Class: Rack::Session::JsonFile

Inherits:
Abstract::PersistedSecure
  • Object
show all
Defined in:
contrib/lib/rack/session/json_file.rb

Overview

A JSON File based session storage.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ JsonFile

Returns a new instance of JsonFile.

Parameters:

  • options (Hash) (defaults to: {})

    Accepts a :session_dir path which defaults to /tmp/rack.session.



37
38
39
40
41
42
43
44
45
46
# File 'contrib/lib/rack/session/json_file.rb', line 37

def initialize(app, options = {})
  super(
    app,
    {
      secure: ENV['RACK_ENV'] != 'development', # HTTPS unless in dev env
      same_site: 'Strict' # don't allow cross-site sessions
    }.merge!(options)
  )
  @session_dir = "#{Dir.tmpdir}/#{@key}" || @default_options[:session_dir]
end

Class Method Details

.clean(to = Date.today.prev_month, dir = "#{Dir.tmpdir}/rack.session") ⇒ Object

Cleans session files that have not been used.

Parameters:

  • to (Time|Date) (defaults to: Date.today.prev_month)

    Time from which file has not been accessed. Defaults to 00:00 hrs 1 month ago.

  • dir (String) (defaults to: "#{Dir.tmpdir}/rack.session")

    Directory from which to clean files. Defaults to /tmp/rack.session.



25
26
27
28
29
30
31
32
33
# File 'contrib/lib/rack/session/json_file.rb', line 25

def self.clean(
  to = Date.today.prev_month,
  dir = "#{Dir.tmpdir}/rack.session"
)
  to = to.to_time if to.instance_of?(Date)
  Dir["#{dir}/*"].each do |file|
    FileUtils.rm(file, force: true) if ::File.atime(file) < to
  end
end

Instance Method Details

#delete_session(_req, sid, options) ⇒ self|nil

Returns new session id or nil if options[:drop].

Returns:

  • (self|nil)

    new session id or nil if options[:drop].



72
73
74
75
# File 'contrib/lib/rack/session/json_file.rb', line 72

def delete_session(_req, sid, options)
  FileUtils.rm("#{@session_dir}/#{sid}", force: true)
  options&.include?(:drop) ? nil : generate_sid
end

#find_session(_req, sid) ⇒ Array

Returns [self, Hash].

Returns:

  • (Array)

    [self, Hash].



49
50
51
52
53
54
55
56
57
# File 'contrib/lib/rack/session/json_file.rb', line 49

def find_session(_req, sid)
  sid = generate_sid if sid.nil?

  [sid, JSON.parse(::File.read("#{@session_dir}/#{sid}"))]
rescue Errno::ENOENT
  [generate_sid, {}]
rescue JSON::ParserError
  [sid, {}]
end

#generate_sidObject



77
78
79
80
81
82
# File 'contrib/lib/rack/session/json_file.rb', line 77

def generate_sid(*)
  sid = super
  FileUtils.mkdir_p(@session_dir, mode: 0o700)
  ::File.new("#{@session_dir}/#{sid}", 'w', 0o600).close
  sid
end

#write_session(_req, sid, session, _options) ⇒ self|false

Returns session_id or false.

Parameters:

  • sid (String)

    Only known ids are allowed, to avoid session fixation attacks.

Returns:

  • (self|false)

    session_id or false.



62
63
64
65
66
67
68
69
# File 'contrib/lib/rack/session/json_file.rb', line 62

def write_session(_req, sid, session, _options)
  return false unless ::File.exist?("#{@session_dir}/#{sid}")

  ::File.open("#{@session_dir}/#{sid}", 'w', 0o600) do |f|
    f << JSON.generate(session)
  end
  sid
end