-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make Camping::Session use Rack::Session::Cookie, this involves more c…
- Loading branch information
Showing
4 changed files
with
36 additions
and
217 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,75 +1,26 @@ | ||
# == About camping/session.rb | ||
# TODO: Clean everything up. Lots of just plain wrong stuff in here. | ||
# | ||
# This file contains two modules which supply basic sessioning to your Camping app. | ||
# Again, we're dealing with a pretty little bit of code: approx. 60 lines. | ||
# | ||
# * Camping::Models::Session is a module which adds a single <tt>sessions</tt> table | ||
# to your database. | ||
# * Camping::Session is a module which you will mix into your application (or into | ||
# specific controllers which require sessions) to supply a <tt>@state</tt> variable | ||
# you can use in controllers and views. | ||
# | ||
# For a basic tutorial, see the *Getting Started* section of the Camping::Session module. | ||
#require 'camping' | ||
require 'base64' | ||
require 'openssl' | ||
|
||
module Camping | ||
# The Camping::Session module is designed to be mixed into your application or into specific | ||
# controllers which require sessions. This module defines a <tt>service</tt> method which | ||
# intercepts all requests handed to those controllers. | ||
# | ||
# == Getting Started | ||
# | ||
# To get sessions working for your application: | ||
# | ||
# 1. <tt>require 'camping/session'</tt> | ||
# 2. Mixin the module: <tt>module YourApp; include Camping::Session end</tt> | ||
# 3. Define a secret (and keep it secret): <tt>module YourApp; @@state_secret = "SECRET!"; end</tt> | ||
# 4. Throughout your application, use the <tt>@state</tt> var like a hash to store your application's data. | ||
# | ||
# == A Few Notes | ||
# | ||
# * The session is stored in a cookie. Look in <tt>@cookies.identity</tt>. | ||
# * Session data is only saved if it has changed. | ||
module Session | ||
DIGEST = OpenSSL::Digest::SHA1.new | ||
# This <tt>service</tt> method, when mixed into controllers, intercepts requests | ||
# and wraps them with code to start and close the session. If a session isn't found | ||
# in the cookie it is created. The <tt>@state</tt> variable is set and if it changes, | ||
# it is saved back into the cookie. | ||
def service(*a) | ||
@session_blob = @input.camping_blob || @cookies.camping_blob | ||
@session_hash = @input.camping_hash || @cookies.camping_hash | ||
decoded_blob, data = '', {} | ||
begin | ||
if @session_blob && @session_hash && secure_blob_hasher(@session_blob) == @session_hash | ||
decoded_blob = Base64.decode64(@session_blob) | ||
data = Marshal.restore(decoded_blob) | ||
end | ||
|
||
app = C.name | ||
@state = (data[app] ||= Camping::H[]) | ||
hash_before = decoded_blob.hash | ||
return super(*a) | ||
ensure | ||
data[app] = @state | ||
decoded_blob = Marshal.dump(data) | ||
unless hash_before == decoded_blob.hash | ||
@session_blob = Base64.encode64(decoded_blob).gsub("\n", '').strip | ||
@session_hash = secure_blob_hasher(@session_blob) | ||
raise "The session contains to much data" if @session_blob.length > 4096 | ||
@cookies.camping_blob = @session_blob | ||
@cookies.camping_hash = @session_hash | ||
end | ||
end | ||
# == Getting Started | ||
# | ||
# To get sessions working for your application: | ||
# 1. <tt>require 'camping/session'</tt> | ||
# 2. Mixin the module: <tt>include Camping::Session</tt> | ||
# 3. Define a secret (and keep it secret): <tt>secret "SECRET!"</tt> | ||
# 4. Throughout your application, use the <tt>@state</tt> var like a hash | ||
# to store your application's data. | ||
# | ||
# require 'camping/session' # 1 | ||
# | ||
# module MyApp | ||
# include Camping::Session # 2 | ||
# secret "Oh yeah!" # 3 | ||
# end | ||
module Session | ||
def self.included(app) | ||
key = "#{app}.state".downcase | ||
secret = [__FILE__, File.mtime(__FILE__)].join(":") | ||
|
||
app.meta_def(:secret) { |val| secret.replace(val) } | ||
app.use Rack::Session::Cookie, :key => key, :secret => secret | ||
end | ||
|
||
def secure_blob_hasher(data) | ||
OpenSSL::HMAC.hexdigest(DIGEST, state_secret, "#{@env.REMOTE_ADDR}#{data}") | ||
end | ||
|
||
def state_secret; [__FILE__, File.mtime(__FILE__)].join(":") end | ||
end | ||
end | ||
end | ||
end |