[catagits/Web-Session.git] / lib / Plack / Session / State.pm

package Plack::Session::State;
use strict;
use warnings;

our $VERSION   = '0.03';
our $AUTHORITY = 'cpan:STEVAN';

use Digest::SHA1 ();

use Plack::Util::Accessor qw[
    session_key
    sid_generator
    sid_validator
];

sub new {
    my ($class, %params) = @_;

    $params{'_expired'}      ||= +{};
    $params{'session_key'}   ||= 'plack_session';
    $params{'sid_generator'} ||= sub {
        Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
    };
    $params{'sid_validator'} ||= qr/\A[0-9a-f]{40}\Z/;

    bless { %params } => $class;
}

sub expire_session_id {
    my ($self, $id) = @_;
    $self->{'_expired'}->{ $id }++;
}

sub is_session_expired {
    my ($self, $id) = @_;
    exists $self->{'_expired'}->{ $id }
}

sub check_expired {
    my ($self, $id) = @_;
    return if $self->is_session_expired( $id );
    return $id;
}

sub validate_session_id {
    my ($self, $id) = @_;
    $id =~ $self->sid_validator;
}

sub get_session_id {
    my ($self, $request) = @_;
    return $request->param( $self->session_key );
}

sub extract {
    my ($self, $request) = @_;

    my $id = $self->get_session_id( $request );
    return unless defined $id;

    $self->validate_session_id( $id )
        &&
    $self->check_expired( $id );
}

sub generate {
    my $self = shift;
    $self->sid_generator->( @_ );
}


sub finalize {
    my ($self, $id, $response) = @_;
    ();
}

1;

__END__

=pod

=head1 NAME

Plack::Session::State - Basic parameter-based session state

=head1 SYNOPSIS

  use Plack::Builder;
  use Plack::Middleware::Session;
  use Plack::Session::State;

  my $app = sub {
      return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
  };

  builder {
      enable 'Session',
          state => Plack::Session::State->new;
      $app;
  };

=head1 DESCRIPTION

This will maintain session state by passing the session through
the request params. It does not do this automatically though,
you are responsible for passing the session param.

This should be considered the state "base" class (although
subclassing is not a requirement) and defines the spec for
all B<Plack::Session::State::*> modules. You will only
need to override a couple methods if you do subclass. See
L<Plack::Session::State::Cookie> for an example of this.

=head1 METHODS

=over 4

=item B<new ( %params )>

The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
however in both cases a default will be provided for you.

=item B<session_key>

This is the name of the session key, it default to 'plack_session'.

=item B<sid_generator>

This is a CODE ref used to generate unique session ids, by default
it will generate a SHA1 using fairly sufficient entropy. If you are
concerned or interested, just read the source.

=item B<sid_validator>

This is a regex used to validate requested session id.

=back

=head2 Session ID Managment

=over 4

=item B<get_session_id ( $request )>

This is the method used to extract the session id from a C<$request>.
Subclasses will often only need to override this method and the
C<finalize> method.

=item B<validate_session_id ( $session_id )>

This will use the C<sid_validator> regex and confirm that the
C<$session_id> is valid.

=item B<extract ( $request )>

This will attempt to extract the session from a C<$request> by looking
for the C<session_key> in the C<$request> params. It will then check to
see if the session is valid and that it has not expired. It will return
the session id if everything is good or undef otherwise. The C<$request>
is expected to be a L<Plack::Request> instance or an object with an
equivalent interface.

=item B<generate ( $request )>

This will generate a new session id using the C<sid_generator> callback.
The C<$request> argument is not used by this method but is there for
use by subclasses. The C<$request> is expected to be a L<Plack::Request>
instance or an object with an equivalent interface.

=item B<finalize ( $session_id, $response )>

Given a C<$session_id> and a C<$response> this will perform any
finalization nessecary to preserve state. This method is called by
the L<Plack::Session> C<finalize> method. The C<$response> is expected
to be a L<Plack::Response> instance or an object with an equivalent
interface.

=back

=head2 Session Expiration Handling

=over 4

=item B<expire_session_id ( $id )>

This will mark the session for C<$id> as expired. This method is called
by the L<Plack::Session> C<expire> method.

=item B<is_session_expired ( $id )>

This will check to see if the session C<$id> has been marked as
expired.

=item B<check_expired ( $id )>

Given an session C<$id> this will return C<undef> if the session is
expired or return the C<$id> if it is not.

=back

=head1 BUGS

All complex software has bugs lurking in it, and this module is no
exception. If you find a bug please either email me, or add the bug
to cpan-RT.

=head1 AUTHOR

Stevan Little E<lt>stevan.little@iinteractive.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright 2009, 2010 Infinity Interactive, Inc.

L<http://www.iinteractive.com>

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut
Commit	Line	Data
06190e8b	1	package Plack::Session::State;
	2	use strict;
	3	use warnings;
	4
000c696e	5	our $VERSION = '0.03';
30cc0a71	6	our $AUTHORITY = 'cpan:STEVAN';
30cc0a71	7
3b4205cd	8	use Digest::SHA1 ();
3b4205cd	9
ac4892f4	10	use Plack::Util::Accessor qw[
	11	session_key
	12	sid_generator
6a695f07	13	sid_validator
ac4892f4	14	];
06190e8b	15
	16	sub new {
	17	my ($class, %params) = @_;
ac4892f4	18
	19	$params{'_expired'} \|\|= +{};
	20	$params{'session_key'} \|\|= 'plack_session';
	21	$params{'sid_generator'} \|\|= sub {
ac4892f4	22	Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
ac4892f4	23	};
6a695f07	24	$params{'sid_validator'} \|\|= qr/\A[0-9a-f]{40}\Z/;
ac4892f4	25
ac4892f4	26	bless { %params } => $class;
06190e8b	27	}
	28
	29	sub expire_session_id {
	30	my ($self, $id) = @_;
ac4892f4	31	$self->{'_expired'}->{ $id }++;
06190e8b	32	}
06190e8b	33
05b5f99d	34	sub is_session_expired {
	35	my ($self, $id) = @_;
	36	exists $self->{'_expired'}->{ $id }
	37	}
	38
bd992981	39	sub check_expired {
bd992981	40	my ($self, $id) = @_;
ae35574f	41	return if $self->is_session_expired( $id );
06190e8b	42	return $id;
	43	}
	44
ae35574f	45	sub validate_session_id {
	46	my ($self, $id) = @_;
	47	$id =~ $self->sid_validator;
56b9910a	48	}
56b9910a	49
06190e8b	50	sub get_session_id {
06190e8b	51	my ($self, $request) = @_;
4a0cb5a0	52	return $request->param( $self->session_key );
56b9910a	53	}
56b9910a	54
bd992981	55	sub extract {
bd992981	56	my ($self, $request) = @_;
56b9910a	57
4a0cb5a0	58	my $id = $self->get_session_id( $request );
ae35574f	59	return unless defined $id;
	60
	61	$self->validate_session_id( $id )
	62	&&
	63	$self->check_expired( $id );
bd992981	64	}
bd992981	65
fe1bfe7d	66	sub generate {
fe1bfe7d	67	my $self = shift;
ac4892f4	68	$self->sid_generator->( @_ );
bd992981	69	}
bd992981	70
fe1bfe7d	71
bd992981	72	sub finalize {
	73	my ($self, $id, $response) = @_;
	74	();
06190e8b	75	}
06190e8b	76
fe1bfe7d	77	1;
ac4892f4	78
	79	__END__
	80
	81	=pod
	82
	83	=head1 NAME
	84
	85	Plack::Session::State - Basic parameter-based session state
	86
3d92cf47	87	=head1 SYNOPSIS
	88
	89	use Plack::Builder;
	90	use Plack::Middleware::Session;
	91	use Plack::Session::State;
	92
	93	my $app = sub {
	94	return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
	95	};
	96
	97	builder {
	98	enable 'Session',
	99	state => Plack::Session::State->new;
	100	$app;
	101	};
	102
ac4892f4	103	=head1 DESCRIPTION
ac4892f4	104
3d92cf47	105	This will maintain session state by passing the session through
	106	the request params. It does not do this automatically though,
	107	you are responsible for passing the session param.
	108
	109	This should be considered the state "base" class (although
	110	subclassing is not a requirement) and defines the spec for
	111	all B<Plack::Session::State::*> modules. You will only
	112	need to override a couple methods if you do subclass. See
	113	L<Plack::Session::State::Cookie> for an example of this.
	114
ac4892f4	115	=head1 METHODS
	116
	117	=over 4
	118
	119	=item B<new ( %params )>
	120
56b9910a	121	The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
3d92cf47	122	however in both cases a default will be provided for you.
3d92cf47	123
ac4892f4	124	=item B<session_key>
ac4892f4	125
43f34c01	126	This is the name of the session key, it default to 'plack_session'.
43f34c01	127
ac4892f4	128	=item B<sid_generator>
ac4892f4	129
3d92cf47	130	This is a CODE ref used to generate unique session ids, by default
	131	it will generate a SHA1 using fairly sufficient entropy. If you are
	132	concerned or interested, just read the source.
43f34c01	133
6a695f07	134	=item B<sid_validator>
56b9910a	135
ae35574f	136	This is a regex used to validate requested session id.
56b9910a	137
ac4892f4	138	=back
ac4892f4	139
43f34c01	140	=head2 Session ID Managment
43f34c01	141
ac4892f4	142	=over 4
	143
	144	=item B<get_session_id ( $request )>
	145
ae35574f	146	This is the method used to extract the session id from a C<$request>.
	147	Subclasses will often only need to override this method and the
	148	C<finalize> method.
	149
	150	=item B<validate_session_id ( $session_id )>
	151
	152	This will use the C<sid_validator> regex and confirm that the
	153	C<$session_id> is valid.
6a695f07	154
ac4892f4	155	=item B<extract ( $request )>
ac4892f4	156
43f34c01	157	This will attempt to extract the session from a C<$request> by looking
43f34c01	158	for the C<session_key> in the C<$request> params. It will then check to
a45f272f	159	see if the session is valid and that it has not expired. It will return
	160	the session id if everything is good or undef otherwise. The C<$request>
	161	is expected to be a L<Plack::Request> instance or an object with an
	162	equivalent interface.
43f34c01	163
ac4892f4	164	=item B<generate ( $request )>
ac4892f4	165
43f34c01	166	This will generate a new session id using the C<sid_generator> callback.
	167	The C<$request> argument is not used by this method but is there for
	168	use by subclasses. The C<$request> is expected to be a L<Plack::Request>
	169	instance or an object with an equivalent interface.
	170
ac4892f4	171	=item B<finalize ( $session_id, $response )>
ac4892f4	172
43f34c01	173	Given a C<$session_id> and a C<$response> this will perform any
	174	finalization nessecary to preserve state. This method is called by
	175	the L<Plack::Session> C<finalize> method. The C<$response> is expected
	176	to be a L<Plack::Response> instance or an object with an equivalent
	177	interface.
	178
ac4892f4	179	=back
ac4892f4	180
43f34c01	181	=head2 Session Expiration Handling
43f34c01	182
ac4892f4	183	=over 4
	184
	185	=item B<expire_session_id ( $id )>
	186
43f34c01	187	This will mark the session for C<$id> as expired. This method is called
	188	by the L<Plack::Session> C<expire> method.
	189
	190	=item B<is_session_expired ( $id )>
	191
	192	This will check to see if the session C<$id> has been marked as
	193	expired.
	194
ac4892f4	195	=item B<check_expired ( $id )>
ac4892f4	196
43f34c01	197	Given an session C<$id> this will return C<undef> if the session is
	198	expired or return the C<$id> if it is not.
	199
ac4892f4	200	=back
	201
	202	=head1 BUGS
	203
	204	All complex software has bugs lurking in it, and this module is no
	205	exception. If you find a bug please either email me, or add the bug
	206	to cpan-RT.
	207
	208	=head1 AUTHOR
	209
	210	Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
	211
	212	=head1 COPYRIGHT AND LICENSE
	213
000c696e	214	Copyright 2009, 2010 Infinity Interactive, Inc.
ac4892f4	215
	216	L<http://www.iinteractive.com>
	217
	218	This library is free software; you can redistribute it and/or modify
	219	it under the same terms as Perl itself.
	220
	221	=cut
	222
	223