reinhardt-auth 0.1.2

Authentication and authorization system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414

//! Automatic session cleanup and expiration
//!
//! This module provides functionality to automatically clean up expired sessions
//! from different backends. It can be run as a background task or scheduled job.
//!
//! ## Example
//!
//! ```rust
//! use reinhardt_auth::sessions::cleanup::SessionCleanupTask;
//! use reinhardt_auth::sessions::backends::InMemorySessionBackend;
//! use std::time::Duration;
//!
//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
//! let backend = InMemorySessionBackend::new();
//!
//! // Create a cleanup task
//! let cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));
//!
//! // Run cleanup manually
//! let removed_count = cleanup.run_cleanup().await?;
//! println!("Removed {} expired sessions", removed_count);
//! # Ok(())
//! # }
//! ```

use super::backends::{SessionBackend, SessionError};
use async_trait::async_trait;
use chrono::{DateTime, Duration as ChronoDuration, Utc};
use std::marker::PhantomData;
use std::time::Duration;

/// Session cleanup configuration
///
/// # Example
///
/// ```rust
/// use reinhardt_auth::sessions::cleanup::CleanupConfig;
/// use std::time::Duration;
///
/// let config = CleanupConfig {
///     max_age: Duration::from_secs(7200),
///     batch_size: 100,
/// };
/// ```
#[derive(Debug, Clone)]
pub struct CleanupConfig {
	/// Maximum session age before cleanup
	pub max_age: Duration,
	/// Number of sessions to clean up in one batch
	pub batch_size: usize,
}

impl Default for CleanupConfig {
	/// Create default cleanup configuration
	///
	/// # Example
	///
	/// ```rust
	/// use reinhardt_auth::sessions::cleanup::CleanupConfig;
	///
	/// let config = CleanupConfig::default();
	/// assert_eq!(config.max_age.as_secs(), 1209600); // 2 weeks
	/// assert_eq!(config.batch_size, 1000);
	/// ```
	fn default() -> Self {
		Self {
			max_age: Duration::from_secs(1209600), // 2 weeks
			batch_size: 1000,
		}
	}
}

/// Trait for session backends that support cleanup
#[async_trait]
pub trait CleanupableBackend: SessionBackend {
	/// Get all session keys
	async fn get_all_keys(&self) -> Result<Vec<String>, SessionError>;

	/// Get session metadata (creation time, last access time)
	async fn get_metadata(
		&self,
		session_key: &str,
	) -> Result<Option<SessionMetadata>, SessionError>;

	/// Get list of keys filtered by prefix
	///
	/// Default implementation uses get_all_keys() for filtering.
	/// Backends may provide more efficient implementations (e.g., database LIKE queries).
	async fn list_keys_with_prefix(&self, prefix: &str) -> Result<Vec<String>, SessionError> {
		// Default implementation: filter using get_all_keys()
		let all_keys = self.get_all_keys().await?;
		Ok(all_keys
			.into_iter()
			.filter(|key| key.starts_with(prefix))
			.collect())
	}

	/// Count keys filtered by prefix
	///
	/// Default implementation uses list_keys_with_prefix().
	/// Backends may provide more efficient implementations (e.g., COUNT queries).
	async fn count_keys_with_prefix(&self, prefix: &str) -> Result<usize, SessionError> {
		let keys = self.list_keys_with_prefix(prefix).await?;
		Ok(keys.len())
	}

	/// Delete all keys matching prefix
	///
	/// Default implementation uses list_keys_with_prefix() and delete().
	/// Backends may provide more efficient implementations (e.g., bulk DELETE).
	///
	/// # Returns
	///
	/// Returns the number of deleted sessions.
	async fn delete_keys_with_prefix(&self, prefix: &str) -> Result<usize, SessionError> {
		let keys = self.list_keys_with_prefix(prefix).await?;
		let mut deleted = 0;
		for key in keys {
			if self.delete(&key).await.is_ok() {
				deleted += 1;
			}
		}
		Ok(deleted)
	}
}

/// Session metadata for cleanup
#[derive(Debug, Clone)]
pub struct SessionMetadata {
	/// When the session was created
	pub created_at: DateTime<Utc>,
	/// When the session was last accessed
	pub last_accessed: Option<DateTime<Utc>>,
}

/// Session cleanup task
///
/// Automatically removes expired sessions based on configuration.
///
/// # Example
///
/// ```rust
/// use reinhardt_auth::sessions::cleanup::SessionCleanupTask;
/// use reinhardt_auth::sessions::backends::InMemorySessionBackend;
/// use std::time::Duration;
///
/// # async fn example() -> Result<(), Box<dyn std::error::Error>> {
/// let backend = InMemorySessionBackend::new();
/// let cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));
///
/// // Run cleanup
/// let count = cleanup.run_cleanup().await?;
/// println!("Cleaned up {} sessions", count);
/// # Ok(())
/// # }
/// ```
pub struct SessionCleanupTask<B: SessionBackend> {
	backend: B,
	config: CleanupConfig,
	_phantom: PhantomData<B>,
}

impl<B: SessionBackend> SessionCleanupTask<B> {
	/// Create a new cleanup task with default configuration
	///
	/// # Example
	///
	/// ```rust
	/// use reinhardt_auth::sessions::cleanup::SessionCleanupTask;
	/// use reinhardt_auth::sessions::backends::InMemorySessionBackend;
	/// use std::time::Duration;
	///
	/// let backend = InMemorySessionBackend::new();
	/// let cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));
	/// ```
	pub fn new(backend: B, max_age: Duration) -> Self {
		Self {
			backend,
			config: CleanupConfig {
				max_age,
				..Default::default()
			},
			_phantom: PhantomData,
		}
	}

	/// Create a new cleanup task with custom configuration
	///
	/// # Example
	///
	/// ```rust
	/// use reinhardt_auth::sessions::cleanup::{SessionCleanupTask, CleanupConfig};
	/// use reinhardt_auth::sessions::backends::InMemorySessionBackend;
	/// use std::time::Duration;
	///
	/// let backend = InMemorySessionBackend::new();
	/// let config = CleanupConfig {
	///     max_age: Duration::from_secs(7200),
	///     batch_size: 500,
	/// };
	/// let cleanup = SessionCleanupTask::with_config(backend, config);
	/// ```
	pub fn with_config(backend: B, config: CleanupConfig) -> Self {
		Self {
			backend,
			config,
			_phantom: PhantomData,
		}
	}

	/// Run cleanup operation
	///
	/// Returns the number of sessions that were removed.
	///
	/// # Example
	///
	/// ```rust
	/// use reinhardt_auth::sessions::cleanup::SessionCleanupTask;
	/// use reinhardt_auth::sessions::backends::InMemorySessionBackend;
	/// use std::time::Duration;
	///
	/// # async fn example() -> Result<(), Box<dyn std::error::Error>> {
	/// let backend = InMemorySessionBackend::new();
	/// let cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));
	///
	/// let removed = cleanup.run_cleanup().await?;
	/// println!("Removed {} expired sessions", removed);
	/// # Ok(())
	/// # }
	/// ```
	pub async fn run_cleanup(&self) -> Result<usize, SessionError> {
		// For basic backends without metadata support, we can't determine age
		// This is a simplified implementation that always returns 0
		// Specific backends (database, file) should implement CleanupableBackend
		Ok(0)
	}
}

impl<B: SessionBackend + CleanupableBackend> SessionCleanupTask<B> {
	/// Run cleanup operation for backends with metadata support
	///
	/// # Example
	///
	/// ```rust,no_run,ignore
	/// use reinhardt_auth::sessions::cleanup::SessionCleanupTask;
	/// # use reinhardt_auth::sessions::backends::InMemorySessionBackend;
	/// use std::time::Duration;
	///
	/// # async fn example() -> Result<(), Box<dyn std::error::Error>> {
	/// # let backend = InMemorySessionBackend::new();
	/// let cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));
	///
	/// let removed = cleanup.run_cleanup_with_metadata().await?;
	/// println!("Removed {} expired sessions", removed);
	/// # Ok(())
	/// # }
	/// ```
	pub async fn run_cleanup_with_metadata(&self) -> Result<usize, SessionError> {
		let all_keys = self.backend.get_all_keys().await?;
		let cutoff_time = Utc::now() - ChronoDuration::from_std(self.config.max_age).unwrap();

		let mut removed_count = 0;

		for chunk in all_keys.chunks(self.config.batch_size) {
			for key in chunk {
				if let Some(metadata) = self.backend.get_metadata(key).await? {
					// Check if session is expired based on last_accessed time
					if metadata.last_accessed < Some(cutoff_time)
						&& self.backend.delete(key).await.is_ok()
					{
						removed_count += 1;
					}
				}
			}
		}

		Ok(removed_count)
	}
}

#[cfg(test)]
mod tests {
	use super::*;
	use crate::sessions::InMemorySessionBackend;
	use rstest::rstest;

	#[rstest]
	#[tokio::test]
	async fn test_cleanup_config_default() {
		let config = CleanupConfig::default();
		assert_eq!(config.max_age.as_secs(), 1209600); // 2 weeks
		assert_eq!(config.batch_size, 1000);
	}

	#[rstest]
	#[tokio::test]
	async fn test_cleanup_task_creation() {
		let backend = InMemorySessionBackend::new();
		let _cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));
	}

	#[rstest]
	#[tokio::test]
	async fn test_cleanup_task_with_config() {
		let backend = InMemorySessionBackend::new();
		let config = CleanupConfig {
			max_age: Duration::from_secs(7200),
			batch_size: 500,
		};
		let _cleanup = SessionCleanupTask::with_config(backend, config);
	}

	#[rstest]
	#[tokio::test]
	async fn test_run_cleanup_basic_backend() {
		let backend = InMemorySessionBackend::new();
		let cleanup = SessionCleanupTask::new(backend, Duration::from_secs(3600));

		// Basic backend without metadata support returns 0
		let removed = cleanup.run_cleanup().await.unwrap();
		assert_eq!(removed, 0);
	}

	#[rstest]
	#[tokio::test]
	async fn test_cleanup_removes_expired_sessions() {
		// Arrange
		let backend = InMemorySessionBackend::new();
		let data = serde_json::json!({"user": "expired_user"});
		backend
			.save("sess_expired", &data, Some(3600))
			.await
			.unwrap();

		// Wait briefly so the session ages past the very short max_age
		tokio::time::sleep(Duration::from_millis(50)).await;

		// Create cleanup task with very short max_age (1ms) so session is considered expired
		let cleanup = SessionCleanupTask::new(backend.clone(), Duration::from_millis(1));

		// Act
		let removed = cleanup.run_cleanup_with_metadata().await.unwrap();

		// Assert
		assert_eq!(removed, 1);
		let loaded: Option<serde_json::Value> = backend.load("sess_expired").await.unwrap();
		assert!(loaded.is_none());
	}

	#[rstest]
	#[tokio::test]
	async fn test_cleanup_preserves_recent_sessions() {
		// Arrange
		let backend = InMemorySessionBackend::new();
		let data = serde_json::json!({"user": "active_user"});
		backend
			.save("sess_recent", &data, Some(3600))
			.await
			.unwrap();

		// Access the session to populate last_accessed timestamp
		let _: Option<serde_json::Value> = backend.load("sess_recent").await.unwrap();

		// Create cleanup task with long max_age so session is still valid
		let cleanup = SessionCleanupTask::new(backend.clone(), Duration::from_secs(3600));

		// Act
		let removed = cleanup.run_cleanup_with_metadata().await.unwrap();

		// Assert
		assert_eq!(removed, 0);
		let loaded: Option<serde_json::Value> = backend.load("sess_recent").await.unwrap();
		assert!(loaded.is_some());
	}

	#[rstest]
	#[tokio::test]
	async fn test_cleanup_batch_processing() {
		// Arrange
		let backend = InMemorySessionBackend::new();
		let data = serde_json::json!({"batch": true});
		backend
			.save("batch_sess_1", &data, Some(3600))
			.await
			.unwrap();
		backend
			.save("batch_sess_2", &data, Some(3600))
			.await
			.unwrap();
		backend
			.save("batch_sess_3", &data, Some(3600))
			.await
			.unwrap();

		// Wait briefly so sessions age past the very short max_age
		tokio::time::sleep(Duration::from_millis(50)).await;

		// Create cleanup task with batch_size=1 and very short max_age
		let config = CleanupConfig {
			max_age: Duration::from_millis(1),
			batch_size: 1,
		};
		let cleanup = SessionCleanupTask::with_config(backend.clone(), config);

		// Act
		let removed = cleanup.run_cleanup_with_metadata().await.unwrap();

		// Assert
		assert_eq!(removed, 3);
		assert!(!backend.exists("batch_sess_1").await.unwrap());
		assert!(!backend.exists("batch_sess_2").await.unwrap());
		assert!(!backend.exists("batch_sess_3").await.unwrap());
	}
}