dioxus_cloudflare/

session.rs

//! Session middleware backed by Workers KV or D1.
//!
//! Provides ergonomic session management for `#[server]` functions with
//! automatic cookie handling and backend persistence.
//!
//! ## Usage
//!
//! Configure sessions on the [`Handler`](crate::Handler) builder:
//!
//! ```rust,ignore
//! Handler::new()
//!     .session(SessionConfig::kv("SESSIONS"))
//!     .handle(req, env)
//!     .await
//! ```
//!
//! Then access the session from any server function:
//!
//! ```rust,ignore
//! #[server]
//! pub async fn login(user: String) -> Result<(), ServerFnError> {
//!     let session = cf::session().await?;
//!     session.set("user_id", &user)?;
//!     Ok(())
//! }
//! ```
//!
//! ## Design
//!
//! - `cf::session()` is **async** — loads data from KV/D1 on first call, cached after
//! - `Session` methods are **sync** — operate on in-memory cache
//! - Session data is flushed to the backend before the response is finalized
//! - Thread-local state follows the same `RefCell<Option<T>>` pattern as context/cookies

use std::cell::RefCell;
use std::collections::HashMap;

use serde::de::DeserializeOwned;
use serde::Serialize;
use wasm_bindgen::prelude::*;

use crate::context::push_cookie;
use crate::error::{CfError, CfResultExt};

// ---------------------------------------------------------------------------
// UUID generation via Workers runtime
// ---------------------------------------------------------------------------

#[wasm_bindgen]
extern "C" {
    #[wasm_bindgen(js_namespace = crypto, js_name = randomUUID)]
    fn random_uuid() -> String;
}

// ---------------------------------------------------------------------------
// Configuration types
// ---------------------------------------------------------------------------

/// Session backend configuration.
///
/// Created via [`SessionConfig::kv()`] or [`SessionConfig::d1()`] and passed
/// to [`Handler::session()`](crate::Handler::session).
#[derive(Clone)]
pub struct SessionConfig {
    pub(crate) backend: SessionBackend,
    pub(crate) cookie_name: String,
    pub(crate) max_age_secs: u64,
}

#[derive(Clone)]
pub(crate) enum SessionBackend {
    Kv { binding: String },
    D1 { binding: String, table: String },
}

impl SessionConfig {
    /// Create a KV-backed session configuration.
    ///
    /// `binding` is the KV namespace binding name from `wrangler.toml`.
    /// Sessions are automatically expired using KV's `expiration_ttl`.
    ///
    /// # Example
    ///
    /// ```rust,ignore
    /// Handler::new()
    ///     .session(SessionConfig::kv("SESSIONS"))
    ///     .handle(req, env)
    ///     .await
    /// ```
    #[must_use]
    pub fn kv(binding: &str) -> Self {
        Self {
            backend: SessionBackend::Kv {
                binding: binding.to_owned(),
            },
            cookie_name: "__session".to_owned(),
            max_age_secs: 86400,
        }
    }

    /// Create a D1-backed session configuration.
    ///
    /// `binding` is the D1 database binding name and `table` is the table name.
    /// The table must exist with schema:
    ///
    /// ```sql
    /// CREATE TABLE sessions (
    ///     id TEXT PRIMARY KEY,
    ///     data TEXT NOT NULL,
    ///     expires_at INTEGER NOT NULL
    /// );
    /// ```
    ///
    /// Expired sessions are filtered at read time via `expires_at > unixepoch()`.
    ///
    /// # Example
    ///
    /// ```rust,ignore
    /// Handler::new()
    ///     .session(SessionConfig::d1("DB", "sessions"))
    ///     .handle(req, env)
    ///     .await
    /// ```
    #[must_use]
    pub fn d1(binding: &str, table: &str) -> Self {
        Self {
            backend: SessionBackend::D1 {
                binding: binding.to_owned(),
                table: table.to_owned(),
            },
            cookie_name: "__session".to_owned(),
            max_age_secs: 86400,
        }
    }

    /// Set the cookie name. Default: `"__session"`.
    #[must_use]
    pub fn cookie_name(mut self, name: &str) -> Self {
        self.cookie_name = name.to_owned();
        self
    }

    /// Set the session max age in seconds. Default: `86400` (24 hours).
    ///
    /// This controls both the cookie `Max-Age` and the backend expiry
    /// (KV `expiration_ttl` or D1 `expires_at`).
    #[must_use]
    pub fn max_age(mut self, secs: u64) -> Self {
        self.max_age_secs = secs;
        self
    }
}

// ---------------------------------------------------------------------------
// Thread-local state
// ---------------------------------------------------------------------------

struct SessionState {
    id: String,
    data: HashMap<String, serde_json::Value>,
    dirty: bool,
    destroyed: bool,
    is_new: bool,
}

thread_local! {
    static SESSION_CONFIG: RefCell<Option<SessionConfig>> = const { RefCell::new(None) };
    static SESSION_STATE: RefCell<Option<SessionState>> = const { RefCell::new(None) };
}

// ---------------------------------------------------------------------------
// Public API
// ---------------------------------------------------------------------------

/// Zero-sized session handle — all operations access thread-local state.
///
/// Obtained via [`cf::session()`](session). Methods are sync because they
/// operate on the in-memory cache loaded by the async `session()` call.
pub struct Session;

impl Session {
    /// Get a typed value from the session.
    ///
    /// Returns `Ok(None)` if the key is not present.
    ///
    /// # Errors
    ///
    /// Returns [`CfError`] if deserialization fails.
    pub fn get<T: DeserializeOwned>(&self, key: &str) -> Result<Option<T>, CfError> {
        SESSION_STATE.with(|cell| {
            let borrow = cell.borrow();
            let state = borrow
                .as_ref()
                .ok_or_else(|| CfError(worker::Error::RustError("session not loaded".into())))?;

            match state.data.get(key) {
                Some(value) => {
                    let typed: T = serde_json::from_value(value.clone()).cf()?;
                    Ok(Some(typed))
                }
                None => Ok(None),
            }
        })
    }

    /// Set a value in the session.
    ///
    /// The value is stored in the in-memory cache and flushed to the backend
    /// when the response is finalized.
    ///
    /// # Errors
    ///
    /// Returns [`CfError`] if serialization fails.
    pub fn set<T: Serialize>(&self, key: &str, value: &T) -> Result<(), CfError> {
        SESSION_STATE.with(|cell| {
            let mut borrow = cell.borrow_mut();
            let state = borrow
                .as_mut()
                .ok_or_else(|| CfError(worker::Error::RustError("session not loaded".into())))?;

            let json_value = serde_json::to_value(value).cf()?;
            state.data.insert(key.to_owned(), json_value);
            state.dirty = true;
            Ok(())
        })
    }

    /// Remove a key from the session.
    pub fn remove(&self, key: &str) {
        SESSION_STATE.with(|cell| {
            if let Some(ref mut state) = *cell.borrow_mut() {
                if state.data.remove(key).is_some() {
                    state.dirty = true;
                }
            }
        });
    }

    /// Destroy the session — deletes backend data and clears the cookie.
    pub fn destroy(&self) {
        SESSION_STATE.with(|cell| {
            if let Some(ref mut state) = *cell.borrow_mut() {
                state.destroyed = true;
            }
        });
    }

    /// Returns `true` if the session has no data.
    pub fn is_empty(&self) -> bool {
        SESSION_STATE.with(|cell| {
            cell.borrow()
                .as_ref()
                .is_none_or(|state| state.data.is_empty())
        })
    }

    /// Returns `true` if this is a new session (no existing cookie was found).
    pub fn is_new(&self) -> bool {
        SESSION_STATE.with(|cell| {
            cell.borrow()
                .as_ref()
                .is_none_or(|state| state.is_new)
        })
    }
}

/// Load the session for the current request.
///
/// Async on first call (reads from KV/D1), cached on subsequent calls.
/// Returns a zero-sized [`Session`] handle for sync get/set/remove operations.
///
/// # Errors
///
/// Returns [`CfError`] if:
/// - Session middleware is not configured (no `.session()` on `Handler`)
/// - The backend read fails (KV/D1 unavailable)
/// - Session data cannot be deserialized
///
/// # Example
///
/// ```rust,ignore
/// use dioxus_cloudflare::prelude::*;
///
/// #[server]
/// pub async fn get_user() -> Result<String, ServerFnError> {
///     let session = cf::session().await?;
///     let user: Option<String> = session.get("user_id")?;
///     Ok(user.unwrap_or_else(|| "not logged in".into()))
/// }
/// ```
pub async fn session() -> Result<Session, CfError> {
    // Already loaded — return cached handle
    let already_loaded = SESSION_STATE.with(|cell| cell.borrow().is_some());
    if already_loaded {
        return Ok(Session);
    }

    // Read config
    let config = SESSION_CONFIG.with(|cell| cell.borrow().clone()).ok_or_else(|| {
        CfError(worker::Error::RustError(
            "cf::session() called but session middleware is not configured — \
             add .session(SessionConfig::kv(\"SESSIONS\")) to your Handler"
                .into(),
        ))
    })?;

    // Check for existing session cookie
    let existing_id = crate::cookie::cookie(&config.cookie_name)?;

    let (id, data, is_new) = match existing_id {
        Some(ref session_id) if !session_id.is_empty() => {
            // Load from backend
            let data = load_from_backend(&config, session_id).await?;
            match data {
                Some(d) => (session_id.clone(), d, false),
                // Cookie exists but backend data is gone (expired/deleted)
                None => (random_uuid(), HashMap::new(), true),
            }
        }
        _ => {
            // No cookie — new session
            (random_uuid(), HashMap::new(), true)
        }
    };

    SESSION_STATE.with(|cell| {
        *cell.borrow_mut() = Some(SessionState {
            id,
            data,
            dirty: false,
            destroyed: false,
            is_new,
        });
    });

    Ok(Session)
}

// ---------------------------------------------------------------------------
// Internal API (pub(crate))
// ---------------------------------------------------------------------------

/// Store session config for the current request. Called by `Handler::handle()`.
pub(crate) fn set_session_config(config: SessionConfig) {
    SESSION_CONFIG.with(|cell| *cell.borrow_mut() = Some(config));
}

/// Flush dirty session data to the backend and queue the session cookie.
/// Called before `finalize()` in `Handler`.
///
/// If no session was loaded during this request, this is a no-op.
pub(crate) async fn flush_session() -> Result<(), worker::Error> {
    // Take the state — session is consumed at end of request
    let state = SESSION_STATE.with(|cell| cell.borrow_mut().take());
    let Some(state) = state else {
        return Ok(());
    };

    let config = SESSION_CONFIG.with(|cell| cell.borrow().clone());
    let Some(config) = config else {
        return Ok(());
    };

    if state.destroyed {
        // Delete from backend
        delete_from_backend(&config, &state.id)
            .await
            .map_err(|e| worker::Error::RustError(format!("session delete failed: {e}")))?;
        // Clear the cookie
        push_cookie(format!(
            "{}=; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=0",
            config.cookie_name
        ));
        return Ok(());
    }

    if state.dirty || state.is_new {
        // Only write if there's data, or if dirty (even if empty, to persist removal)
        save_to_backend(&config, &state.id, &state.data)
            .await
            .map_err(|e| worker::Error::RustError(format!("session save failed: {e}")))?;
        // Set the session cookie
        push_cookie(format!(
            "{}={}; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age={}",
            config.cookie_name, state.id, config.max_age_secs
        ));
    }

    // Clear config for next request
    SESSION_CONFIG.with(|cell| *cell.borrow_mut() = None);

    Ok(())
}

// ---------------------------------------------------------------------------
// Backend operations
// ---------------------------------------------------------------------------

async fn load_from_backend(
    config: &SessionConfig,
    session_id: &str,
) -> Result<Option<HashMap<String, serde_json::Value>>, CfError> {
    match &config.backend {
        SessionBackend::Kv { binding } => load_from_kv(binding, session_id).await,
        SessionBackend::D1 { binding, table } => load_from_d1(binding, table, session_id).await,
    }
}

async fn save_to_backend(
    config: &SessionConfig,
    session_id: &str,
    data: &HashMap<String, serde_json::Value>,
) -> Result<(), CfError> {
    match &config.backend {
        SessionBackend::Kv { binding } => {
            save_to_kv(binding, session_id, data, config.max_age_secs).await
        }
        SessionBackend::D1 { binding, table } => {
            save_to_d1(binding, table, session_id, data, config.max_age_secs).await
        }
    }
}

async fn delete_from_backend(config: &SessionConfig, session_id: &str) -> Result<(), CfError> {
    match &config.backend {
        SessionBackend::Kv { binding } => delete_from_kv(binding, session_id).await,
        SessionBackend::D1 { binding, table } => delete_from_d1(binding, table, session_id).await,
    }
}

// ---------------------------------------------------------------------------
// KV backend
// ---------------------------------------------------------------------------

fn session_key(session_id: &str) -> String {
    format!("session:{session_id}")
}

async fn load_from_kv(
    binding: &str,
    session_id: &str,
) -> Result<Option<HashMap<String, serde_json::Value>>, CfError> {
    let kv = crate::bindings::kv(binding)?;
    let key = session_key(session_id);

    let text = kv.get(&key).text().await.cf()?;

    match text {
        Some(json) => {
            let data: HashMap<String, serde_json::Value> = serde_json::from_str(&json).cf()?;
            Ok(Some(data))
        }
        None => Ok(None),
    }
}

async fn save_to_kv(
    binding: &str,
    session_id: &str,
    data: &HashMap<String, serde_json::Value>,
    max_age_secs: u64,
) -> Result<(), CfError> {
    let kv = crate::bindings::kv(binding)?;
    let key = session_key(session_id);
    let json = serde_json::to_string(data).cf()?;

    kv.put(&key, &json)
        .cf()?
        .expiration_ttl(max_age_secs)
        .execute()
        .await
        .cf()?;

    Ok(())
}

async fn delete_from_kv(binding: &str, session_id: &str) -> Result<(), CfError> {
    let kv = crate::bindings::kv(binding)?;
    let key = session_key(session_id);

    kv.delete(&key).await.cf()?;

    Ok(())
}

// ---------------------------------------------------------------------------
// D1 backend
// ---------------------------------------------------------------------------

async fn load_from_d1(
    binding: &str,
    table: &str,
    session_id: &str,
) -> Result<Option<HashMap<String, serde_json::Value>>, CfError> {
    let db = crate::bindings::d1(binding)?;
    let key = session_key(session_id);

    let result = db
        .prepare(format!(
            "SELECT data FROM {table} WHERE id = ? AND expires_at > unixepoch()"
        ))
        .bind(&[key.into()])
        .map_err(|e| CfError(worker::Error::RustError(format!("D1 bind failed: {e}"))))?
        .first::<serde_json::Value>(None)
        .await
        .cf()?;

    match result {
        Some(row) => {
            // D1 first() returns the row as a JSON object — extract the "data" field
            let data_str = row
                .get("data")
                .and_then(|v| v.as_str())
                .ok_or_else(|| {
                    CfError(worker::Error::RustError(
                        "session D1 row missing 'data' column".into(),
                    ))
                })?;
            let data: HashMap<String, serde_json::Value> =
                serde_json::from_str(data_str).cf()?;
            Ok(Some(data))
        }
        None => Ok(None),
    }
}

async fn save_to_d1(
    binding: &str,
    table: &str,
    session_id: &str,
    data: &HashMap<String, serde_json::Value>,
    max_age_secs: u64,
) -> Result<(), CfError> {
    let db = crate::bindings::d1(binding)?;
    let key = session_key(session_id);
    let json = serde_json::to_string(data).cf()?;

    db.prepare(format!(
        "INSERT OR REPLACE INTO {table} (id, data, expires_at) VALUES (?, ?, unixepoch() + ?)"
    ))
    .bind(&[key.into(), json.into(), max_age_secs.into()])
    .map_err(|e| CfError(worker::Error::RustError(format!("D1 bind failed: {e}"))))?
    .run()
    .await
    .cf()?;

    Ok(())
}

async fn delete_from_d1(binding: &str, table: &str, session_id: &str) -> Result<(), CfError> {
    let db = crate::bindings::d1(binding)?;
    let key = session_key(session_id);

    db.prepare(format!("DELETE FROM {table} WHERE id = ?"))
        .bind(&[key.into()])
        .map_err(|e| CfError(worker::Error::RustError(format!("D1 bind failed: {e}"))))?
        .run()
        .await
        .cf()?;

    Ok(())
}