Module: Blix::Rest::Session

Defined in:: lib/blix/rest/session.rb

Defined Under Namespace

Constant Summary collapse

DAY = manage the session and authorization

24 * 60 * 60

MIN =

SESSION_NAME =

'blix'

SESSION_OPTS =

{
  #:secure=>true,
  :http => false,
  :samesite => :lax,
  :path => Blix::Rest.full_path('/'),
  :expire_secs => 30 * MIN,       # 30 mins
  :cleanup_every_secs => 5 * 60   # 5 minutes
  #:max_age => nil # session cookie
}.freeze

Instance Method Summary collapse

#csrf_token ⇒ Object
#reset_session ⇒ Object
#session ⇒ Object
#session_after ⇒ Object

save the session hash before we go.
#session_before(opts) ⇒ Object

get a session id and use this to retrieve the session information - if any.
#session_manager ⇒ Object
#session_name ⇒ Object
#session_opts ⇒ Object
#session_skip_update ⇒ Object

Instance Method Details

#csrf_token ⇒ `Object`



46
47
48

# File 'lib/blix/rest/session.rb', line 46

def csrf_token
  @__session['csrf'] ||= SecureRandom.hex(32)
end

#reset_session ⇒ `Object`

# File 'lib/blix/rest/session.rb', line 50

def reset_session
  raise 'login_session missing' unless @__session && @__session_id
  session_manager.delete_session(@__session_id)
  @__session_id = refresh_session_id(session_name, session_opts)
  @__session['csrf'] = SecureRandom.hex(32)
  session_manager.store_session(@__session_id, @__session)
end

#session ⇒ `Object`



42
43
44

# File 'lib/blix/rest/session.rb', line 42

def session
  @__session
end

#session_after ⇒ `Object`

save the session hash before we go.



84
85
86

# File 'lib/blix/rest/session.rb', line 84

def session_after
  session_manager.store_session(@__session_id, @__session) if @__session_id
end

#session_before(opts) ⇒ `Object`

get a session id and use this to retrieve the session information - if any.

# File 'lib/blix/rest/session.rb', line 60

def session_before(opts)
  @__session = {}

  # do not set session on pages. that will be cached.
  unless opts[:nosession] || opts[:cache]
    @__session_id = get_session_id(session_name, session_opts)
    @__session =
      begin
        session_manager.get_session(@__session_id)
      rescue SessionExpiredError
        @__session_id = refresh_session_id(session_name, session_opts)
        session_manager.get_session(@__session_id)
      end
  end

  if opts[:csrf] && (ENV['RACK_ENV']!='test')
    if env["HTTP_X_CSRF_TOKEN"] != csrf_token 
      send_error("error [0100]")
    end
  end

end

#session_manager ⇒ `Object`



25
26
27

# File 'lib/blix/rest/session.rb', line 25

def session_manager
  self.class.get_session_manager
end

#session_name ⇒ `Object`



34
35
36

# File 'lib/blix/rest/session.rb', line 34

def session_name
  self.class.get_session_name
end

#session_opts ⇒ `Object`



38
39
40

# File 'lib/blix/rest/session.rb', line 38

def session_opts
  self.class.get_session_opts
end

#session_skip_update ⇒ `Object`



29
30
31

# File 'lib/blix/rest/session.rb', line 29

def session_skip_update
  @__session_id = nil
end

Module: Blix::Rest::Session

Defined Under Namespace

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#csrf_token ⇒ Object

#reset_session ⇒ Object

#session ⇒ Object

#session_after ⇒ Object

#session_before(opts) ⇒ Object

#session_manager ⇒ Object

#session_name ⇒ Object

#session_opts ⇒ Object

#session_skip_update ⇒ Object