dependency 'rubocop-rspec', '~> 2.8'
+  gem.add_development_dependency 'simplecov', '~> 0.21'
+end