class Aws::SessionStore::DynamoDB::RackMiddleware

This class is an ID based Session Store Rack Middleware that uses a DynamoDB backend for session storage.

Attributes

config[R]

@return [Configuration] An instance of Configuration that is used for

this middleware.

Public Class Methods

new(app, options = {}) click to toggle source

Initializes SessionStore middleware.

@param app Rack application. @option (see Configuration#initialize) @raise [Aws::DynamoDB::Errors::ResourceNotFoundException] If a valid table name is not provided. @raise [Aws::SessionStore::DynamoDB::MissingSecretKey] If a secret key is not provided.

Calls superclass method
# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 17
def initialize(app, options = {})
  super
  @config = Configuration.new(options)
  validate_config
  set_locking_strategy
end

Public Instance Methods

delete_session(req, sid, options) click to toggle source

Destroys session and removes session from database.

@return [String] return a new session id or nil if options

# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 52
def delete_session(req, sid, options)
  @lock.delete_session(req.env, sid)
  generate_sid unless options[:drop]
end
find_session(req, sid) click to toggle source

Get session from the database or create a new session.

@raise [Aws::SessionStore::DynamoDB::Errors::LockWaitTimeoutError] If the session

has waited too long to obtain lock.
# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 28
def find_session(req, sid)
  case verify_hmac(sid)
  when nil
    set_new_session_properties(req.env)
  when false
    handle_error { raise Errors::InvalidIDError }
    set_new_session_properties(req.env)
  else
    data = @lock.get_session_data(req.env, sid)
    [sid, data || {}]
  end
end
write_session(req, sid, session, options) click to toggle source

Sets the session in the database after packing data.

@return [Hash] If session has been saved. @return [false] If session has could not be saved.

# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 45
def write_session(req, sid, session, options)
  @lock.set_session_data(req.env, sid, session, options)
end

Private Instance Methods

generate_hmac(sid, secret) click to toggle source

Generate HMAC hash based on MD5

# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 93
def generate_hmac(sid, secret)
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('MD5'), secret, sid).strip
end
generate_sid(secure = @sid_secure) click to toggle source

Generate sid with HMAC hash

Calls superclass method
# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 98
def generate_sid(secure = @sid_secure)
  sid = super
  "#{generate_hmac(sid, @config.secret_key)}--" + sid
end
handle_error(env = nil) { || ... } click to toggle source

Each database operation is placed in this rescue wrapper. This wrapper will call the method, rescue any exceptions and then pass exceptions to the configured session handler.

# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 85
def handle_error(env = nil)
  yield
rescue Aws::DynamoDB::Errors::Base,
       Aws::SessionStore::DynamoDB::Errors::InvalidIDError => e
  @config.error_handler.handle_error(e, env)
end
set_locking_strategy() click to toggle source
# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 63
def set_locking_strategy
  @lock =
    if @config.enable_locking
      Aws::SessionStore::DynamoDB::Locking::Pessimistic.new(@config)
    else
      Aws::SessionStore::DynamoDB::Locking::Null.new(@config)
    end
end
set_new_session_properties(env) click to toggle source

Sets new session properties.

# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 77
def set_new_session_properties(env)
  env['dynamo_db.new_session'] = 'true'
  [generate_sid, {}]
end
validate_config() click to toggle source
# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 72
def validate_config
  raise Errors::MissingSecretKeyError unless @config.secret_key
end
verify_hmac(sid) click to toggle source

Verify digest of HMACed hash

@return [true] If the HMAC id has been verified. @return [false] If the HMAC id has been corrupted.

# File lib/aws/session_store/dynamo_db/rack_middleware.rb, line 107
def verify_hmac(sid)
  return unless sid

  digest, ver_sid = sid.split('--')
  return false unless ver_sid

  digest == generate_hmac(ver_sid, @config.secret_key)
end