pekko-http-session

package names

Update SessionInvalidationScala.scala

Author: pjfanning

pekko-http-session/build.sbt

@@ -0,0 +1,94 @@
+import com.softwaremill.SbtSoftwareMillCommon.commonSmlBuildSettings
+import com.softwaremill.Publish.ossPublishSettings
+
+val scala2_12 = "2.12.18"
+val scala2_13 = "2.13.11"
+val scala3 = "3.3.0"
+val scalaVersions = List(scala2_12, scala2_13, scala3)
+
+lazy val commonSettings = commonSmlBuildSettings ++ ossPublishSettings ++ Seq(
+  organization := "com.softwaremill.pekko-http-session",
+  versionScheme := Some("early-semver")
+)
+
+val pekkoHttpVersion = "1.0.0"
+val pekkoStreamsVersion = "1.0.1"
+val scalaJava8CompatVersion = "1.0.2"
+val json4sVersion = "4.0.4"
+val pekkoStreamsProvided = "org.apache.pekko" %% "pekko-stream" % pekkoStreamsVersion % "provided"
+val pekkoStreamsTestkit = "org.apache.pekko" %% "pekko-stream-testkit" % pekkoStreamsVersion % "test"
+
+val scalaTest = "org.scalatest" %% "scalatest" % "3.2.16" % "test"
+
+lazy val rootProject = (project in file("."))
+  .settings(commonSettings: _*)
+  .settings(publish / skip := true, name := "pekko-http-session", scalaVersion := scala2_13)
+  .aggregate(core.projectRefs ++ jwt.projectRefs ++ example.projectRefs ++ javaTests.projectRefs: _*)
+
+lazy val core = (projectMatrix in file("core"))
+  .settings(commonSettings: _*)
+  .settings(
+    name := "core",
+    libraryDependencies ++= Seq(
+      "org.apache.pekko" %% "pekko-http" % pekkoHttpVersion,
+      "org.scala-lang.modules" %% "scala-java8-compat" % scalaJava8CompatVersion,
+      pekkoStreamsProvided,
+      "org.apache.pekko" %% "pekko-http-testkit" % pekkoHttpVersion % "test",
+      pekkoStreamsTestkit,
+      "org.scalacheck" %% "scalacheck" % "1.15.4" % "test",
+      scalaTest
+    )
+  )
+  .jvmPlatform(scalaVersions = scalaVersions)
+
+lazy val jwt = (projectMatrix in file("jwt"))
+  .settings(commonSettings: _*)
+  .settings(
+    name := "jwt",
+    libraryDependencies ++= Seq(
+      "org.json4s" %% "json4s-jackson" % json4sVersion,
+      "org.json4s" %% "json4s-ast" % json4sVersion,
+      "org.json4s" %% "json4s-core" % json4sVersion,
+      pekkoStreamsProvided,
+      scalaTest
+    ),
+    // generating docs for 2.13 causes an error: "not found: type DefaultFormats$"
+    Compile / doc / sources := Seq.empty
+  )
+  .jvmPlatform(scalaVersions = scalaVersions)
+  .dependsOn(core)
+
+lazy val example = (projectMatrix in file("example"))
+  .settings(commonSettings: _*)
+  .settings(
+    publishArtifact := false,
+    libraryDependencies ++= Seq(
+      pekkoStreamsProvided,
+      "com.typesafe.scala-logging" %% "scala-logging" % "3.9.4",
+      "ch.qos.logback" % "logback-classic" % "1.2.12",
+      "org.json4s" %% "json4s-ext" % json4sVersion
+    )
+  )
+  .jvmPlatform(scalaVersions = scalaVersions)
+  .dependsOn(core, jwt)
+
+lazy val javaTests = (projectMatrix in file("javaTests"))
+  .settings(commonSettings: _*)
+  .settings(
+    name := "javaTests",
+    Test / testOptions := Seq(Tests.Argument(TestFrameworks.JUnit, "-a")), // required for javadsl JUnit tests
+    crossPaths := false, // https://github.com/sbt/junit-interface/issues/35
+    publishArtifact := false,
+    libraryDependencies ++= Seq(
+      pekkoStreamsProvided,
+      "org.apache.pekko" %% "pekko-http" % pekkoHttpVersion,
+      "org.scala-lang.modules" %% "scala-java8-compat" % scalaJava8CompatVersion,
+      "org.apache.pekko" %% "pekko-http-testkit" % pekkoHttpVersion % "test",
+      pekkoStreamsTestkit,
+      "junit" % "junit" % "4.13.2" % "test",
+      "com.github.sbt" % "junit-interface" % "0.13.3" % "test",
+      scalaTest
+    )
+  )
+  .jvmPlatform(scalaVersions = scalaVersions)
+  .dependsOn(core, jwt)

pekko-http-session/core/src/main/java/com/softwaremill/pekkohttpsession/javadsl/CsrfDirectives.scala

@@ -0,0 +1,35 @@
+package com.softwaremill.pekkohttpsession.javadsl
+
+import com.softwaremill.pekkohttpsession
+import com.softwaremill.pekkohttpsession.CsrfCheckMode
+
+import java.util.function.Supplier
+import org.apache.pekko.http.javadsl.server.Route
+import org.apache.pekko.http.javadsl.server.directives.RouteAdapter
+
+/**
+ * Java alternative for com.softwaremill.pekkohttpsession.CsrfDirectives
+ */
+trait CsrfDirectives {
+
+  def hmacTokenCsrfProtection[T](checkMode: CsrfCheckMode[T], inner: Supplier[Route]): Route = RouteAdapter {
+    pekkohttpsession.CsrfDirectives.hmacTokenCsrfProtection(checkMode) {
+      inner.get.asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+  /**
+    * @deprecated as of release 0.6.1, replaced by {@link #hmacTokensCsrfProtection()}
+    */
+  def randomTokenCsrfProtection[T](checkMode: CsrfCheckMode[T], inner: Supplier[Route]): Route =
+    hmacTokenCsrfProtection(checkMode, inner)
+
+  def setNewCsrfToken[T](checkMode: CsrfCheckMode[T], inner: Supplier[Route]): Route = RouteAdapter {
+    pekkohttpsession.CsrfDirectives.setNewCsrfToken(checkMode) {
+      inner.get.asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+}
+
+object CsrfDirectives extends CsrfDirectives

pekko-http-session/core/src/main/java/com/softwaremill/pekkohttpsession/javadsl/HttpSessionAwareDirectives.java

@@ -0,0 +1,59 @@
+package com.softwaremill.pekkohttpsession.javadsl;
+
+import org.apache.pekko.http.javadsl.server.AllDirectives;
+import org.apache.pekko.http.javadsl.server.Route;
+import com.softwaremill.pekkohttpsession.CsrfCheckMode;
+import com.softwaremill.pekkohttpsession.GetSessionTransport;
+import com.softwaremill.pekkohttpsession.SessionContinuity;
+import com.softwaremill.pekkohttpsession.SessionManager;
+import com.softwaremill.pekkohttpsession.SessionResult;
+import com.softwaremill.pekkohttpsession.SetSessionTransport;
+
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.function.Supplier;
+
+public class HttpSessionAwareDirectives<T> extends AllDirectives {
+
+    private final SessionManager<T> sessionManager;
+
+    public HttpSessionAwareDirectives(SessionManager<T> sessionManager) {
+        this.sessionManager = sessionManager;
+    }
+
+    public Route session(SessionContinuity sc, GetSessionTransport st, Function<SessionResult<T>, Route> continuity) {
+        return SessionDirectives$.MODULE$.session(sc, st, continuity);
+    }
+
+    public Route setSession(SessionContinuity sc, SetSessionTransport st, T session, Supplier<Route> continuity) {
+        return SessionDirectives$.MODULE$.setSession(sc, st, session, continuity);
+    }
+
+    public Route optionalSession(SessionContinuity sc, SetSessionTransport st, Function<Optional<T>, Route> continuity) {
+        return SessionDirectives$.MODULE$.optionalSession(sc, st, continuity);
+    }
+
+    public Route requiredSession(SessionContinuity<T> sc, SetSessionTransport st, Function<T, Route> continuity) {
+        return SessionDirectives$.MODULE$.requiredSession(sc, st, continuity);
+    }
+
+    public Route touchRequiredSession(SessionContinuity<T> sc, SetSessionTransport st, Function<T, Route> continuity) {
+        return SessionDirectives$.MODULE$.touchRequiredSession(sc, st, continuity);
+    }
+
+    public Route invalidateSession(SessionContinuity<T> sc, SetSessionTransport st, Supplier<Route> continuity) {
+        return SessionDirectives$.MODULE$.invalidateSession(sc, st, continuity);
+    }
+
+    public Route setNewCsrfToken(CsrfCheckMode<T> checkHeader, Supplier<Route> continuity) {
+        return CsrfDirectives$.MODULE$.setNewCsrfToken(checkHeader, continuity);
+    }
+
+    public Route randomTokenCsrfProtection(CsrfCheckMode<T> checkHeader, Supplier<Route> continuity) {
+        return CsrfDirectives$.MODULE$.randomTokenCsrfProtection(checkHeader, continuity);
+    }
+
+    public SessionManager<T> getSessionManager() {
+        return sessionManager;
+    }
+}

pekko-http-session/core/src/main/java/com/softwaremill/pekkohttpsession/javadsl/InMemoryRefreshTokenStorage.scala

@@ -0,0 +1,7 @@
+package com.softwaremill.pekkohttpsession.javadsl
+
+/**
+ * Can't use the trait com.softwaremill.pekkohttpsession.InMemoryRefreshTokenStorage in Java code, hence this wrapper
+ * http://stackoverflow.com/questions/7637752/using-scala-traits-with-implemented-methods-in-java
+ */
+abstract class InMemoryRefreshTokenStorage[T]() extends com.softwaremill.pekkohttpsession.InMemoryRefreshTokenStorage[T]

pekko-http-session/core/src/main/java/com/softwaremill/pekkohttpsession/javadsl/SessionDirectives.scala

@@ -0,0 +1,57 @@
+package com.softwaremill.pekkohttpsession.javadsl
+
+import com.softwaremill.pekkohttpsession
+import com.softwaremill.pekkohttpsession.{GetSessionTransport, OneOffSessionDirectives, RefreshableSessionDirectives, SessionContinuity, SessionResult, SetSessionTransport}
+
+import java.util.Optional
+import java.util.function.Supplier
+import org.apache.pekko.http.javadsl.server.Route
+import org.apache.pekko.http.javadsl.server.directives.RouteAdapter
+
+import scala.compat.java8.OptionConverters._
+
+/**
+ * Java alternative for com.softwaremill.pekkohttpsession.SessionDirectives
+ */
+trait SessionDirectives extends OneOffSessionDirectives with RefreshableSessionDirectives {
+
+  def session[T](sc: SessionContinuity[T], st: GetSessionTransport, inner: java.util.function.Function[SessionResult[T], Route]): Route = RouteAdapter {
+    pekkohttpsession.SessionDirectives.session(sc, st) { sessionResult =>
+      inner.apply(sessionResult).asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+  def setSession[T](sc: SessionContinuity[T], st: SetSessionTransport, v: T, inner: Supplier[Route]): Route = RouteAdapter {
+    pekkohttpsession.SessionDirectives.setSession(sc, st, v) {
+      inner.get.asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+  def invalidateSession[T](sc: SessionContinuity[T], st: GetSessionTransport, inner: Supplier[Route]): Route = RouteAdapter {
+    pekkohttpsession.SessionDirectives.invalidateSession(sc, st) {
+      inner.get.asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+  def optionalSession[T](sc: SessionContinuity[T], st: GetSessionTransport, inner: java.util.function.Function[Optional[T], Route]): Route = RouteAdapter {
+    pekkohttpsession.SessionDirectives.optionalSession(sc, st) { session =>
+      inner.apply(session.asJava).asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+  def requiredSession[T](sc: SessionContinuity[T], st: GetSessionTransport, inner: java.util.function.Function[T, Route]): Route = RouteAdapter {
+    pekkohttpsession.SessionDirectives.requiredSession(sc, st) { session =>
+      inner.apply(session).asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+  def touchRequiredSession[T](sc: SessionContinuity[T], st: GetSessionTransport, inner: java.util.function.Function[T, Route]): Route = RouteAdapter {
+    pekkohttpsession.SessionDirectives.touchRequiredSession(sc, st) { session =>
+      inner.apply(session).asInstanceOf[RouteAdapter].delegate
+    }
+  }
+
+}
+
+object SessionDirectives extends SessionDirectives
+

pekko-http-session/core/src/main/java/com/softwaremill/pekkohttpsession/javadsl/SessionSerializers.java

@@ -0,0 +1,34 @@
+package com.softwaremill.pekkohttpsession.javadsl;
+
+import com.softwaremill.pekkohttpsession.MultiValueSessionSerializer;
+import com.softwaremill.pekkohttpsession.SessionSerializer;
+import com.softwaremill.pekkohttpsession.SessionSerializer$;
+import com.softwaremill.pekkohttpsession.converters.MapConverters;
+import scala.collection.JavaConverters;
+import scala.compat.java8.JFunction0;
+import scala.compat.java8.JFunction1;
+import scala.util.Try;
+
+import java.util.Map;
+
+/**
+ * Wrapper for session serializers in com.softwaremill.pekkohttpsession.SessionSerializer
+ */
+public final class SessionSerializers {
+
+    public static final SessionSerializer<String, String> StringToStringSessionSerializer = SessionSerializer$.MODULE$.stringToStringSessionSerializer();
+    public static final SessionSerializer<Integer, String> IntToStringSessionSerializer = (SessionSerializer<Integer, String>) (SessionSerializer) SessionSerializer$.MODULE$.intToStringSessionSerializer();
+    public static final SessionSerializer<Long, String> LongToStringSessionSerializer = (SessionSerializer<Long, String>) (SessionSerializer) SessionSerializer$.MODULE$.longToStringSessionSerializer();
+    public static final SessionSerializer<Float, String> FloatToStringSessionSerializer = (SessionSerializer<Float, String>) (SessionSerializer) SessionSerializer$.MODULE$.floatToStringSessionSerializer();
+    public static final SessionSerializer<Double, String> DoubleToStringSessionSerializer = (SessionSerializer<Double, String>) (SessionSerializer) SessionSerializer$.MODULE$.doubleToStringSessionSerializer();
+
+    public static final SessionSerializer<Map<String, String>, String> MapToStringSessionSerializer = new MultiValueSessionSerializer<>(
+        (JFunction1<Map<String, String>, scala.collection.immutable.Map<String, String>>) m -> MapConverters.toImmutableMap(m),
+        (JFunction1<scala.collection.immutable.Map<String, String>, Try<Map<String, String>>>) v1 ->
+            Try.apply((JFunction0<Map<String, String>>) () -> JavaConverters.mapAsJavaMapConverter(v1).asJava())
+    );
+
+    private SessionSerializers() {
+    }
+
+}

pekko-http-session/core/src/main/java/com/softwaremill/pekkohttpsession/javadsl/SessionTransports.java

@@ -0,0 +1,18 @@
+package com.softwaremill.pekkohttpsession.javadsl;
+
+import com.softwaremill.pekkohttpsession.CookieST$;
+import com.softwaremill.pekkohttpsession.HeaderST$;
+import com.softwaremill.pekkohttpsession.SetSessionTransport;
+
+/**
+ * Wrapper for session transports in com.softwaremill.pekkohttpsession.SetSessionTransport
+ */
+public final class SessionTransports {
+
+    public static final SetSessionTransport CookieST = CookieST$.MODULE$;
+    public static final SetSessionTransport HeaderST = HeaderST$.MODULE$;
+
+    private SessionTransports() {
+    }
+
+}

pekko-http-session/core/src/main/resources/reference.conf

@@ -0,0 +1,60 @@
+pekko.http.session {
+  cookie {
+    name = "_sessiondata"
+    domain = none
+    path = /
+    secure = false
+    http-only = true
+    same-site = Lax
+  }
+  header {
+    send-to-client-name = "Set-Authorization"
+    get-from-client-name = "Authorization"
+  }
+  max-age = 7 days
+  encrypt-data = false
+
+  jws {
+    alg = "HS256"
+  }
+
+  jwt {}
+
+  csrf {
+    cookie {
+      name = "XSRF-TOKEN"
+      domain = none
+      path = /
+      secure = false
+      http-only = false
+      same-site = Lax
+    }
+    submitted-name = "X-XSRF-TOKEN"
+  }
+
+  refresh-token {
+    cookie {
+      name = "_refreshtoken"
+      domain = none
+      path = /
+      secure = false
+      http-only = true
+      same-site = Lax
+    }
+    header {
+      send-to-client-name = "Set-Refresh-Token"
+      get-from-client-name = "Refresh-Token"
+    }
+    max-age = 30 days
+    remove-used-token-after = 5 seconds
+  }
+
+  token-migration {
+    v0-5-2 {
+      enabled = false
+    }
+    v0-5-3 {
+      enabled = false
+    }
+  }
+}