iris/sessions/provider.go
kataras 14e7751d21 SetImmutable for sessions and context's values. https://github.com/iris-contrib/community-board/issues/5
New package "memstore" created, read it to see how I made it.


Former-commit-id: 9edc344b938786b2ef68defec03c44259a2d539c
2017-06-08 03:39:15 +03:00

143 lines
3.8 KiB
Go

// Copyright 2017 Gerasimos Maropoulos, ΓΜ. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package sessions
import (
"sync"
"time"
"github.com/kataras/iris/core/memstore"
)
type (
// provider contains the sessions and external databases (load and update).
// It's the session memory manager
provider struct {
// we don't use RWMutex because all actions have read and write at the same action function.
// (or write to a *session's value which is race if we don't lock)
// narrow locks are fasters but are useless here.
mu sync.Mutex
sessions map[string]*session
databases []Database
}
)
// newProvider returns a new sessions provider
func newProvider() *provider {
return &provider{
sessions: make(map[string]*session, 0),
databases: make([]Database, 0),
}
}
// RegisterDatabase adds a session database
// a session db doesn't have write access
func (p *provider) RegisterDatabase(db Database) {
p.mu.Lock() // for any case
p.databases = append(p.databases, db)
p.mu.Unlock()
}
// newSession returns a new session from sessionid
func (p *provider) newSession(sid string, expires time.Duration) *session {
sess := &session{
sid: sid,
provider: p,
values: p.loadSessionValuesFromDB(sid),
flashes: make(map[string]*flashMessage),
}
if expires > 0 { // if not unlimited life duration and no -1 (cookie remove action is based on browser's session)
time.AfterFunc(expires, func() {
// the destroy makes the check if this session is exists then or not,
// this is used to destroy the session from the server-side also
// it's good to have here for security reasons, I didn't add it on the gc function to separate its action
p.Destroy(sid)
})
}
return sess
}
// can return nil
func (p *provider) loadSessionValuesFromDB(sid string) memstore.Store {
var store memstore.Store
for i, n := 0, len(p.databases); i < n; i++ {
if dbValues := p.databases[i].Load(sid); dbValues != nil && len(dbValues) > 0 {
for k, v := range dbValues {
store.Set(k, v)
}
}
}
return store
}
func (p *provider) updateDatabases(sid string, store memstore.Store) {
if l := store.Len(); l > 0 {
mapValues := make(map[string]interface{}, l)
store.Visit(func(k string, v interface{}) {
mapValues[k] = v
})
for i, n := 0, len(p.databases); i < n; i++ {
p.databases[i].Update(sid, mapValues)
}
}
}
// Init creates the session and returns it
func (p *provider) Init(sid string, expires time.Duration) Session {
newSession := p.newSession(sid, expires)
p.mu.Lock()
p.sessions[sid] = newSession
p.mu.Unlock()
return newSession
}
// Read returns the store which sid parameter belongs
func (p *provider) Read(sid string, expires time.Duration) Session {
p.mu.Lock()
if sess, found := p.sessions[sid]; found {
sess.runFlashGC() // run the flash messages GC, new request here of existing session
p.mu.Unlock()
return sess
}
p.mu.Unlock()
return p.Init(sid, expires) // if not found create new
}
// Destroy destroys the session, removes all sessions and flash values,
// the session itself and updates the registered session databases,
// this called from sessionManager which removes the client's cookie also.
func (p *provider) Destroy(sid string) {
p.mu.Lock()
if sess, found := p.sessions[sid]; found {
sess.values = nil
sess.flashes = nil
delete(p.sessions, sid)
p.updateDatabases(sid, nil)
}
p.mu.Unlock()
}
// DestroyAll removes all sessions
// from the server-side memory (and database if registered).
// Client's session cookie will still exist but it will be reseted on the next request.
func (p *provider) DestroyAll() {
p.mu.Lock()
for _, sess := range p.sessions {
delete(p.sessions, sess.ID())
p.updateDatabases(sess.ID(), nil)
}
p.mu.Unlock()
}