[catagits/Web-Session.git] / lib / Plack / Session / State.pm

package Plack::Session::State;
use strict;
use warnings;

our $VERSION   = '0.03';
our $AUTHORITY = 'cpan:STEVAN';

use Digest::SHA1 ();

use Plack::Util::Accessor qw[
    session_key
    sid_generator
    sid_validator
];

sub new {
    my ($class, %params) = @_;

    $params{'session_key'}   ||= 'plack_session';
    $params{'sid_generator'} ||= sub {
        Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
    };
    $params{'sid_validator'} ||= qr/\A[0-9a-f]{40}\Z/;

    bless { %params } => $class;
}

sub expire_session_id {
    my ($self, $id, $response) = @_;
}

sub validate_session_id {
    my ($self, $id) = @_;
    $id =~ $self->sid_validator;
}

sub get_session_id {
    my ($self, $request) = @_;
    return $request->param( $self->session_key );
}

sub extract {
    my ($self, $request) = @_;

    my $id = $self->get_session_id( $request );
    return unless defined $id;

    return $id if $self->validate_session_id( $id );
    return;
}

sub generate {
    my $self = shift;
    $self->sid_generator->( @_ );
}


sub finalize {
    my ($self, $id, $response) = @_;
    ();
}

1;

__END__

=pod

=head1 NAME

Plack::Session::State - Basic parameter-based session state

=head1 SYNOPSIS

  use Plack::Builder;
  use Plack::Middleware::Session;
  use Plack::Session::State;

  my $app = sub {
      return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
  };

  builder {
      enable 'Session',
          state => Plack::Session::State->new;
      $app;
  };

=head1 DESCRIPTION

This will maintain session state by passing the session through
the request params. It does not do this automatically though,
you are responsible for passing the session param.

This should be considered the state "base" class (although
subclassing is not a requirement) and defines the spec for
all B<Plack::Session::State::*> modules. You will only
need to override a couple methods if you do subclass. See
L<Plack::Session::State::Cookie> for an example of this.

=head1 METHODS

=over 4

=item B<new ( %params )>

The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
however in both cases a default will be provided for you.

=item B<session_key>

This is the name of the session key, it default to 'plack_session'.

=item B<sid_generator>

This is a CODE ref used to generate unique session ids, by default
it will generate a SHA1 using fairly sufficient entropy. If you are
concerned or interested, just read the source.

=item B<sid_validator>

This is a regex used to validate requested session id.

=back

=head2 Session ID Managment

=over 4

=item B<get_session_id ( $request )>

This is the method used to extract the session id from a C<$request>.
Subclasses will often only need to override this method and the
C<finalize> method.

=item B<validate_session_id ( $session_id )>

This will use the C<sid_validator> regex and confirm that the
C<$session_id> is valid.

=item B<extract ( $request )>

This will attempt to extract the session from a C<$request> by looking
for the C<session_key> in the C<$request> params. It will then check to
see if the session is valid and that it has not expired. It will return
the session id if everything is good or undef otherwise. The C<$request>
is expected to be a L<Plack::Request> instance or an object with an
equivalent interface.

=item B<generate ( $request )>

This will generate a new session id using the C<sid_generator> callback.
The C<$request> argument is not used by this method but is there for
use by subclasses. The C<$request> is expected to be a L<Plack::Request>
instance or an object with an equivalent interface.

=item B<finalize ( $session_id, $response )>

Given a C<$session_id> and a C<$response> this will perform any
finalization nessecary to preserve state. This method is called by
the L<Plack::Session> C<finalize> method. The C<$response> is expected
to be a L<Plack::Response> instance or an object with an equivalent
interface.

=back

=head2 Session Expiration Handling

=over 4

=item B<expire_session_id ( $id, $response )>

This will mark the session for C<$id> as expired. This method is called
by the L<Plack::Session> C<expire> method.

=back

=head1 BUGS

All complex software has bugs lurking in it, and this module is no
exception. If you find a bug please either email me, or add the bug
to cpan-RT.

=head1 AUTHOR

Stevan Little E<lt>stevan.little@iinteractive.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright 2009, 2010 Infinity Interactive, Inc.

L<http://www.iinteractive.com>

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut
Commit	Line	Data
06190e8b	1	package Plack::Session::State;
	2	use strict;
	3	use warnings;
	4
000c696e	5	our $VERSION = '0.03';
30cc0a71	6	our $AUTHORITY = 'cpan:STEVAN';
30cc0a71	7
3b4205cd	8	use Digest::SHA1 ();
3b4205cd	9
ac4892f4	10	use Plack::Util::Accessor qw[
	11	session_key
	12	sid_generator
6a695f07	13	sid_validator
ac4892f4	14	];
06190e8b	15
	16	sub new {
	17	my ($class, %params) = @_;
ac4892f4	18
ac4892f4	19	$params{'session_key'} \|\|= 'plack_session';
ac4892f4	20	$params{'sid_generator'} \|\|= sub {
ac4892f4	21	Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
ac4892f4	22	};
6a695f07	23	$params{'sid_validator'} \|\|= qr/\A[0-9a-f]{40}\Z/;
ac4892f4	24
ac4892f4	25	bless { %params } => $class;
06190e8b	26	}
	27
	28	sub expire_session_id {
caf3bd90	29	my ($self, $id, $response) = @_;
06190e8b	30	}
06190e8b	31
ae35574f	32	sub validate_session_id {
	33	my ($self, $id) = @_;
	34	$id =~ $self->sid_validator;
56b9910a	35	}
56b9910a	36
06190e8b	37	sub get_session_id {
06190e8b	38	my ($self, $request) = @_;
4a0cb5a0	39	return $request->param( $self->session_key );
56b9910a	40	}
56b9910a	41
bd992981	42	sub extract {
bd992981	43	my ($self, $request) = @_;
56b9910a	44
4a0cb5a0	45	my $id = $self->get_session_id( $request );
ae35574f	46	return unless defined $id;
ae35574f	47
caf3bd90	48	return $id if $self->validate_session_id( $id );
caf3bd90	49	return;
bd992981	50	}
bd992981	51
fe1bfe7d	52	sub generate {
fe1bfe7d	53	my $self = shift;
ac4892f4	54	$self->sid_generator->( @_ );
bd992981	55	}
bd992981	56
fe1bfe7d	57
bd992981	58	sub finalize {
	59	my ($self, $id, $response) = @_;
	60	();
06190e8b	61	}
06190e8b	62
fe1bfe7d	63	1;
ac4892f4	64
	65	__END__
	66
	67	=pod
	68
	69	=head1 NAME
	70
	71	Plack::Session::State - Basic parameter-based session state
	72
3d92cf47	73	=head1 SYNOPSIS
	74
	75	use Plack::Builder;
	76	use Plack::Middleware::Session;
	77	use Plack::Session::State;
	78
	79	my $app = sub {
	80	return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
	81	};
	82
	83	builder {
	84	enable 'Session',
	85	state => Plack::Session::State->new;
	86	$app;
	87	};
	88
ac4892f4	89	=head1 DESCRIPTION
ac4892f4	90
3d92cf47	91	This will maintain session state by passing the session through
	92	the request params. It does not do this automatically though,
	93	you are responsible for passing the session param.
	94
	95	This should be considered the state "base" class (although
	96	subclassing is not a requirement) and defines the spec for
	97	all B<Plack::Session::State::*> modules. You will only
	98	need to override a couple methods if you do subclass. See
	99	L<Plack::Session::State::Cookie> for an example of this.
	100
ac4892f4	101	=head1 METHODS
	102
	103	=over 4
	104
	105	=item B<new ( %params )>
	106
56b9910a	107	The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
3d92cf47	108	however in both cases a default will be provided for you.
3d92cf47	109
ac4892f4	110	=item B<session_key>
ac4892f4	111
43f34c01	112	This is the name of the session key, it default to 'plack_session'.
43f34c01	113
ac4892f4	114	=item B<sid_generator>
ac4892f4	115
3d92cf47	116	This is a CODE ref used to generate unique session ids, by default
	117	it will generate a SHA1 using fairly sufficient entropy. If you are
	118	concerned or interested, just read the source.
43f34c01	119
6a695f07	120	=item B<sid_validator>
56b9910a	121
ae35574f	122	This is a regex used to validate requested session id.
56b9910a	123
ac4892f4	124	=back
ac4892f4	125
43f34c01	126	=head2 Session ID Managment
43f34c01	127
ac4892f4	128	=over 4
	129
	130	=item B<get_session_id ( $request )>
	131
ae35574f	132	This is the method used to extract the session id from a C<$request>.
	133	Subclasses will often only need to override this method and the
	134	C<finalize> method.
	135
	136	=item B<validate_session_id ( $session_id )>
	137
	138	This will use the C<sid_validator> regex and confirm that the
	139	C<$session_id> is valid.
6a695f07	140
ac4892f4	141	=item B<extract ( $request )>
ac4892f4	142
43f34c01	143	This will attempt to extract the session from a C<$request> by looking
43f34c01	144	for the C<session_key> in the C<$request> params. It will then check to
a45f272f	145	see if the session is valid and that it has not expired. It will return
	146	the session id if everything is good or undef otherwise. The C<$request>
	147	is expected to be a L<Plack::Request> instance or an object with an
	148	equivalent interface.
43f34c01	149
ac4892f4	150	=item B<generate ( $request )>
ac4892f4	151
43f34c01	152	This will generate a new session id using the C<sid_generator> callback.
	153	The C<$request> argument is not used by this method but is there for
	154	use by subclasses. The C<$request> is expected to be a L<Plack::Request>
	155	instance or an object with an equivalent interface.
	156
ac4892f4	157	=item B<finalize ( $session_id, $response )>
ac4892f4	158
43f34c01	159	Given a C<$session_id> and a C<$response> this will perform any
	160	finalization nessecary to preserve state. This method is called by
	161	the L<Plack::Session> C<finalize> method. The C<$response> is expected
	162	to be a L<Plack::Response> instance or an object with an equivalent
	163	interface.
	164
ac4892f4	165	=back
ac4892f4	166
43f34c01	167	=head2 Session Expiration Handling
43f34c01	168
ac4892f4	169	=over 4
ac4892f4	170
caf3bd90	171	=item B<expire_session_id ( $id, $response )>
ac4892f4	172
43f34c01	173	This will mark the session for C<$id> as expired. This method is called
	174	by the L<Plack::Session> C<expire> method.
	175
ac4892f4	176	=back
	177
	178	=head1 BUGS
	179
	180	All complex software has bugs lurking in it, and this module is no
	181	exception. If you find a bug please either email me, or add the bug
	182	to cpan-RT.
	183
	184	=head1 AUTHOR
	185
	186	Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
	187
	188	=head1 COPYRIGHT AND LICENSE
	189
000c696e	190	Copyright 2009, 2010 Infinity Interactive, Inc.
ac4892f4	191
	192	L<http://www.iinteractive.com>
	193
	194	This library is free software; you can redistribute it and/or modify
	195	it under the same terms as Perl itself.
	196
	197	=cut
	198
	199