/**
* Apache License
* Version 2.0, January 2004
* http://www.apache.org/licenses/
*
* TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
*
* 1. Definitions.
*
* "License" shall mean the terms and conditions for use, reproduction,
* and distribution as defined by Sections 1 through 9 of this document.
*
* "Licensor" shall mean the copyright owner or entity authorized by
* the copyright owner that is granting the License.
*
* "Legal Entity" shall mean the union of the acting entity and all
* other entities that control, are controlled by, or are under common
* control with that entity. For the purposes of this definition,
* "control" means (i) the power, direct or indirect, to cause the
* direction or management of such entity, whether by contract or
* otherwise, or (ii) ownership of fifty percent (50%) or more of the
* outstanding shares, or (iii) beneficial ownership of such entity.
*
* "You" (or "Your") shall mean an individual or Legal Entity
* exercising permissions granted by this License.
*
* "Source" form shall mean the preferred form for making modifications,
* including but not limited to software source code, documentation
* source, and configuration files.
*
* "Object" form shall mean any form resulting from mechanical
* transformation or translation of a Source form, including but
* not limited to compiled object code, generated documentation,
* and conversions to other media types.
*
* "Work" shall mean the work of authorship, whether in Source or
* Object form, made available under the License, as indicated by a
* copyright notice that is included in or attached to the work
* (an example is provided in the Appendix below).
*
* "Derivative Works" shall mean any work, whether in Source or Object
* form, that is based on (or derived from) the Work and for which the
* editorial revisions, annotations, elaborations, or other modifications
* represent, as a whole, an original work of authorship. For the purposes
* of this License, Derivative Works shall not include works that remain
* separable from, or merely link (or bind by name) to the interfaces of,
* the Work and Derivative Works thereof.
*
* "Contribution" shall mean any work of authorship, including
* the original version of the Work and any modifications or additions
* to that Work or Derivative Works thereof, that is intentionally
* submitted to Licensor for inclusion in the Work by the copyright owner
* or by an individual or Legal Entity authorized to submit on behalf of
* the copyright owner. For the purposes of this definition, "submitted"
* means any form of electronic, verbal, or written communication sent
* to the Licensor or its representatives, including but not limited to
* communication on electronic mailing lists, source code control systems,
* and issue tracking systems that are managed by, or on behalf of, the
* Licensor for the purpose of discussing and improving the Work, but
* excluding communication that is conspicuously marked or otherwise
* designated in writing by the copyright owner as "Not a Contribution."
*
* "Contributor" shall mean Licensor and any individual or Legal Entity
* on behalf of whom a Contribution has been received by Licensor and
* subsequently incorporated within the Work.
*
* 2. Grant of Copyright License. Subject to the terms and conditions of
* this License, each Contributor hereby grants to You a perpetual,
* worldwide, non-exclusive, no-charge, royalty-free, irrevocable
* copyright license to reproduce, prepare Derivative Works of,
* publicly display, publicly perform, sublicense, and distribute the
* Work and such Derivative Works in Source or Object form.
*
* 3. Grant of Patent License. Subject to the terms and conditions of
* this License, each Contributor hereby grants to You a perpetual,
* worldwide, non-exclusive, no-charge, royalty-free, irrevocable
* (except as stated in this section) patent license to make, have made,
* use, offer to sell, sell, import, and otherwise transfer the Work,
* where such license applies only to those patent claims licensable
* by such Contributor that are necessarily infringed by their
* Contribution(s) alone or by combination of their Contribution(s)
* with the Work to which such Contribution(s) was submitted. If You
* institute patent litigation against any entity (including a
* cross-claim or counterclaim in a lawsuit) alleging that the Work
* or a Contribution incorporated within the Work constitutes direct
* or contributory patent infringement, then any patent licenses
* granted to You under this License for that Work shall terminate
* as of the date such litigation is filed.
*
* 4. Redistribution. You may reproduce and distribute copies of the
* Work or Derivative Works thereof in any medium, with or without
* modifications, and in Source or Object form, provided that You
* meet the following conditions:
*
* (a) You must give any other recipients of the Work or
* Derivative Works a copy of this License; and
*
* (b) You must cause any modified files to carry prominent notices
* stating that You changed the files; and
*
* (c) You must retain, in the Source form of any Derivative Works
* that You distribute, all copyright, patent, trademark, and
* attribution notices from the Source form of the Work,
* excluding those notices that do not pertain to any part of
* the Derivative Works; and
*
* (d) If the Work includes a "NOTICE" text file as part of its
* distribution, then any Derivative Works that You distribute must
* include a readable copy of the attribution notices contained
* within such NOTICE file, excluding those notices that do not
* pertain to any part of the Derivative Works, in at least one
* of the following places: within a NOTICE text file distributed
* as part of the Derivative Works; within the Source form or
* documentation, if provided along with the Derivative Works; or,
* within a display generated by the Derivative Works, if and
* wherever such third-party notices normally appear. The contents
* of the NOTICE file are for informational purposes only and
* do not modify the License. You may add Your own attribution
* notices within Derivative Works that You distribute, alongside
* or as an addendum to the NOTICE text from the Work, provided
* that such additional attribution notices cannot be construed
* as modifying the License.
*
* You may add Your own copyright statement to Your modifications and
* may provide additional or different license terms and conditions
* for use, reproduction, or distribution of Your modifications, or
* for any such Derivative Works as a whole, provided Your use,
* reproduction, and distribution of the Work otherwise complies with
* the conditions stated in this License.
*
* 5. Submission of Contributions. Unless You explicitly state otherwise,
* any Contribution intentionally submitted for inclusion in the Work
* by You to the Licensor shall be under the terms and conditions of
* this License, without any additional terms or conditions.
* Notwithstanding the above, nothing herein shall supersede or modify
* the terms of any separate license agreement you may have executed
* with Licensor regarding such Contributions.
*
* 6. Trademarks. This License does not grant permission to use the trade
* names, trademarks, service marks, or product names of the Licensor,
* except as required for reasonable and customary use in describing the
* origin of the Work and reproducing the content of the NOTICE file.
*
* 7. Disclaimer of Warranty. Unless required by applicable law or
* agreed to in writing, Licensor provides the Work (and each
* Contributor provides its Contributions) on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied, including, without limitation, any warranties or conditions
* of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
* PARTICULAR PURPOSE. You are solely responsible for determining the
* appropriateness of using or redistributing the Work and assume any
* risks associated with Your exercise of permissions under this License.
*
* 8. Limitation of Liability. In no event and under no legal theory,
* whether in tort (including negligence), contract, or otherwise,
* unless required by applicable law (such as deliberate and grossly
* negligent acts) or agreed to in writing, shall any Contributor be
* liable to You for damages, including any direct, indirect, special,
* incidental, or consequential damages of any character arising as a
* result of this License or out of the use or inability to use the
* Work (including but not limited to damages for loss of goodwill,
* work stoppage, computer failure or malfunction, or any and all
* other commercial damages or losses), even if such Contributor
* has been advised of the possibility of such damages.
*
* 9. Accepting Warranty or Additional Liability. While redistributing
* the Work or Derivative Works thereof, You may choose to offer,
* and charge a fee for, acceptance of support, warranty, indemnity,
* or other liability obligations and/or rights consistent with this
* License. However, in accepting such obligations, You may act only
* on Your own behalf and on Your sole responsibility, not on behalf
* of any other Contributor, and only if You agree to indemnify,
* defend, and hold each Contributor harmless for any liability
* incurred by, or claims asserted against, such Contributor by reason
* of your accepting any such warranty or additional liability.
*
* END OF TERMS AND CONDITIONS
*
* APPENDIX: How to apply the Apache License to your work.
*
* To apply the Apache License to your work, attach the following
* boilerplate notice, with the fields enclosed by brackets "{}"
* replaced with your own identifying information. (Don't include
* the brackets!) The text should be enclosed in the appropriate
* comment syntax for the file format. We also recommend that a
* file or class name and description of purpose be included on the
* same "printed page" as the copyright notice for easier
* identification within third-party archives.
*
* Copyright 2014 Edgar Espina
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jooby;
import com.google.common.io.BaseEncoding;
import static java.util.Objects.requireNonNull;
import javax.annotation.Nonnull;
import java.security.SecureRandom;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
/**
*
* Sessions are created on demand via: {@link Request#session()}.
*
*
*
* Sessions have a lot of uses cases but most commons are: auth, store information about current
* user, etc.
*
*
*
* A session attribute must be {@link String} or a primitive. Session doesn't allow to store
* arbitrary objects. It is a simple mechanism to store basic data.
*
*
* Session configuration
*
* No timeout
*
* There is no timeout for sessions from server perspective. By default, a session will expire when
* the user close the browser (a.k.a session cookie).
*
*
* Session store
*
* A {@link Session.Store} is responsible for saving session data. Sessions are kept in memory, by
* default using the {@link Session.Mem} store, which is useful for development, but wont scale well
* on production environments. An redis, memcached, ehcache store will be a better option.
*
*
* Store life-cycle
*
* Sessions are persisted every time a request exit, if they are dirty. A session get dirty if an
* attribute is added or removed from it.
*
*
* The session.saveInterval property indicates how frequently a session will be
* persisted (in millis).
*
*
* In short, a session is persisted when: 1) it is dirty; or 2) save interval has expired it.
*
*
* Cookie configuration
*
* Next session describe the most important options:
*
*
* max-age
*
* The session.cookie.maxAge sets the maximum age in seconds. A positive value
* indicates that the cookie will expire after that many seconds have passed. Note that the value is
* the maximum age when the cookie will expire, not the cookie's current age.
*
* A negative value means that the cookie is not stored persistently and will be deleted when the
* Web browser exits.
*
* Default maxAge is: -1.
*
*
*
* signed cookie
*
* If the application.secret property has been set, then the session cookie will be
* signed it with it.
*
*
* cookie's name
*
* The session.cookie.name indicates the name of the cookie that hold the session ID,
* by defaults: jooby.sid. Cookie's name can be explicitly set with
* {@link Cookie.Definition#name(String)} on {@link Session.Definition#cookie()}.
*
*
* @author edgar
* @since 0.1.0
*/
public interface Session {
/**
* Throw when session access is required but the session has been destroyed.\
*
* See {@link Session#destroy()}.
*/
class Destroyed extends RuntimeException {
public Destroyed() {
super("Session has been destroyed.");
}
}
/** Global/Shared id of cookie sessions. */
String COOKIE_SESSION = "cookieSession";
/**
* Hold session related configuration parameters.
*
* @author edgar
* @since 0.1.0
*/
class Definition {
/** Session store. */
private Object store;
/** Session cookie. */
private Cookie.Definition cookie;
/** Save interval. */
private Long saveInterval;
/**
* Creates a new session definition.
*
* @param store A session store.
*/
public Definition(final Class store) {
this.store = requireNonNull(store, "A session store is required.");
cookie = new Cookie.Definition();
}
/**
* Creates a new session definition with a client store.
*/
Definition() {
cookie = new Cookie.Definition();
}
/**
* Creates a new session definition.
*
* @param store A session store.
*/
public Definition(final Store store) {
this.store = requireNonNull(store, "A session store is required.");
cookie = new Cookie.Definition();
}
/**
* Indicates how frequently a no-dirty session should be persisted (in millis).
*
* @return A save interval that indicates how frequently no dirty session should be persisted.
*/
public Optional saveInterval() {
return Optional.ofNullable(saveInterval);
}
/**
* Set/override how frequently a no-dirty session should be persisted (in millis).
*
* @param saveInterval Save interval in millis or -1 for turning it off.
* @return This definition.
*/
public Definition saveInterval(final long saveInterval) {
this.saveInterval = saveInterval;
return this;
}
/**
* @return A session store instance or class.
*/
public Object store() {
return store;
}
/**
* @return Configure cookie session.
*/
public Cookie.Definition cookie() {
return cookie;
}
}
/**
* Read, save and delete sessions from a persistent storage.
*
* @author edgar
* @since 0.1.0
*/
interface Store {
/** Single secure random instance. */
SecureRandom rnd = new SecureRandom();
/**
* Get a session by ID (if any).
*
* @param builder A session builder.
* @return A session or null.
*/
Session get(Session.Builder builder);
/**
* Save/persist a session.
*
* @param session A session to be persisted.
*/
void save(Session session);
void create(final Session session);
/**
* Delete a session by ID.
*
* @param id A session ID.
*/
void delete(String id);
/**
* Generate a session ID.
*
* @return A unique session ID.
*/
default String generateID() {
byte[] bytes = new byte[30];
rnd.nextBytes(bytes);
return BaseEncoding.base64Url().encode(bytes);
}
}
/**
* A keep in memory session store.
*
* @author edgar
*/
class Mem implements Store {
private ConcurrentMap sessions = new ConcurrentHashMap();
@Override
public void create(final Session session) {
sessions.putIfAbsent(session.id(), session);
}
@Override
public void save(final Session session) {
sessions.put(session.id(), session);
}
@Override
public Session get(final Session.Builder builder) {
return sessions.get(builder.sessionId());
}
@Override
public void delete(final String id) {
sessions.remove(id);
}
}
/**
* Build or restore a session from a persistent storage.
*
* @author edgar
*/
interface Builder {
/**
* @return Session ID.
*/
String sessionId();
/**
* Set a session local attribute.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This builder.
*/
Builder set(final String name, final String value);
/**
* Set one ore more session local attributes.
*
* @param attributes Attributes to add.
* @return This builder.
*/
Builder set(final Map attributes);
/**
* Set session created date.
*
* @param createdAt Session created date.
* @return This builder.
*/
Builder createdAt(long createdAt);
/**
* Set session last accessed date.
*
* @param accessedAt Session last accessed date.
* @return This builder.
*/
Builder accessedAt(long accessedAt);
/**
* Set session last saved it date.
*
* @param savedAt Session last saved it date.
* @return This builder.
*/
Builder savedAt(final long savedAt);
/**
* Final step to build a new session.
*
* @return A session.
*/
Session build();
}
/**
* A session ID for server side sessions. Otherwise {@link #COOKIE_SESSION} for client side sessions.
*
* Session ID on client sessions doesn't make sense because resolution of session is done via
* cookie name.
*
* Another reason of not saving the session ID inside the cookie, is the cookie size (up to 4kb).
* If the session ID is persisted then users lost space to save business data.
*
* @return Session ID.
*/
@Nonnull
String id();
/**
* The time when this session was created, measured in milliseconds since midnight January 1, 1970
* GMT for server side sessions. Or -1 for client side sessions.
*
* @return The time when this session was created, measured in milliseconds since midnight January
* 1, 1970 GMT for server side sessions. Or -1 for client side sessions.
*/
long createdAt();
/**
* Last time the session was save it as epoch millis or -1 for client side sessions.
*
* @return Last time the session was save it as epoch millis or -1 for client side
* sessions.
*/
long savedAt();
/**
* The last time the client sent a request associated with this session, as the number of
* milliseconds since midnight January 1, 1970 GMT, and marked by the time the container
* received the request. Or -1 for client side sessions.
*
*
* Actions that your application takes, such as getting or setting a value associated with the
* session, do not affect the access time.
*
*
* @return Last time the client sent a request. Or -1 for client side sessions.
*/
long accessedAt();
/**
* The time when this session is going to expire, measured in milliseconds since midnight
* January 1, 1970 GMT. Or -1 for client side sessions.
*
* @return The time when this session is going to expire, measured in milliseconds since midnight
* January 1, 1970 GMT. Or -1 for client side sessions.
*/
long expiryAt();
/**
* Get a object from this session. If the object isn't found this method returns an empty
* optional.
*
* @param name Attribute's name.
* @return Value as mutant.
*/
@Nonnull
Mutant get(final String name);
/**
* @return An immutable copy of local attributes.
*/
@Nonnull
Map attributes();
/**
* Test if the var name exists inside the session local attributes.
*
* @param name A local var's name.
* @return True, for existing locals.
*/
boolean isSet(final String name);
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final byte value) {
return set(name, Byte.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final char value) {
return set(name, Character.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final boolean value) {
return set(name, Boolean.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final short value) {
return set(name, Short.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final int value) {
return set(name, Integer.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final long value) {
return set(name, Long.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final float value) {
return set(name, Float.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final double value) {
return set(name, Double.toString(value));
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
default Session set(final String name, final CharSequence value) {
return set(name, value.toString());
}
/**
* Set a session local using a the given name. If a local already exists, it will be replaced
* with the new value. Keep in mind that null values are NOT allowed.
*
* @param name Attribute's name.
* @param value Attribute's value.
* @return This session.
*/
@Nonnull
Session set(final String name, final String value);
/**
* Remove a local value (if any) from session locals.
*
* @param name Attribute's name.
* @return Existing value or empty optional.
*/
@Nonnull
Mutant unset(final String name);
/**
* Unset/remove all the session data.
*
* @return This session.
*/
@Nonnull
Session unset();
/**
* Invalidates this session then unset any objects bound to it. This is a noop if the session has
* been destroyed.
*/
void destroy();
/**
* True if the session was {@link #destroy()}.
*
* @return True if the session was {@link #destroy()}.
*/
boolean isDestroyed();
/**
* Assign a new ID to the existing session.
* @return This session.
*/
Session renewId();
}