Merge pull request #8578 from kenjis/improve-redis-session

kenjis · web-flow · commit 879479c3b524 · 2024-03-26T08:18:21.000+09:00
feat: improve Redis Session
diff --git a/app/Config/Session.php b/app/Config/Session.php
@@ -99,4 +99,29 @@ class Session extends BaseConfig
      * DB Group for the database session.
      */
     public ?string $DBGroup = null;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Lock Retry Interval (microseconds)
+     * --------------------------------------------------------------------------
+     *
+     * This is used for RedisHandler.
+     *
+     * Time (microseconds) to wait if lock cannot be acquired.
+     * The default is 100,000 microseconds (= 0.1 seconds).
+     */
+    public int $lockRetryInterval = 100_000;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Lock Max Retries
+     * --------------------------------------------------------------------------
+     *
+     * This is used for RedisHandler.
+     *
+     * Maximum number of lock acquisition attempts.
+     * The default is 300 times. That is lock timeout is about 30 (0.1 * 300)
+     * seconds.
+     */
+    public int $lockMaxRetries = 300;
 }
diff --git a/phpstan-baseline.php b/phpstan-baseline.php
@@ -8333,12 +8333,7 @@
 ];
 $ignoreErrors[] = [
 	'message' => '#^Construct empty\\(\\) is not allowed\\. Use more strict comparison\\.$#',
-	'count' => 4,
-	'path' => __DIR__ . '/system/Session/Handlers/RedisHandler.php',
-];
-$ignoreErrors[] = [
-	'message' => '#^Only booleans are allowed in &&, string given on the right side\\.$#',
-	'count' => 1,
+	'count' => 2,
 	'path' => __DIR__ . '/system/Session/Handlers/RedisHandler.php',
 ];
 $ignoreErrors[] = [
diff --git a/system/Session/Handlers/RedisHandler.php b/system/Session/Handlers/RedisHandler.php
@@ -63,6 +63,16 @@ class RedisHandler extends BaseHandler
      */
     protected $sessionExpiration = 7200;
 
+    /**
+     * Time (microseconds) to wait if lock cannot be acquired.
+     */
+    private int $lockRetryInterval = 100_000;
+
+    /**
+     * Maximum number of lock acquisition attempts.
+     */
+    private int $lockMaxRetries = 300;
+
     /**
      * @param string $ipAddress User's IP address
      *
@@ -76,6 +86,7 @@ public function __construct(SessionConfig $config, string $ipAddress)
         $this->sessionExpiration = ($config->expiration === 0)
             ? (int) ini_get('session.gc_maxlifetime')
             : $config->expiration;
+
         // Add sessionCookieName for multiple session cookies.
         $this->keyPrefix .= $config->cookieName . ':';
 
@@ -84,6 +95,9 @@ public function __construct(SessionConfig $config, string $ipAddress)
         if ($this->matchIP === true) {
             $this->keyPrefix .= $this->ipAddress . ':';
         }
+
+        $this->lockRetryInterval = $config->lockWait ?? $this->lockRetryInterval;
+        $this->lockMaxRetries    = $config->lockAttempts ?? $this->lockMaxRetries;
     }
 
     protected function setSavePath(): void
@@ -92,23 +106,57 @@ protected function setSavePath(): void
             throw SessionException::forEmptySavepath();
         }
 
-        if (preg_match('#(?:(tcp|tls)://)?([^:?]+)(?:\:(\d+))?(\?.+)?#', $this->savePath, $matches)) {
-            if (! isset($matches[4])) {
-                $matches[4] = ''; // Just to avoid undefined index notices below
-            }
+        $url   = parse_url($this->savePath);
+        $query = [];
 
-            $this->savePath = [
-                'protocol' => ! empty($matches[1]) ? $matches[1] : self::DEFAULT_PROTOCOL,
-                'host'     => $matches[2],
-                'port'     => empty($matches[3]) ? self::DEFAULT_PORT : $matches[3],
-                'password' => preg_match('#auth=([^\s&]+)#', $matches[4], $match) ? $match[1] : null,
-                'database' => preg_match('#database=(\d+)#', $matches[4], $match) ? (int) $match[1] : 0,
-                'timeout'  => preg_match('#timeout=(\d+\.\d+|\d+)#', $matches[4], $match) ? (float) $match[1] : 0.0,
-            ];
+        if ($url === false) {
+            // Unix domain socket like `unix:///var/run/redis/redis.sock?persistent=1`.
+            if (preg_match('#unix://(/[^:?]+)(\?.+)?#', $this->savePath, $matches)) {
+                $host = $matches[1];
+                $port = 0;
 
-            preg_match('#prefix=([^\s&]+)#', $matches[4], $match) && $this->keyPrefix = $match[1];
+                if (isset($matches[2])) {
+                    parse_str(ltrim($matches[2], '?'), $query);
+                }
+            } else {
+                throw SessionException::forInvalidSavePathFormat($this->savePath);
+            }
         } else {
-            throw SessionException::forInvalidSavePathFormat($this->savePath);
+            // Also accepts `/var/run/redis.sock` for backward compatibility.
+            if (isset($url['path']) && $url['path'][0] === '/') {
+                $host = $url['path'];
+                $port = 0;
+            } else {
+                // TCP connection.
+                if (! isset($url['host'])) {
+                    throw SessionException::forInvalidSavePathFormat($this->savePath);
+                }
+
+                $protocol = $url['scheme'] ?? self::DEFAULT_PROTOCOL;
+                $host     = $protocol . '://' . $url['host'];
+                $port     = $url['port'] ?? self::DEFAULT_PORT;
+            }
+
+            if (isset($url['query'])) {
+                parse_str($url['query'], $query);
+            }
+        }
+
+        $password = $query['auth'] ?? null;
+        $database = isset($query['database']) ? (int) $query['database'] : 0;
+        $timeout  = isset($query['timeout']) ? (float) $query['timeout'] : 0.0;
+        $prefix   = $query['prefix'] ?? null;
+
+        $this->savePath = [
+            'host'     => $host,
+            'port'     => $port,
+            'password' => $password,
+            'database' => $database,
+            'timeout'  => $timeout,
+        ];
+
+        if ($prefix !== null) {
+            $this->keyPrefix = $prefix;
         }
     }
 
@@ -130,8 +178,8 @@ public function open($path, $name): bool
 
         if (
             ! $redis->connect(
-                $this->savePath['protocol'] . '://' . $this->savePath['host'],
-                ($this->savePath['host'][0] === '/') ? 0 : (int) $this->savePath['port'],
+                $this->savePath['host'],
+                $this->savePath['port'],
                 $this->savePath['timeout']
             )
         ) {
@@ -325,14 +373,14 @@ protected function lockSession(string $sessionID): bool
             );
 
             if (! $result) {
-                usleep(100000);
+                usleep($this->lockRetryInterval);
 
                 continue;
             }
 
             $this->lockKey = $lockKey;
             break;
-        } while (++$attempt < 300);
+        } while (++$attempt < $this->lockMaxRetries);
 
         if ($attempt === 300) {
             $this->logger->error(
diff --git a/tests/system/Session/Handlers/Database/RedisHandlerTest.php b/tests/system/Session/Handlers/Database/RedisHandlerTest.php
@@ -52,63 +52,6 @@ protected function getInstance($options = [])
         return new RedisHandler($sessionConfig, $this->userIpAddress);
     }
 
-    public function testSavePathWithoutProtocol(): void
-    {
-        $handler = $this->getInstance(
-            ['savePath' => '127.0.0.1:6379']
-        );
-
-        $savePath = $this->getPrivateProperty($handler, 'savePath');
-
-        $this->assertSame('tcp', $savePath['protocol']);
-    }
-
-    public function testSavePathTLSAuth(): void
-    {
-        $handler = $this->getInstance(
-            ['savePath' => 'tls://127.0.0.1:6379?auth=password']
-        );
-
-        $savePath = $this->getPrivateProperty($handler, 'savePath');
-
-        $this->assertSame('tls', $savePath['protocol']);
-        $this->assertSame('password', $savePath['password']);
-    }
-
-    public function testSavePathTCPAuth(): void
-    {
-        $handler = $this->getInstance(
-            ['savePath' => 'tcp://127.0.0.1:6379?auth=password']
-        );
-
-        $savePath = $this->getPrivateProperty($handler, 'savePath');
-
-        $this->assertSame('tcp', $savePath['protocol']);
-        $this->assertSame('password', $savePath['password']);
-    }
-
-    public function testSavePathTimeoutFloat(): void
-    {
-        $handler = $this->getInstance(
-            ['savePath' => 'tcp://127.0.0.1:6379?timeout=2.5']
-        );
-
-        $savePath = $this->getPrivateProperty($handler, 'savePath');
-
-        $this->assertEqualsWithDelta(2.5, $savePath['timeout'], PHP_FLOAT_EPSILON);
-    }
-
-    public function testSavePathTimeoutInt(): void
-    {
-        $handler = $this->getInstance(
-            ['savePath' => 'tcp://127.0.0.1:6379?timeout=10']
-        );
-
-        $savePath = $this->getPrivateProperty($handler, 'savePath');
-
-        $this->assertEqualsWithDelta(10.0, $savePath['timeout'], PHP_FLOAT_EPSILON);
-    }
-
     public function testOpen(): void
     {
         $handler = $this->getInstance();
@@ -192,4 +135,103 @@ public function testSecondaryReadAfterClose(): void
 
         $handler->close();
     }
+
+    /**
+     * @dataProvider provideSetSavePath
+     */
+    public function testSetSavePath(string $savePath, array $expected): void
+    {
+        $option  = ['savePath' => $savePath];
+        $handler = $this->getInstance($option);
+
+        $savePath = $this->getPrivateProperty($handler, 'savePath');
+
+        $this->assertSame($expected, $savePath);
+    }
+
+    public static function provideSetSavePath(): iterable
+    {
+        yield from [
+            'w/o protocol' => [
+                '127.0.0.1:6379',
+                [
+                    'host'     => 'tcp://127.0.0.1',
+                    'port'     => 6379,
+                    'password' => null,
+                    'database' => 0,
+                    'timeout'  => 0.0,
+                ],
+            ],
+            'tls auth' => [
+                'tls://127.0.0.1:6379?auth=password',
+                [
+                    'host'     => 'tls://127.0.0.1',
+                    'port'     => 6379,
+                    'password' => 'password',
+                    'database' => 0,
+                    'timeout'  => 0.0,
+                ],
+            ],
+            'tcp auth' => [
+                'tcp://127.0.0.1:6379?auth=password',
+                [
+                    'host'     => 'tcp://127.0.0.1',
+                    'port'     => 6379,
+                    'password' => 'password',
+                    'database' => 0,
+                    'timeout'  => 0.0,
+                ],
+            ],
+            'timeout float' => [
+                'tcp://127.0.0.1:6379?timeout=2.5',
+                [
+                    'host'     => 'tcp://127.0.0.1',
+                    'port'     => 6379,
+                    'password' => null,
+                    'database' => 0,
+                    'timeout'  => 2.5,
+                ],
+            ],
+            'timeout int' => [
+                'tcp://127.0.0.1:6379?timeout=10',
+                [
+                    'host'     => 'tcp://127.0.0.1',
+                    'port'     => 6379,
+                    'password' => null,
+                    'database' => 0,
+                    'timeout'  => 10.0,
+                ],
+            ],
+            'auth acl' => [
+                'tcp://localhost:6379?auth[user]=redis-admin&auth[pass]=admin-password',
+                [
+                    'host'     => 'tcp://localhost',
+                    'port'     => 6379,
+                    'password' => ['user' => 'redis-admin', 'pass' => 'admin-password'],
+                    'database' => 0,
+                    'timeout'  => 0.0,
+                ],
+            ],
+            'unix domain socket' => [
+                'unix:///tmp/redis.sock',
+                [
+                    'host'     => '/tmp/redis.sock',
+                    'port'     => 0,
+                    'password' => null,
+                    'database' => 0,
+                    'timeout'  => 0.0,
+                ],
+            ],
+            'unix domain socket w/o protocol' => [
+                '/tmp/redis.sock',
+                [
+                    'host'     => '/tmp/redis.sock',
+                    'port'     => 0,
+                    'password' => null,
+                    'database' => 0,
+                    'timeout'  => 0.0,
+                ],
+            ],
+        ];
+    }
 }
diff --git a/user_guide_src/source/changelogs/v4.5.0.rst b/user_guide_src/source/changelogs/v4.5.0.rst
@@ -118,6 +118,11 @@ Libraries
     - The ``$dbGroup`` parameter of ``Validation::run()`` now accepts not only
       a database group name, but also a database connection instance or an array
       of database settings.
+- **Session:**
+    - ``RedisHandler`` now can configure the interval time for acquiring locks
+      (``$lockRetryInterval``) and the number of retries (``$lockMaxRetries``).
+    - Now you can use Redis ACL (username and password) with ``RedisHandler``.
+      See :ref:`sessions-redishandler-driver` for details.
 
 Helpers and Functions
 =====================
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
@@ -679,7 +679,9 @@ RedisHandler Driver
 
 .. note:: Since Redis doesn't have a locking mechanism exposed, locks for
     this driver are emulated by a separate value that is kept for up
-    to 300 seconds. With ``v4.3.2`` or above, you can connect ``Redis`` with **TLS** protocol.
+    to 300 seconds.
+
+.. note:: Starting with v4.3.2, you can connect Redis with **TLS** protocol.
 
 Redis is a storage engine typically used for caching and popular because
 of its high performance, which is also probably your reason to use the
@@ -713,6 +715,14 @@ sufficient:
 
 .. literalinclude:: sessions/041.php
 
+Starting with v4.5.0, you can use Redis ACL (username and password)::
+
+    public string $savePath = 'tcp://localhost:6379?auth[user]=username&auth[pass]=password';
+
+.. note:: Starting with v4.5.0, the interval time for acquiring locks
+    (``$lockRetryInterval``) and the number of retries (``$lockMaxRetries``) are
+    configurable.
+
 .. _sessions-memcachedhandler-driver:
 
 MemcachedHandler Driver
