diff --git a/README.md b/README.md index 4903433..42ef016 100755 --- a/README.md +++ b/README.md @@ -15,17 +15,20 @@ ## Instructions -* [Installation](#installation) -* [Basic Use](#basic-use) -* [Configuring Session Behavior](#configuring-session-behavior) -* [Working with Session Data](#working-with-session-data) -* [Loading and Saving Sessions](#loading-and-saving-sessions) -* [Configuring the Session Store](#configuring-the-session-store) -* [Using Custom Session Stores](#using-custom-session-stores) -* [Preventing Session Fixation](#preventing-session-fixation) -* [Multiple Sessions per Request](#multiple-sessions-per-request) -* [Enumerate All Sessions](#enumerate-all-sessions) -* [Compatibility](#compatibility) +- [SCS: HTTP Session Management for Go](#scs-http-session-management-for-go) + - [Features](#features) + - [Instructions](#instructions) + - [Installation](#installation) + - [Basic Use](#basic-use) + - [Configuring Session Behavior](#configuring-session-behavior) + - [Working with Session Data](#working-with-session-data) + - [Loading and Saving Sessions](#loading-and-saving-sessions) + - [Configuring the Session Store](#configuring-the-session-store) + - [Using Custom Session Stores](#using-custom-session-stores) + - [Using Custom Session Stores (with context.Context)](#using-custom-session-stores-with-contextcontext) + - [Multiple Sessions per Request](#multiple-sessions-per-request) + - [Enumerate All Sessions](#enumerate-all-sessions) + - [Compatibility](#compatibility) ### Installation @@ -164,7 +167,6 @@ The session stores currently included are shown in the table below. Please click | [pgxstore](https://github.com/alexedwards/scs/tree/master/pgxstore) | PostgreSQL based session store (using the [pgx](https://github.com/jackc/pgx) driver) | | [postgresstore](https://github.com/alexedwards/scs/tree/master/postgresstore) | PostgreSQL based session store (using the [pq](https://github.com/lib/pq) driver) | | [redisstore](https://github.com/alexedwards/scs/tree/master/redisstore) | Redis based session store | -| [rqlitestore](https://github.com/alexedwards/scs/tree/master/rqlitestore) | Rqlite based session store | | [sqlite3store](https://github.com/alexedwards/scs/tree/master/sqlite3store) | SQLite3 based session store | Custom session stores are also supported. Please [see here](#using-custom-session-stores) for more information. diff --git a/rqlitestore/README.md b/rqlitestore/README.md deleted file mode 100755 index 40f2134..0000000 --- a/rqlitestore/README.md +++ /dev/null @@ -1,99 +0,0 @@ -# rqlitestore - -A [rqlite](https://github.com/rqlite/gorqlite) based session store for [SCS](https://github.com/alexedwards/scs). - -## Setup - -You should have a working rqlite (SQLite3) database file containing a `sessions` table with the definition: - -```sql -CREATE TABLE sessions ( - token TEXT PRIMARY KEY, - data BLOB NOT NULL, - expiry REAL NOT NULL -); - -CREATE INDEX sessions_expiry_idx ON sessions(expiry); -``` - -## Example - -```go -package main - -import ( - "io" - "log" - "net/http" - - "github.com/alexedwards/scs/v2" - "github.com/alexedwards/scs/rqlitestore" - "github.com/rqlite/gorqlite" -) - -var sessionManager *scs.SessionManager - -func main() { - // Establish connection to rqlite. - conn, err := gorqlite.Open("http://host:4001/") - if err != nil { - log.Fatal(err) - } - defer conn.Close() - - // Initialize a new session manager and configure it to use rqlitestore as the session store. - sessionManager = scs.New() - sessionManager.Store = rqlitestore.New(conn) - - mux := http.NewServeMux() - mux.HandleFunc("/put", putHandler) - mux.HandleFunc("/get", getHandler) - - http.ListenAndServe(":4000", sessionManager.LoadAndSave(mux)) -} - -func putHandler(w http.ResponseWriter, r *http.Request) { - sessionManager.Put(r.Context(), "message", "Hello from a session!") -} - -func getHandler(w http.ResponseWriter, r *http.Request) { - msg := sessionManager.GetString(r.Context(), "message") - io.WriteString(w, msg) -} -``` - -## Expired Session Cleanup - -This package provides a background 'cleanup' goroutine to delete expired session data. This stops the database table from holding on to invalid sessions indefinitely and growing unnecessarily large. By default the cleanup runs every 5 minutes. You can change this by using the `NewWithCleanupInterval()` function to initialize your session store. For example: - -```go -// Run a cleanup every 30 minutes. -rqlitestore.NewWithCleanupInterval(conn, 30*time.Minute) - -// Disable the cleanup goroutine by setting the cleanup interval to zero. -rqlitestore.NewWithCleanupInterval(conn, 0) -``` - -### Terminating the Cleanup Goroutine - -It's rare that the cleanup goroutine needs to be terminated --- it is generally intended to be long-lived and run for the lifetime of your application. - -However, there may be occasions when your use of a session store instance is transient. A common example would be using it in a short-lived test function. In this scenario, the cleanup goroutine (which will run forever) will prevent the session store instance from being garbage collected even after the test function has finished. You can prevent this by either disabling the cleanup goroutine altogether (as described above) or by stopping it using the `StopCleanup()` method. For example: - -```go -func TestExample(t *testing.T) { - conn, err := gorqlite.Open("http://host:4001/") - if err != nil { - log.Fatal(err) - } - defer conn.Close() - - store := rqlitestore.New(conn) - defer store.StopCleanup() - - sessionManager = scs.New() - sessionManager.Store = store - - // Run test... -} -``` diff --git a/rqlitestore/go.mod b/rqlitestore/go.mod deleted file mode 100755 index e3aa5a1..0000000 --- a/rqlitestore/go.mod +++ /dev/null @@ -1,5 +0,0 @@ -module github.com/alexedwards/scs/rqlitestore - -go 1.16 - -require github.com/rqlite/gorqlite v0.0.0-20220201134517-1d67ddde3a7e diff --git a/rqlitestore/go.sum b/rqlitestore/go.sum deleted file mode 100644 index c22a3c5..0000000 --- a/rqlitestore/go.sum +++ /dev/null @@ -1,2 +0,0 @@ -github.com/rqlite/gorqlite v0.0.0-20220201134517-1d67ddde3a7e h1:qJHol5K1S6AqFAjK3LeWIfAUAGFsKgDxALBiXXWErMI= -github.com/rqlite/gorqlite v0.0.0-20220201134517-1d67ddde3a7e/go.mod h1:UW/gxgQwSePTvL1KA8QEHsXeYHP4xkoXgbDdN781p34= diff --git a/rqlitestore/rqlitestore.go b/rqlitestore/rqlitestore.go deleted file mode 100755 index 089d7bf..0000000 --- a/rqlitestore/rqlitestore.go +++ /dev/null @@ -1,164 +0,0 @@ -package rqlitestore - -import ( - "encoding/hex" - "fmt" - "log" - "time" - - "github.com/rqlite/gorqlite" -) - -// RqliteStore represents the session store. -type RqliteStore struct { - conn *gorqlite.Connection - stopCleanup chan bool -} - -// New returns a new RqliteStore instance, with a background cleanup goroutine -// that runs every 5 minutes to remove expired session data. -func New(conn gorqlite.Connection) *RqliteStore { - return NewWithCleanupInterval(conn, 5*time.Minute) -} - -// NewWithCleanupInterval returns a new RqliteStore instance. The cleanupInterval -// parameter controls how frequently expired session data is removed by the -// background cleanup goroutine. Setting it to 0 prevents the cleanup goroutine -// from running (i.e. expired sessions will not be removed). -func NewWithCleanupInterval(conn gorqlite.Connection, cleanupInterval time.Duration) *RqliteStore { - r := &RqliteStore{conn: &conn} - - if cleanupInterval > 0 { - go r.startCleanup(cleanupInterval) - } - - return r -} - -// Find returns the data for a given session token from the RqliteStore instance. -// If the session token is not found or is expired, the returned exists flag will -// be set to false. -func (r *RqliteStore) Find(token string) (b []byte, exists bool, err error) { - query := fmt.Sprintf("SELECT data FROM sessions WHERE token = '%s' AND julianday('now') < expiry", token) - row, err := r.conn.QueryOne(query) - if err != nil { - return nil, false, err - } - - for row.Next() { - var datax string - - err := row.Scan(&datax) - if err != nil { - return nil, false, err - } - - b, err = hex.DecodeString(datax) - if err != nil { - return nil, false, err - } - } - if row.NumRows() == 0 { - return nil, false, nil - } else if row.Err != nil { - return nil, false, row.Err - } - - return b, true, nil -} - -// Commit adds a session token and data to the RqliteStore instance with the -// given expiry time. If the session token already exists, then the data and expiry -// time are updated. -func (r *RqliteStore) Commit(token string, b []byte, expiry time.Time) error { - query := fmt.Sprintf("REPLACE INTO sessions (token, data, expiry) VALUES ('%s', '%x', julianday('%s'))", token, b, expiry.UTC().Format("2006-01-02T15:04:05.000")) - _, err := r.conn.WriteOne(query) - if err != nil { - return err - } - - return nil -} - -// Delete removes a session token and corresponding data from the RqliteStore -// instance. -func (r *RqliteStore) Delete(token string) error { - query := fmt.Sprintf("DELETE FROM sessions WHERE token = '%s'", token) - _, err := r.conn.WriteOne(query) - return err -} - -// All returns a map containing the token and data for all active (i.e. -// not expired) sessions in the RqliteStore instance. -func (r *RqliteStore) All() (map[string][]byte, error) { - rows, err := r.conn.QueryOne("SELECT token, data FROM sessions WHERE julianday('now') < expiry") - if err != nil { - return nil, err - } - - sessions := make(map[string][]byte) - - for rows.Next() { - var ( - token string - datax string - data []byte - ) - - err = rows.Scan(&token, &datax) - if err != nil { - return nil, err - } - - data, err = hex.DecodeString(datax) - if err != nil { - return nil, err - } - - sessions[token] = data - } - if rows.Err != nil { - return nil, rows.Err - } - - return sessions, nil -} - -func (r *RqliteStore) startCleanup(interval time.Duration) { - r.stopCleanup = make(chan bool) - ticker := time.NewTicker(interval) - - for { - select { - case <-ticker.C: - err := r.deleteExpired() - if err != nil { - log.Println(err) - } - case <-r.stopCleanup: - ticker.Stop() - return - } - } -} - -// StopCleanup terminates the background cleanup goroutine for the RqliteStore -// instance. It's rare to terminate this; generally RqliteStore instances and -// their cleanup goroutines are intended to be long-lived and run for the lifetime -// of your application. -// -// There may be occasions though when your use of the RqliteStore is transient. -// An example is creating a new RqliteStore instance in a test function. In this -// scenario, the cleanup goroutine (which will run forever) will prevent the -// RqliteStore object from being garbage collected even after the test function -// has finished. You can prevent this by manually calling StopCleanup. -func (r *RqliteStore) StopCleanup() { - if r.stopCleanup != nil { - r.stopCleanup <- true - } -} - -func (r *RqliteStore) deleteExpired() error { - _, err := r.conn.WriteOne("DELETE FROM sessions WHERE expiry < julianday('now')") - return err -} diff --git a/rqlitestore/rqlitestore_test.go b/rqlitestore/rqlitestore_test.go deleted file mode 100755 index f37ade1..0000000 --- a/rqlitestore/rqlitestore_test.go +++ /dev/null @@ -1,387 +0,0 @@ -package rqlitestore - -import ( - "bytes" - "encoding/hex" - "fmt" - "log" - "os" - "reflect" - "testing" - "time" - - "github.com/rqlite/gorqlite" -) - -func openConnection() (*gorqlite.Connection, error) { - dsn := os.Getenv("SCS_RQLITE_TEST_DSN") - conn, err := gorqlite.Open(dsn) - if err != nil { - return nil, err - } - - _, err = conn.WriteOne("DROP TABLE IF EXISTS sessions") - if err != nil { - return nil, err - } - - _, err = conn.WriteOne("CREATE TABLE sessions (token TEXT PRIMARY KEY, data BLOB NOT NULL, expiry REAL NOT NULL)") - if err != nil { - return nil, err - } - - _, err = conn.WriteOne("CREATE INDEX sessions_expiry_idx ON sessions(expiry)") - if err != nil { - return nil, err - } - - return &conn, nil -} - -func TestFind(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - query := fmt.Sprintf("INSERT INTO sessions VALUES('%s', '%x', datetime(current_timestamp, '+1 minute'))", "session_token", "encoded_data") - _, err = conn.WriteOne(query) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - b, found, err := r.Find("session_token") - if err != nil { - t.Fatal(err) - } - if found != true { - t.Fatalf("got %v: expected %v", found, true) - } - if bytes.Equal(b, []byte("encoded_data")) == false { - t.Fatalf("got %v: expected %v", b, []byte("encoded_data")) - } -} - -func TestFindMissing(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - query := fmt.Sprintf("INSERT INTO sessions VALUES('%s', '%x', datetime(current_timestamp, '+1 minute'))", "session_token", "encoded_data") - _, err = conn.WriteOne(query) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - _, found, err := r.Find("missing_session_token") - if err != nil { - t.Fatalf("got %v: expected %v", err, nil) - } - if found != false { - t.Fatalf("got %v: expected %v", found, false) - } -} - -func TestSaveNew(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - err = r.Commit("session_token", []byte("encoded_data"), time.Now().Add(time.Minute)) - if err != nil { - t.Fatal(err) - } - - row, err := conn.QueryOne("SELECT data FROM sessions WHERE token = 'session_token'") - if err != nil { - t.Fatal(err) - } - - var data []byte - - for row.Next() { - var datax string - - err := row.Scan(&datax) - if err != nil { - t.Fatal(err) - } - - data, err = hex.DecodeString(datax) - if err != nil { - t.Fatal(err) - } - } - - if reflect.DeepEqual(data, []byte("encoded_data")) == false { - t.Fatalf("got %v: expected %v", data, []byte("encoded_data")) - } -} - -func TestSaveUpdated(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - query := fmt.Sprintf("INSERT INTO sessions VALUES('%s', '%x', datetime(current_timestamp, '+1 minute'))", "session_token", "encoded_data") - _, err = conn.WriteOne(query) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - err = r.Commit("session_token", []byte("new_encoded_data"), time.Now().Add(time.Minute)) - if err != nil { - t.Fatal(err) - } - - row, err := conn.QueryOne("SELECT data FROM sessions WHERE token = 'session_token'") - if err != nil { - t.Fatal(err) - } - - var data []byte - - for row.Next() { - var datax string - - err := row.Scan(&datax) - if err != nil { - t.Fatal(err) - } - - data, err = hex.DecodeString(datax) - if err != nil { - t.Fatal(err) - } - } - - if reflect.DeepEqual(data, []byte("new_encoded_data")) == false { - t.Fatalf("got %v: expected %v", data, []byte("new_encoded_data")) - } -} - -func TestExpiry(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - err = r.Commit("session_token", []byte("encoded_data"), time.Now().Add(1*time.Second)) - if err != nil { - t.Fatal(err) - } - - _, found, _ := r.Find("session_token") - if found != true { - t.Fatalf("got %v: expected %v", found, true) - } - - time.Sleep(2 * time.Second) - - _, found, _ = r.Find("session_token") - if found != false { - t.Fatalf("got %v: expected %v", found, false) - } -} - -func TestDelete(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - query := fmt.Sprintf("INSERT INTO sessions VALUES('%s', '%x', datetime(current_timestamp, '+1 minute'))", "session_token", "encoded_data") - _, err = conn.WriteOne(query) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - err = r.Delete("session_token") - if err != nil { - t.Fatal(err) - } - - row, err := conn.QueryOne("SELECT COUNT(*) FROM sessions WHERE token = 'session_token'") - if err != nil { - t.Fatal(err) - } - - var count int64 - - for row.Next() { - err := row.Scan(&count) - if err != nil { - t.Fatal(err) - } - } - - if count != 0 { - t.Fatalf("got %d: expected %d", count, 0) - } -} - -func TestAll(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - log.Println(err) - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 0) - - setSessions := make(map[string][]byte) - for i := 0; i < 5; i++ { - key := fmt.Sprintf("session_token_%v", i) - val := []byte(fmt.Sprintf("encoded_data_%v", i)) - - query := fmt.Sprintf("INSERT INTO sessions VALUES('%s', '%x', datetime(current_timestamp, '+1 minute'))", key, val) - _, err = conn.WriteOne(query) - if err != nil { - t.Fatal(err) - } - - setSessions[key] = val - } - - gotSessions, err := r.All() - if err != nil { - t.Fatal(err) - } - - if reflect.DeepEqual(setSessions, gotSessions) == false { - t.Fatalf("got %v: expected %v", gotSessions, setSessions) - } -} - -func TestCleanup(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - _, err = conn.WriteOne("DELETE FROM sessions") - if err != nil { - t.Fatal(err) - } - - r := NewWithCleanupInterval(*conn, 2*time.Second) - defer r.StopCleanup() - - err = r.Commit("session_token", []byte("encoded_data"), time.Now().Add(1*time.Second)) - if err != nil { - t.Fatal(err) - } - - row, err := conn.QueryOne("SELECT COUNT(*) FROM sessions WHERE token = 'session_token'") - if err != nil { - t.Fatal(err) - } - - var count int64 - - for row.Next() { - err := row.Scan(&count) - if err != nil { - t.Fatal(err) - } - } - - if count != 1 { - t.Fatalf("got %d: expected %d", count, 1) - } - - time.Sleep(3 * time.Second) - - row, err = conn.QueryOne("SELECT COUNT(*) FROM sessions WHERE token = 'session_token'") - if err != nil { - t.Fatal(err) - } - - for row.Next() { - err := row.Scan(&count) - if err != nil { - t.Fatal(err) - } - } - - if count != 0 { - t.Fatalf("got %d: expected %d", count, 0) - } -} - -func TestStopNilCleanup(t *testing.T) { - conn, err := openConnection() - if err != nil { - t.Fatal(err) - } - defer conn.Close() - - r := NewWithCleanupInterval(*conn, 0) - time.Sleep(1 * time.Second) - // A send to a nil channel will block forever - r.StopCleanup() -}