Inherit ActionDispatch::Session::AbstractSecureStore instead of Rack::Session::Abstract::Persisted

Author: ryokdy

Gemfile

@@ -10,6 +10,7 @@ group :docs do
 end
 
 group :test do
+  gem 'debug'
   gem 'rspec'
   gem 'simplecov', require: false
   gem 'rack-test'

README.md

@@ -84,34 +84,6 @@ garbage collection similar to below:
 The above example will clear sessions older than one day or that have been
 stale for longer than an hour.
 
-### Locking Strategy
-
-You may want the Session Store to implement the provided pessimistic locking
-strategy if you are concerned about concurrency issues with session accesses.
-By default, locking is not implemented for the session store. You must trigger
-the locking strategy through the configuration of the session store. Pessimistic
-locking, in this case, means that only one read can be made on a session at
-once. While the session is being read by the process with the lock, other
-processes may try to obtain a lock on the same session but will be blocked.
-
-Locking is expensive and will drive up costs depending on how it is used.
-Without locking, one read and one write are performed per request for session
-data manipulation. If a locking strategy is implemented, as many as the total
-maximum wait time divided by the lock retry delay writes to the database.
-Keep these considerations in mind if you plan to enable locking.
-
-#### Configuration for Locking
-
-The following configuration options will allow you to configure the pessimistic
-locking strategy according to your needs:
-
-    options = {
-      :enable_locking => true,
-      :lock_expiry_time => 500,
-      :lock_retry_delay => 500,
-      :lock_max_wait_time => 1
-    }
-
 ### Error Handling
 
 You can pass in your own error handler for raised exceptions or you can allow

aws-sessionstore-dynamodb.gemspec

@@ -16,6 +16,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'aws-sdk-dynamodb', '~> 1'
+  spec.add_dependency('actionpack', '>= 6.1')
   spec.add_dependency 'rack', '~> 3'
   spec.add_dependency 'rack-session', '>= 2.0.0'
 end

lib/aws-sessionstore-dynamodb.rb

@@ -6,14 +6,12 @@ module DynamoDB; end
 
 require 'aws/session_store/dynamo_db/configuration'
 require 'aws/session_store/dynamo_db/invalid_id_error'
-require 'aws/session_store/dynamo_db/missing_secret_key_error'
 require 'aws/session_store/dynamo_db/lock_wait_timeout_error'
 require 'aws/session_store/dynamo_db/errors/base_handler'
 require 'aws/session_store/dynamo_db/errors/default_handler'
 require 'aws/session_store/dynamo_db/garbage_collection'
 require 'aws/session_store/dynamo_db/locking/base'
 require 'aws/session_store/dynamo_db/locking/null'
-require 'aws/session_store/dynamo_db/locking/pessimistic'
 require 'aws/session_store/dynamo_db/rack_middleware'
 require 'aws/session_store/dynamo_db/table'
 require 'aws/session_store/dynamo_db/version'

lib/aws/session_store/dynamo_db/configuration.rb

@@ -23,14 +23,6 @@ module Aws::SessionStore::DynamoDB
   # :error_handler as a cofniguration object. You must implement the BaseErrorHandler class.
   # @see BaseHandler Interface for Error Handling for DynamoDB Session Store.
   #
-  # == Locking Strategy
-  # By default, locking is not implemented for the session store. You must trigger the
-  # locking strategy through the configuration of the session store. Pessimistic locking,
-  # in this case, means that only one read can be made on a session at once. While the session
-  # is being read by the process with the lock, other processes may try to obtain a lock on
-  # the same session but will be blocked. See the accessors with lock in their name for
-  # how to configure the pessimistic locking strategy to your needs.
-  #
   # == DynamoDB Specific Options
   # You may configure the table name and table hash key value of your session table with
   # the :table_name and :table_key options. You may also configure performance options for
@@ -52,8 +44,7 @@ class Configuration
       :enable_locking => false,
       :lock_expiry_time => 500,
       :lock_retry_delay => 500,
-      :lock_max_wait_time => 1,
-      :secret_key => nil
+      :lock_max_wait_time => 1
     }
 
     ### Feature options
@@ -94,26 +85,6 @@ class Configuration
     #   before the current time that the session was last accessed.
     attr_reader :max_stale
 
-    # @return [true] Pessimistic locking strategy will be implemented for
-    #   all session accesses.
-    # @return [false] No locking strategy will be implemented for
-    #   all session accesses.
-    attr_reader :enable_locking
-
-    # @return [Integer] Time in milleseconds after which lock will expire.
-    attr_reader :lock_expiry_time
-
-    # @return [Integer] Time in milleseconds to wait before retrying to obtain
-    #   lock once an attempt to obtain lock has been made and has failed.
-    attr_reader :lock_retry_delay
-
-    # @return [Integer] Maximum time in seconds to wait to acquire lock
-    #   before giving up.
-    attr_reader :lock_max_wait_time
-
-    # @return [String] The secret key for HMAC encryption.
-    attr_reader :secret_key
-
     # @return [String,Pathname]
     attr_reader :config_file
 
@@ -159,20 +130,6 @@ class Configuration
     #   from the current time that a session was created.
     # @option options [Integer] :max_stale (nil) Maximum number of seconds
     #   before current time that session was last accessed.
-    # @option options [String] :secret_key (nil) Secret key for HMAC encription.
-    # @option options [Integer] :enable_locking (false) If true, a pessimistic
-    #   locking strategy will be implemented for all session accesses.
-    #   If false, no locking strategy will be implemented for all session
-    #   accesses.
-    # @option options [Integer] :lock_expiry_time (500) Time in milliseconds
-    #   after which lock expires on session.
-    # @option options [Integer] :lock_retry_delay (500) Time in milleseconds to
-    #   wait before retrying to obtain lock once an attempt to obtain lock
-    #   has been made and has failed.
-    # @option options [Integer] :lock_max_wait_time (500) Maximum time
-    #   in seconds to wait to acquire lock before giving up.
-    # @option options [String] :secret_key (SecureRandom.hex(64))
-    #   Secret key for HMAC encription.
     def initialize(options = {})
       @options = default_options.merge(
         env_options.merge(

lib/aws/session_store/dynamo_db/errors/default_handler.rb

@@ -5,7 +5,6 @@ class DefaultHandler < Aws::SessionStore::DynamoDB::Errors::BaseHandler
     HARD_ERRORS = [
       Aws::DynamoDB::Errors::ResourceNotFoundException,
       Aws::DynamoDB::Errors::ConditionalCheckFailedException,
-      Aws::SessionStore::DynamoDB::MissingSecretKeyError,
       Aws::SessionStore::DynamoDB::LockWaitTimeoutError
     ]
 

lib/aws/session_store/dynamo_db/locking/base.rb

@@ -13,8 +13,14 @@ def set_session_data(env, sid, session, options = {})
       return false if session.empty?
       packed_session = pack_data(session)
       handle_error(env) do
-        save_opts = update_opts(env, sid, packed_session, options)
-        @config.dynamo_db_client.update_item(save_opts)
+        if env['dynamo_db.new_session']
+          save_options = save_new_opts(env, sid, packed_session)
+          @config.dynamo_db_client.put_item(save_options)
+          env.delete('dynamo_db.new_session')
+        else
+          save_options = save_exists_opts(env, sid, packed_session, options)
+          @config.dynamo_db_client.update_item(save_options)
+        end
         sid
       end
     end
@@ -51,104 +57,82 @@ def handle_error(env = nil, &block)
 
     # @return [Hash] Options for deleting session.
     def delete_opts(sid)
-      table_opts(sid)
-    end
-
-    # @return [Hash] Options for updating item in Session table.
-    def update_opts(env, sid, session, options = {})
-      if env['dynamo_db.new_session']
-        updt_options = save_new_opts(env, sid, session)
-      else
-        updt_options = save_exists_opts(env, sid, session, options)
-      end
-      updt_options
+      {
+        table_name: @config.table_name,
+        key: {
+          @config.table_key => sid
+        }
+      }
     end
 
     # @return [Hash] Options for saving a new session in database.
     def save_new_opts(env, sid, session)
-      attribute_opts = attr_updts(env, session, created_attr)
-      merge_all(table_opts(sid), attribute_opts)
+      {
+        table_name: @config.table_name,
+        item: {
+           @config.table_key => sid,
+           data: session.to_s,
+           created_at: created_at,
+           updated_at: updated_at,
+           expire_at: expire_at
+        },
+        condition_expression: "attribute_not_exists(#{@config.table_key})"
+      }
     end
 
     # @return [Hash] Options for saving an existing sesison in the database.
     def save_exists_opts(env, sid, session, options = {})
-      add_attr = options[:add_attrs] || {}
-      expected = options[:expect_attr] || {}
-      attribute_opts = merge_all(attr_updts(env, session, add_attr), expected)
-      merge_all(table_opts(sid), attribute_opts)
+      data = if data_unchanged?(env, session)
+        {}
+      else
+        {
+          data: {
+            value: session.to_s,
+            action: 'PUT'
+          }
+        }
+      end
+      {
+        table_name: @config.table_name,
+        key: {
+          @config.table_key => sid
+        },
+        attribute_updates: {
+          updated_at: {
+            value: updated_at,
+            action: 'PUT'
+          },
+          expire_at: {
+            value: expire_at,
+            action: 'PUT'
+          }
+        }.merge(data),
+        return_values: 'UPDATED_NEW'
+      }
     end
 
     # Unmarshal the data.
     def unpack_data(packed_data)
       Marshal.load(packed_data.unpack("m*").first)
     end
 
-    # Table options for client.
-    def table_opts(sid)
-      {
-        :table_name => @config.table_name,
-        :key => { @config.table_key => sid }
-      }
-    end
-
-    # Attributes to update via client.
-    def attr_updts(env, session, add_attrs = {})
-      data = data_unchanged?(env, session) ? {} : data_attr(session)
-      {
-        attribute_updates: merge_all(updated_attr, data, add_attrs, expire_attr),
-        return_values: 'UPDATED_NEW'
-      }
-    end
-
-    # Update client with current time attribute.
     def updated_at
-      { :value => (Time.now).to_f, :action  => "PUT" }
+      Time.now.to_f
     end
 
-    # Attribute for creation of session.
-    def created_attr
-      { "created_at" => updated_at }
+    def created_at
+      updated_at
     end
 
-    # Update client with current time + max_stale.
     def expire_at
       max_stale = @config.max_stale || 0
-      { value: (Time.now + max_stale).to_i, action: 'PUT' }
-    end
-
-    # Attribute for TTL expiration of session.
-    def expire_attr
-      { 'expire_at' => expire_at }
-    end
-
-    # Attribute for updating session.
-    def updated_attr
-      {
-        "updated_at" => updated_at
-      }
-    end
-
-    def data_attr(session)
-       { "data" => {:value => session, :action  => "PUT"} }
+      (Time.now + max_stale).to_i
     end
 
     # Determine if data has been manipulated
     def data_unchanged?(env, session)
       return false unless env['rack.initial_data']
       env['rack.initial_data'] == session
     end
-
-    # Attributes to be retrieved via client
-    def attr_opts
-      {:attributes_to_get => ["data"],
-      :consistent_read => @config.consistent_read}
-    end
-
-    # @return [Hash] merged hash of all hashes passed in.
-    def merge_all(*hashes)
-      new_hash = {}
-      hashes.each{|hash| new_hash.merge!(hash)}
-      new_hash
-    end
   end
 end

lib/aws/session_store/dynamo_db/locking/null.rb

@@ -13,13 +13,24 @@ def get_session_data(env, sid)
 
     # @return [Hash] Options for getting session.
     def get_session_opts(sid)
-      merge_all(table_opts(sid), attr_opts)
+      {
+        table_name: @config.table_name,
+        key: {
+          @config.table_key => sid
+        },
+        attributes_to_get: [ "data" ],
+        consistent_read: @config.consistent_read
+      }
     end
 
     # @return [String] Session data.
     def extract_data(env, result = nil)
-      env['rack.initial_data'] = result[:item]["data"] if result[:item]
-      unpack_data(result[:item]["data"]) if result[:item] && result[:item].has_key?("data")
+      if result[:item] && result[:item].has_key?("data")
+        env['rack.initial_data'] = result[:item]["data"]
+        unpack_data(result[:item]["data"])
+      else
+        nil
+      end
     end
 
   end