[catagits/Web-Session.git] / lib / Plack / Session / State.pm

package Plack::Session::State;
use strict;
use warnings;

use Digest::SHA1 ();

use Plack::Util::Accessor qw[
    session_key
    sid_generator
    sid_checker
];

sub new {
    my ($class, %params) = @_;

    $params{'_expired'}      ||= +{};
    $params{'session_key'}   ||= 'plack_session';
    $params{'sid_generator'} ||= sub {
        Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
    };
    $params{'sid_checker'} ||= qr/\A[0-9a-f]{40}\Z/;

    bless { %params } => $class;
}

sub expire_session_id {
    my ($self, $id) = @_;
    $self->{'_expired'}->{ $id }++;
}

sub is_session_expired {
    my ($self, $id) = @_;
    exists $self->{'_expired'}->{ $id }
}

sub check_expired {
    my ($self, $id) = @_;
    return unless $id && not $self->is_session_expired( $id );
    return $id;
}

sub check_request_session_id {
    my ($self, $request) = @_;

    my $reqest_session_id = $self->get_request_session_id($request);
    my $sid_checker = $self->sid_checker;

    defined $reqest_session_id && $reqest_session_id =~ m{$sid_checker};
}

sub get_session_id {
    my ($self, $request) = @_;
    (
        $self->check_request_session_id($request)
        &&
        $self->extract( $request )
    )
        ||
    $self->generate( $request )
}

sub get_request_session_id {
    my ($self, $request ) = @_;

    $request->param( $self->session_key );
}

sub extract {
    my ($self, $request) = @_;

    $self->check_expired( $self->get_request_session_id($request) );
}

sub generate {
    my $self = shift;
    $self->sid_generator->( @_ );
}


sub finalize {
    my ($self, $id, $response) = @_;
    ();
}

1;

__END__

=pod

=head1 NAME

Plack::Session::State - Basic parameter-based session state

=head1 SYNOPSIS

  use Plack::Builder;
  use Plack::Middleware::Session;
  use Plack::Session::State;

  my $app = sub {
      return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
  };

  builder {
      enable 'Session',
          state => Plack::Session::State->new;
      $app;
  };

=head1 DESCRIPTION

This will maintain session state by passing the session through
the request params. It does not do this automatically though,
you are responsible for passing the session param.

This should be considered the state "base" class (although
subclassing is not a requirement) and defines the spec for
all B<Plack::Session::State::*> modules. You will only
need to override a couple methods if you do subclass. See
L<Plack::Session::State::Cookie> for an example of this.

=head1 METHODS

=over 4

=item B<new ( %params )>

The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
however in both cases a default will be provided for you.

=item B<session_key>

This is the name of the session key, it default to 'plack_session'.

=item B<sid_generator>

This is a CODE ref used to generate unique session ids, by default
it will generate a SHA1 using fairly sufficient entropy. If you are
concerned or interested, just read the source.

=item B<sid_checker>

This is a regex used to check requested session id,

=back

=head2 Session ID Managment

=over 4

=item B<get_session_id ( $request )>

Given a C<$request> this will first attempt to extract the session,
if the is expired or does not exist, it will then generate a new
session. The C<$request> is expected to be a L<Plack::Request> instance
or an object with an equivalent interface.

=item B<extract ( $request )>

This will attempt to extract the session from a C<$request> by looking
for the C<session_key> in the C<$request> params. It will then check to
see if the session has expired and return the session id if it is not.
The C<$request> is expected to be a L<Plack::Request> instance or an
object with an equivalent interface.

=item B<generate ( $request )>

This will generate a new session id using the C<sid_generator> callback.
The C<$request> argument is not used by this method but is there for
use by subclasses. The C<$request> is expected to be a L<Plack::Request>
instance or an object with an equivalent interface.

=item B<finalize ( $session_id, $response )>

Given a C<$session_id> and a C<$response> this will perform any
finalization nessecary to preserve state. This method is called by
the L<Plack::Session> C<finalize> method. The C<$response> is expected
to be a L<Plack::Response> instance or an object with an equivalent
interface.

=back

=head2 Session Expiration Handling

=over 4

=item B<expire_session_id ( $id )>

This will mark the session for C<$id> as expired. This method is called
by the L<Plack::Session> C<expire> method.

=item B<is_session_expired ( $id )>

This will check to see if the session C<$id> has been marked as
expired.

=item B<check_expired ( $id )>

Given an session C<$id> this will return C<undef> if the session is
expired or return the C<$id> if it is not.

=back

=head1 BUGS

All complex software has bugs lurking in it, and this module is no
exception. If you find a bug please either email me, or add the bug
to cpan-RT.

=head1 AUTHOR

Stevan Little E<lt>stevan.little@iinteractive.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright 2009 Infinity Interactive, Inc.

L<http://www.iinteractive.com>

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut
Commit	Line	Data
06190e8b	1	package Plack::Session::State;
	2	use strict;
	3	use warnings;
	4
3b4205cd	5	use Digest::SHA1 ();
3b4205cd	6
ac4892f4	7	use Plack::Util::Accessor qw[
	8	session_key
	9	sid_generator
56b9910a	10	sid_checker
ac4892f4	11	];
06190e8b	12
	13	sub new {
	14	my ($class, %params) = @_;
ac4892f4	15
	16	$params{'_expired'} \|\|= +{};
	17	$params{'session_key'} \|\|= 'plack_session';
	18	$params{'sid_generator'} \|\|= sub {
ac4892f4	19	Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
ac4892f4	20	};
56b9910a	21	$params{'sid_checker'} \|\|= qr/\A[0-9a-f]{40}\Z/;
ac4892f4	22
ac4892f4	23	bless { %params } => $class;
06190e8b	24	}
	25
	26	sub expire_session_id {
	27	my ($self, $id) = @_;
ac4892f4	28	$self->{'_expired'}->{ $id }++;
06190e8b	29	}
06190e8b	30
05b5f99d	31	sub is_session_expired {
	32	my ($self, $id) = @_;
	33	exists $self->{'_expired'}->{ $id }
	34	}
	35
bd992981	36	sub check_expired {
bd992981	37	my ($self, $id) = @_;
05b5f99d	38	return unless $id && not $self->is_session_expired( $id );
06190e8b	39	return $id;
	40	}
	41
56b9910a	42	sub check_request_session_id {
	43	my ($self, $request) = @_;
	44
	45	my $reqest_session_id = $self->get_request_session_id($request);
	46	my $sid_checker = $self->sid_checker;
	47
	48	defined $reqest_session_id && $reqest_session_id =~ m{$sid_checker};
	49	}
	50
06190e8b	51	sub get_session_id {
06190e8b	52	my ($self, $request) = @_;
56b9910a	53	(
	54	$self->check_request_session_id($request)
	55	&&
	56	$self->extract( $request )
	57	)
06190e8b	58	\|\|
bd992981	59	$self->generate( $request )
	60	}
	61
56b9910a	62	sub get_request_session_id {
	63	my ($self, $request ) = @_;
	64
	65	$request->param( $self->session_key );
	66	}
	67
bd992981	68	sub extract {
bd992981	69	my ($self, $request) = @_;
56b9910a	70
56b9910a	71	$self->check_expired( $self->get_request_session_id($request) );
bd992981	72	}
bd992981	73
fe1bfe7d	74	sub generate {
fe1bfe7d	75	my $self = shift;
ac4892f4	76	$self->sid_generator->( @_ );
bd992981	77	}
bd992981	78
fe1bfe7d	79
bd992981	80	sub finalize {
	81	my ($self, $id, $response) = @_;
	82	();
06190e8b	83	}
06190e8b	84
fe1bfe7d	85	1;
ac4892f4	86
	87	__END__
	88
	89	=pod
	90
	91	=head1 NAME
	92
	93	Plack::Session::State - Basic parameter-based session state
	94
3d92cf47	95	=head1 SYNOPSIS
	96
	97	use Plack::Builder;
	98	use Plack::Middleware::Session;
	99	use Plack::Session::State;
	100
	101	my $app = sub {
	102	return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
	103	};
	104
	105	builder {
	106	enable 'Session',
	107	state => Plack::Session::State->new;
	108	$app;
	109	};
	110
ac4892f4	111	=head1 DESCRIPTION
ac4892f4	112
3d92cf47	113	This will maintain session state by passing the session through
	114	the request params. It does not do this automatically though,
	115	you are responsible for passing the session param.
	116
	117	This should be considered the state "base" class (although
	118	subclassing is not a requirement) and defines the spec for
	119	all B<Plack::Session::State::*> modules. You will only
	120	need to override a couple methods if you do subclass. See
	121	L<Plack::Session::State::Cookie> for an example of this.
	122
ac4892f4	123	=head1 METHODS
	124
	125	=over 4
	126
	127	=item B<new ( %params )>
	128
56b9910a	129	The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
3d92cf47	130	however in both cases a default will be provided for you.
3d92cf47	131
ac4892f4	132	=item B<session_key>
ac4892f4	133
43f34c01	134	This is the name of the session key, it default to 'plack_session'.
43f34c01	135
ac4892f4	136	=item B<sid_generator>
ac4892f4	137
3d92cf47	138	This is a CODE ref used to generate unique session ids, by default
	139	it will generate a SHA1 using fairly sufficient entropy. If you are
	140	concerned or interested, just read the source.
43f34c01	141
56b9910a	142	=item B<sid_checker>
	143
	144	This is a regex used to check requested session id,
	145
ac4892f4	146	=back
ac4892f4	147
43f34c01	148	=head2 Session ID Managment
43f34c01	149
ac4892f4	150	=over 4
	151
	152	=item B<get_session_id ( $request )>
	153
43f34c01	154	Given a C<$request> this will first attempt to extract the session,
	155	if the is expired or does not exist, it will then generate a new
	156	session. The C<$request> is expected to be a L<Plack::Request> instance
	157	or an object with an equivalent interface.
	158
ac4892f4	159	=item B<extract ( $request )>
ac4892f4	160
43f34c01	161	This will attempt to extract the session from a C<$request> by looking
	162	for the C<session_key> in the C<$request> params. It will then check to
	163	see if the session has expired and return the session id if it is not.
	164	The C<$request> is expected to be a L<Plack::Request> instance or an
	165	object with an equivalent interface.
	166
ac4892f4	167	=item B<generate ( $request )>
ac4892f4	168
43f34c01	169	This will generate a new session id using the C<sid_generator> callback.
	170	The C<$request> argument is not used by this method but is there for
	171	use by subclasses. The C<$request> is expected to be a L<Plack::Request>
	172	instance or an object with an equivalent interface.
	173
ac4892f4	174	=item B<finalize ( $session_id, $response )>
ac4892f4	175
43f34c01	176	Given a C<$session_id> and a C<$response> this will perform any
	177	finalization nessecary to preserve state. This method is called by
	178	the L<Plack::Session> C<finalize> method. The C<$response> is expected
	179	to be a L<Plack::Response> instance or an object with an equivalent
	180	interface.
	181
ac4892f4	182	=back
ac4892f4	183
43f34c01	184	=head2 Session Expiration Handling
43f34c01	185
ac4892f4	186	=over 4
	187
	188	=item B<expire_session_id ( $id )>
	189
43f34c01	190	This will mark the session for C<$id> as expired. This method is called
	191	by the L<Plack::Session> C<expire> method.
	192
	193	=item B<is_session_expired ( $id )>
	194
	195	This will check to see if the session C<$id> has been marked as
	196	expired.
	197
ac4892f4	198	=item B<check_expired ( $id )>
ac4892f4	199
43f34c01	200	Given an session C<$id> this will return C<undef> if the session is
	201	expired or return the C<$id> if it is not.
	202
ac4892f4	203	=back
	204
	205	=head1 BUGS
	206
	207	All complex software has bugs lurking in it, and this module is no
	208	exception. If you find a bug please either email me, or add the bug
	209	to cpan-RT.
	210
	211	=head1 AUTHOR
	212
	213	Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
	214
	215	=head1 COPYRIGHT AND LICENSE
	216
	217	Copyright 2009 Infinity Interactive, Inc.
	218
	219	L<http://www.iinteractive.com>
	220
	221	This library is free software; you can redistribute it and/or modify
	222	it under the same terms as Perl itself.
	223
	224	=cut
	225
	226