ferro-rs 0.2.23

A Laravel-inspired web framework for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

//! Session storage abstraction

use async_trait::async_trait;
use serde::{de::DeserializeOwned, Serialize};
use std::collections::HashMap;

use crate::error::FrameworkError;

/// Session data container
///
/// Holds all session data including user authentication state and CSRF token.
#[derive(Clone, Debug, Default)]
pub struct SessionData {
    /// Unique session identifier
    pub id: String,
    /// Key-value data stored in the session
    pub data: HashMap<String, serde_json::Value>,
    /// Authenticated user ID (if any)
    pub user_id: Option<i64>,
    /// CSRF token for this session
    pub csrf_token: String,
    /// Whether the session has been modified
    pub dirty: bool,
}

impl SessionData {
    /// Create a new session with the given ID
    pub fn new(id: String, csrf_token: String) -> Self {
        Self {
            id,
            data: HashMap::new(),
            user_id: None,
            csrf_token,
            dirty: false,
        }
    }

    /// Get a value from the session
    ///
    /// # Example
    ///
    /// ```rust,ignore
    /// let name: Option<String> = session.get("name");
    /// ```
    pub fn get<T: DeserializeOwned>(&self, key: &str) -> Option<T> {
        self.data
            .get(key)
            .and_then(|v| serde_json::from_value(v.clone()).ok())
    }

    /// Put a value into the session
    ///
    /// # Example
    ///
    /// ```rust,ignore
    /// session.put("name", "John");
    /// session.put("count", 42);
    /// ```
    pub fn put<T: Serialize>(&mut self, key: &str, value: T) {
        if let Ok(v) = serde_json::to_value(value) {
            self.data.insert(key.to_string(), v);
            self.dirty = true;
        }
    }

    /// Remove a value from the session
    ///
    /// Returns the removed value if it existed.
    pub fn forget(&mut self, key: &str) -> Option<serde_json::Value> {
        self.dirty = true;
        self.data.remove(key)
    }

    /// Check if the session has a key
    pub fn has(&self, key: &str) -> bool {
        self.data.contains_key(key)
    }

    /// Flash a value to the session (available only for next request)
    ///
    /// # Example
    ///
    /// ```rust,ignore
    /// session.flash("success", "Item saved successfully!");
    /// ```
    pub fn flash<T: Serialize>(&mut self, key: &str, value: T) {
        self.put(&format!("_flash.new.{key}"), value);
    }

    /// Get a flashed value (clears it after reading)
    pub fn get_flash<T: DeserializeOwned>(&mut self, key: &str) -> Option<T> {
        let flash_key = format!("_flash.old.{key}");
        let value = self.get(&flash_key);
        if value.is_some() {
            self.forget(&flash_key);
        }
        value
    }

    /// Age flash data (move new flash to old, clear old)
    pub fn age_flash_data(&mut self) {
        // Remove old flash data
        let old_keys: Vec<String> = self
            .data
            .keys()
            .filter(|k| k.starts_with("_flash.old."))
            .cloned()
            .collect();
        let had_old = !old_keys.is_empty();
        for key in old_keys {
            self.data.remove(&key);
        }

        // Move new flash data to old
        let new_keys: Vec<String> = self
            .data
            .keys()
            .filter(|k| k.starts_with("_flash.new."))
            .cloned()
            .collect();
        let had_new = !new_keys.is_empty();
        for key in new_keys {
            if let Some(value) = self.data.remove(&key) {
                let old_key = key.replace("_flash.new.", "_flash.old.");
                self.data.insert(old_key, value);
            }
        }

        if had_new || had_old {
            self.dirty = true;
        }
    }

    /// Clear all session data (keeps ID and regenerates CSRF)
    pub fn flush(&mut self) {
        self.data.clear();
        self.user_id = None;
        self.dirty = true;
    }

    /// Check if the session has been modified
    pub fn is_dirty(&self) -> bool {
        self.dirty
    }

    /// Mark the session as clean (after saving)
    pub fn mark_clean(&mut self) {
        self.dirty = false;
    }
}

/// Session store trait for different backends
///
/// Implement this trait to create custom session storage backends.
#[async_trait]
pub trait SessionStore: Send + Sync {
    /// Read a session by its ID
    ///
    /// Returns None if the session doesn't exist or has expired.
    async fn read(&self, id: &str) -> Result<Option<SessionData>, FrameworkError>;

    /// Write a session to storage
    ///
    /// Creates a new session if it doesn't exist, updates if it does.
    async fn write(&self, session: &SessionData) -> Result<(), FrameworkError>;

    /// Destroy a session by its ID
    async fn destroy(&self, id: &str) -> Result<(), FrameworkError>;

    /// Garbage collect expired sessions
    ///
    /// Returns the number of sessions cleaned up.
    async fn gc(&self) -> Result<u64, FrameworkError>;

    /// Destroy all sessions for a user, optionally keeping one session.
    ///
    /// Used for "logout other devices" (pass current session ID to keep) or
    /// "logout everywhere" (pass None). Returns the number of destroyed sessions.
    ///
    /// Default implementation returns an error; override in drivers that support it.
    async fn destroy_for_user(
        &self,
        _user_id: i64,
        _except_session_id: Option<&str>,
    ) -> Result<u64, FrameworkError> {
        Err(FrameworkError::internal(
            "destroy_for_user not supported by this session driver".to_string(),
        ))
    }
}