factor/extra/http/server/sessions/sessions.factor

! Copyright (C) 2008 Doug Coleman, Slava Pestov.
! See http://factorcode.org/license.txt for BSD license.
USING: assocs calendar kernel math.parser namespaces random
boxes alarms new-slots accessors http http.server
quotations hashtables sequences fry combinators.cleave ;
IN: http.server.sessions

! ! ! ! ! !
! WARNING: this session manager is vulnerable to XSRF attacks
! ! ! ! ! !

GENERIC: init-session* ( responder -- )

M: dispatcher init-session* drop ;

TUPLE: session-manager responder sessions ;

: <session-manager> ( responder class -- responder' )
    >r H{ } clone session-manager construct-boa r>
    construct-delegate ; inline

TUPLE: session manager id namespace alarm ;

: <session> ( manager -- session )
    f H{ } clone <box> \ session construct-boa ;

: timeout ( -- dt ) 20 minutes ;

: cancel-timeout ( session -- )
    alarm>> [ cancel-alarm ] if-box? ;

: delete-session ( session -- )
    [ cancel-timeout ]
    [ dup manager>> sessions>> delete-at ]
    bi ;

: touch-session ( session -- session )
    [ cancel-timeout ]
    [ [ '[ , delete-session ] timeout later ] keep alarm>> >box ]
    [ ]
    tri ;

: session ( -- assoc ) \ session get namespace>> ;

: sget ( key -- value ) session at ;

: sset ( value key -- ) session set-at ;

: schange ( key quot -- ) session swap change-at ; inline

: init-session ( session -- session )
    dup dup \ session [
        manager>> responder>> init-session*
    ] with-variable ;

: new-session ( responder -- id )
    [ <session> init-session touch-session ]
    [ [ sessions>> set-at-unique ] [ drop swap >>id ] 2bi ]
    bi id>> ;

: get-session ( id responder -- session/f )
    sessions>> at* [ touch-session ] when ;

: call-responder/session ( path responder session -- response )
    \ session set responder>> call-responder ;

: sessions ( -- manager/f )
    \ session get dup [ manager>> ] when ;

GENERIC: session-link* ( url query sessions -- string )

M: object session-link* 2drop url-encode ;

: session-link ( url query -- string ) sessions session-link* ;

TUPLE: null-sessions ;

: <null-sessions>
    null-sessions <session-manager> ;

M: null-sessions call-responder ( path responder -- response )
    dup <session> call-responder/session ;

TUPLE: url-sessions ;

: <url-sessions> ( responder -- responder' )
    url-sessions <session-manager> ;

: sess-id "factorsessid" ;

: current-session ( responder request -- session )
    sess-id query-param swap get-session ;

M: url-sessions call-responder ( path responder -- response )
    dup request get current-session [
        call-responder/session
    ] [
        nip
        f swap new-session sess-id associate <temporary-redirect>
    ] if* ;

M: url-sessions session-link*
    drop
    url-encode
    \ session get id>> sess-id associate union assoc>query
    dup assoc-empty? [ drop ] [ "?" swap 3append ] if ;

TUPLE: cookie-sessions ;

: <cookie-sessions> ( responder -- responder' )
    cookie-sessions <session-manager> ;

: get-session-cookie ( responder -- cookie )
    request get sess-id get-cookie
    [ value>> swap get-session ] [ drop f ] if* ;

: <session-cookie> ( id -- cookie )
    sess-id <cookie> ;

M: cookie-sessions call-responder ( path responder -- response )
    dup get-session-cookie [
        call-responder/session
    ] [
        dup new-session
        [ over get-session call-responder/session ] keep
        <session-cookie> put-cookie
    ] if* ;
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`! Copyright (C) 2008 Doug Coleman, Slava Pestov.`
			`! See http://factorcode.org/license.txt for BSD license.`
			`USING: assocs calendar kernel math.parser namespaces random`
			`boxes alarms new-slots accessors http http.server`
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`quotations hashtables sequences fry combinators.cleave ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`IN: http.server.sessions`

			`! ! ! ! ! !`
			`! WARNING: this session manager is vulnerable to XSRF attacks`
			`! ! ! ! ! !`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`GENERIC: init-session* ( responder -- )`
More httpd work 2008-03-03 03:19:36 -05:00
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`M: dispatcher init-session* drop ;`
HTTP authorization framework, first cut 2008-03-06 04:00:10 -05:00
More httpd work 2008-03-03 03:19:36 -05:00			`TUPLE: session-manager responder sessions ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
			`: <session-manager> ( responder class -- responder' )`
More httpd work 2008-03-03 03:19:36 -05:00			`>r H{ } clone session-manager construct-boa r>`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`construct-delegate ; inline`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`TUPLE: session manager id namespace alarm ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`: <session> ( manager -- session )`
			`f H{ } clone <box> \ session construct-boa ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
			`: timeout ( -- dt ) 20 minutes ;`

			`: cancel-timeout ( session -- )`
Use if-box in http.server 2008-02-29 11:37:39 -05:00			`alarm>> [ cancel-alarm ] if-box? ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
			`: delete-session ( session -- )`
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`[ cancel-timeout ]`
			`[ dup manager>> sessions>> delete-at ]`
			`bi ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`: touch-session ( session -- session )`
			`[ cancel-timeout ]`
			`[ [ '[ , delete-session ] timeout later ] keep alarm>> >box ]`
			`[ ]`
			`tri ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
			`: session ( -- assoc ) \ session get namespace>> ;`

			`: sget ( key -- value ) session at ;`

			`: sset ( value key -- ) session set-at ;`

			`: schange ( key quot -- ) session swap change-at ; inline`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`: init-session ( session -- session )`
			`dup dup \ session [`
			`manager>> responder>> init-session*`
			`] with-variable ;`

New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`: new-session ( responder -- id )`
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`[ <session> init-session touch-session ]`
			`[ [ sessions>> set-at-unique ] [ drop swap >>id ] 2bi ]`
			`bi id>> ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`: get-session ( id responder -- session/f )`
			`sessions>> at* [ touch-session ] when ;`

			`: call-responder/session ( path responder session -- response )`
More httpd work 2008-03-03 03:19:36 -05:00			`\ session set responder>> call-responder ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
			`: sessions ( -- manager/f )`
			`\ session get dup [ manager>> ] when ;`

			`GENERIC: session-link* ( url query sessions -- string )`

			`M: object session-link* 2drop url-encode ;`

			`: session-link ( url query -- string ) sessions session-link* ;`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`TUPLE: null-sessions ;`

			`: <null-sessions>`
			`null-sessions <session-manager> ;`

			`M: null-sessions call-responder ( path responder -- response )`
			`dup <session> call-responder/session ;`

New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`TUPLE: url-sessions ;`

			`: <url-sessions> ( responder -- responder' )`
			`url-sessions <session-manager> ;`

			`: sess-id "factorsessid" ;`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`: current-session ( responder request -- session )`
			`sess-id query-param swap get-session ;`

			`M: url-sessions call-responder ( path responder -- response )`
			`dup request get current-session [`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`call-responder/session`
			`] [`
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`nip`
			`f swap new-session sess-id associate <temporary-redirect>`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`] if* ;`

			`M: url-sessions session-link*`
			`drop`
HTTP server work in progress 2008-03-11 04:39:09 -04:00			`url-encode`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`\ session get id>> sess-id associate union assoc>query`
			`dup assoc-empty? [ drop ] [ "?" swap 3append ] if ;`

			`TUPLE: cookie-sessions ;`

			`: <cookie-sessions> ( responder -- responder' )`
			`cookie-sessions <session-manager> ;`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`: get-session-cookie ( responder -- cookie )`
			`request get sess-id get-cookie`
			`[ value>> swap get-session ] [ drop f ] if* ;`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00
			`: <session-cookie> ( id -- cookie )`
			`sess-id <cookie> ;`

HTTP server work in progress 2008-03-11 04:39:09 -04:00			`M: cookie-sessions call-responder ( path responder -- response )`
			`dup get-session-cookie [`
New HTTPD work in progress 2008-02-29 01:57:38 -05:00			`call-responder/session`
			`] [`
			`dup new-session`
			`[ over get-session call-responder/session ] keep`
			`<session-cookie> put-cookie`
			`] if* ;`