Skip to content

Commit

Permalink
chore(session) bump resty session to 3.1 and other changes (#16)
Browse files Browse the repository at this point in the history
* chore(session) bump resty.session to 3.1 and rewrite custom storage

### Summary

Bumps `lua-resty-session` to `3.1` and rewrite the `kong` session
storage adapter to work with `3.1`.

* refactor(session) split header_filter to its own file

### Summary

Removes `header_filter` code from `handler.lua` and moves it to
`header_filter.lua`.

* style(*) just some style changes

### Summary

Make code use early exists, localize some variables, and
adjustments in spacing.

* feat(session) add support for `config.cookie_idletime`

### Summary

Adds support for idle time configuration option that was released with `lua-resty-session` `3.1`.

* feat(session) add support for `SameSite=None` option

### Summary

Old browser do default when `SameSite` is not set (`off` in this plugin):
- They treat that as `None`

Modern browsers in the other hand are switching to treat it as `Lax`.

This commit adds support for explicit `None` option (even on modern browsers).

* chore(session) move groups loading close to actual use

### Summary

Just moves one line of code closer to its actual usage.

* chore(session) use kong.client.load_consumer to load consumer

### Summary

Uses `kong.client.load_consumer` instead of re-implementing it.

* feat(session) make authenticate to set credential identifier

### Summary

Makes `authenticate` function to set `credential identifier` if
that is available with Kong (or clears it).

* fix(session) anonymous header was set even when there was a credential

### Summary

Fixes a bug where anonymous header was set to true when there was
a `credential`.

* chore(session) bump version to 2.3.0

* test(travis) update .travis.yml
  • Loading branch information
bungle authored Mar 30, 2020
1 parent c6fde75 commit f037d32
Show file tree
Hide file tree
Showing 9 changed files with 241 additions and 255 deletions.
20 changes: 11 additions & 9 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
dist: trusty
dist: xenial
sudo: required

language: java
language: go

jdk:
- oraclejdk8
go:
- "1.13.x"

notifications:
email:
Expand All @@ -26,15 +26,15 @@ services:

env:
global:
- LUAROCKS=3.1.3
- OPENSSL=1.1.1c
- LUAROCKS=3.3.1
- OPENSSL=1.1.1d
- CASSANDRA_BASE=2.2.12
- CASSANDRA_LATEST=3.9
- OPENRESTY_BASE=1.15.8.1
- OPENRESTY_LATEST=1.15.8.1
- OPENRESTY_BASE=1.15.8.2
- OPENRESTY_LATEST=1.15.8.2
- DOWNLOAD_CACHE=$HOME/download-cache
- INSTALL_CACHE=$HOME/install-cache
- BUSTED_ARGS="-o gtest -v --exclude-tags=flaky,ipv6"
- BUSTED_ARGS="-o htest -v --exclude-tags=flaky,ipv6"
- PLUGIN_NAME=session
- KONG_TEST_PLUGINS=bundled,$PLUGIN_NAME
- KONG_PLUGINS=bundled,$PLUGIN_NAME
Expand All @@ -59,6 +59,8 @@ install:
- cd ../
- KONG_DATABASE=postgres KONG_PG_DATABASE=kong_tests kong-ce/bin/kong migrations bootstrap
- KONG_DATABASE=cassandra KONG_CASSANDRA_KEYSPACE=kong_tests kong-ce/bin/kong migrations bootstrap
- luarocks remove --force lua-resty-session
- luarocks install --force lua-resty-session 3.1
- cd kong-ce

script:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
package = "kong-plugin-session"

version = "2.2.0-1"
version = "2.3.0-1"

supported_platforms = {"linux", "macosx"}

source = {
url = "git://github.com/Kong/kong-plugin-session",
tag = "2.2.0"
tag = "2.3.0"
}

description = {
Expand All @@ -17,7 +17,7 @@ description = {

dependencies = {
"lua >= 5.1",
"lua-resty-session == 2.24",
"lua-resty-session == 3.1",
--"kong >= 1.2.0",
}

Expand All @@ -27,6 +27,7 @@ build = {
["kong.plugins.session.handler"] = "kong/plugins/session/handler.lua",
["kong.plugins.session.schema"] = "kong/plugins/session/schema.lua",
["kong.plugins.session.access"] = "kong/plugins/session/access.lua",
["kong.plugins.session.header_filter"] = "kong/plugins/session/header_filter.lua",
["kong.plugins.session.session"] = "kong/plugins/session/session.lua",
["kong.plugins.session.daos"] = "kong/plugins/session/daos.lua",
["kong.plugins.session.storage.kong"] = "kong/plugins/session/storage/kong.lua",
Expand Down
56 changes: 37 additions & 19 deletions kong/plugins/session/access.lua
Original file line number Diff line number Diff line change
@@ -1,24 +1,25 @@
local constants = require "kong.constants"
local kong_session = require "kong.plugins.session.session"
local kong = kong

local _M = {}

local ngx = ngx
local kong = kong
local concat = table.concat

local function load_consumer(consumer_id)
local result, err = kong.db.consumers:select { id = consumer_id }
if not result then
return nil, err
end
return result
end

local _M = {}


local function authenticate(consumer, credential_id, groups)
local set_header = kong.service.request.set_header
local clear_header = kong.service.request.clear_header

set_header(constants.HEADERS.CONSUMER_ID, consumer.id)
if consumer.id then
set_header(constants.HEADERS.CONSUMER_ID, consumer.id)
else
clear_header(constants.HEADERS.CONSUMER_ID)
end

if consumer.custom_id then
set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
else
Expand All @@ -32,29 +33,46 @@ local function authenticate(consumer, credential_id, groups)
end

if groups then
set_header(constants.HEADERS.AUTHENTICATED_GROUPS, table.concat(groups, ", "))
set_header(constants.HEADERS.AUTHENTICATED_GROUPS, concat(groups, ", "))
ngx.ctx.authenticated_groups = groups
else
clear_header(constants.HEADERS.AUTHENTICATED_GROUPS)
end

local credential
if credential_id then
local credential = {id = credential_id or consumer.id, consumer_id = consumer.id}
credential = {
id = credential_id,
consumer_id = consumer.id
}

clear_header(constants.HEADERS.ANONYMOUS)

if constants.HEADERS.CREDENTIAL_IDENTIFIER then
set_header(constants.HEADERS.CREDENTIAL_IDENTIFIER, credential.id)
end

else
set_header(constants.HEADERS.ANONYMOUS, true)
kong.client.authenticate(consumer, credential)

return
if constants.HEADERS.CREDENTIAL_IDENTIFIER then
clear_header(constants.HEADERS.CREDENTIAL_IDENTIFIER)
end
end

kong.client.authenticate(consumer, nil)
kong.client.authenticate(consumer, credential)
end


function _M.execute(conf)
local s = kong_session.open_session(conf)
local s, present, reason = kong_session.open_session(conf)
if not present then
if reason then
kong.log.debug("session not present (", reason, ")")
else
kong.log.debug("session not present")
end

if not s.present then
kong.log.debug("session not present")
return
end

Expand All @@ -70,7 +88,7 @@ function _M.execute(conf)

local consumer_cache_key = kong.db.consumers:cache_key(cid)
local consumer, err = kong.cache:get(consumer_cache_key, nil,
load_consumer, cid)
kong.client.load_consumer, cid)

if err then
kong.log.err("could not load consumer: ", err)
Expand Down
57 changes: 5 additions & 52 deletions kong/plugins/session/handler.lua
Original file line number Diff line number Diff line change
@@ -1,66 +1,19 @@
local access = require "kong.plugins.session.access"
local kong_session = require "kong.plugins.session.session"


local kong = kong
local header_filter = require "kong.plugins.session.header_filter"


local KongSessionHandler = {
PRIORITY = 1900,
VERSION = "2.2.0",
VERSION = "2.3.0",
}


local function get_authenticated_groups()
local authenticated_groups = ngx.ctx.authenticated_groups
if authenticated_groups == nil then
return nil
end

assert(type(authenticated_groups) == "table",
"invalid authenticated_groups, a table was expected")

return authenticated_groups
end


function KongSessionHandler:header_filter(conf)
local credential = kong.client.get_credential()
local consumer = kong.client.get_consumer()

if not credential then
-- don't open sessions for anonymous users
kong.log.debug("anonymous: no credential.")
return
end

local credential_id = credential.id
local consumer_id = consumer and consumer.id
local s = kong.ctx.shared.authenticated_session
local groups = get_authenticated_groups()

-- if session exists and the data in the session matches the ctx then
-- don't worry about saving the session data or sending cookie
if s and s.present then
local cid, cred_id = kong_session.retrieve_session_data(s)
if cred_id == credential_id and cid == consumer_id
then
return
end
end

-- session is no longer valid
-- create new session and save the data / send the Set-Cookie header
if consumer_id then
s = s or kong_session.open_session(conf)
kong_session.store_session_data(s, consumer_id, credential_id or consumer_id,
groups)
s:save()
end
function KongSessionHandler.header_filter(_, conf)
header_filter.execute(conf)
end


function KongSessionHandler:access(conf)
function KongSessionHandler.access(_, conf)
access.execute(conf)
end

Expand Down
64 changes: 64 additions & 0 deletions kong/plugins/session/header_filter.lua
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
local kong_session = require "kong.plugins.session.session"


local ngx = ngx
local kong = kong
local type = type
local assert = assert


local function get_authenticated_groups()
local authenticated_groups = ngx.ctx.authenticated_groups
if authenticated_groups == nil then
return nil
end

assert(type(authenticated_groups) == "table",
"invalid authenticated_groups, a table was expected")

return authenticated_groups
end


local _M = {}


function _M.execute(conf)
local credential = kong.client.get_credential()
local consumer = kong.client.get_consumer()

if not credential then
-- don't open sessions for anonymous users
kong.log.debug("anonymous: no credential.")
return
end

local credential_id = credential.id
local consumer_id = consumer and consumer.id

-- if session exists and the data in the session matches the ctx then
-- don't worry about saving the session data or sending cookie
local s = kong.ctx.shared.authenticated_session
if s and s.present then
local cid, cred_id = kong_session.retrieve_session_data(s)
if cred_id == credential_id and cid == consumer_id
then
return
end
end

-- session is no longer valid
-- create new session and save the data / send the Set-Cookie header
if consumer_id then
local groups = get_authenticated_groups()
s = s or kong_session.open_session(conf)
kong_session.store_session_data(s,
consumer_id,
credential_id or consumer_id,
groups)
s:save()
end
end


return _M
6 changes: 5 additions & 1 deletion kong/plugins/session/schema.lua
Original file line number Diff line number Diff line change
@@ -1,17 +1,20 @@
local typedefs = require "kong.db.schema.typedefs"
local Schema = require "kong.db.schema"
local utils = require "kong.tools.utils"


local utils = require("kong.tools.utils")
local char = string.char
local rand = math.random
local encode_base64 = ngx.encode_base64


local samesite = Schema.define {
type = "string",
default = "Strict",
one_of = {
"Strict",
"Lax",
"None",
"off",
}
}
Expand Down Expand Up @@ -43,6 +46,7 @@ return {
},
{ cookie_name = { type = "string", default = "session" } },
{ cookie_lifetime = { type = "number", default = 3600 } },
{ cookie_idletime = { type = "number" } },
{ cookie_renew = { type = "number", default = 600 } },
{ cookie_path = { type = "string", default = "/" } },
{ cookie_domain = { type = "string" } },
Expand Down
Loading

0 comments on commit f037d32

Please sign in to comment.