silent 2.16.1

Silent Web Framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320

use crate::{
    CookieExt, Handler, MiddleWareHandler, Next, Request, Response, SilentError, StatusCode,
};
use async_lock::RwLock;
use async_session::{MemoryStore, Session, SessionStore};
use async_trait::async_trait;
use cookie::{Cookie, CookieJar};
use std::sync::Arc;

pub struct SessionMiddleware<T>
where
    T: SessionStore,
{
    pub session_store: Arc<RwLock<T>>,
}

impl Default for SessionMiddleware<MemoryStore> {
    fn default() -> SessionMiddleware<MemoryStore> {
        let session = MemoryStore::new();
        Self::new(session)
    }
}

impl<T> SessionMiddleware<T>
where
    T: SessionStore,
{
    pub fn new(session: T) -> Self {
        let session_store = Arc::new(RwLock::new(session));
        SessionMiddleware { session_store }
    }
}

#[async_trait]
impl<T> MiddleWareHandler for SessionMiddleware<T>
where
    T: SessionStore,
{
    async fn handle(&self, mut req: Request, next: &Next) -> crate::Result<Response> {
        let mut cookies = req.cookies().clone();
        let cookie = cookies.get("silent-web-session");
        let session_store = self.session_store.read().await;
        let mut session_key_exists = false;
        let mut cookie_value = if let Some(cookie) = cookie {
            session_key_exists = true;
            cookie.value().to_string()
        } else {
            session_store
                .store_session(Session::new())
                .await?
                .ok_or_else(|| {
                    SilentError::business_error(
                        StatusCode::INTERNAL_SERVER_ERROR,
                        "failed to create session",
                    )
                })?
        };
        let session =
            if let Ok(Some(session)) = session_store.load_session(cookie_value.clone()).await {
                session
            } else {
                session_key_exists = false;
                cookie_value = session_store
                    .store_session(Session::new())
                    .await?
                    .ok_or_else(|| {
                        SilentError::business_error(
                            StatusCode::INTERNAL_SERVER_ERROR,
                            "failed to create session",
                        )
                    })?;
                session_store
                    .load_session(cookie_value.clone())
                    .await?
                    .ok_or_else(|| {
                        SilentError::business_error(
                            StatusCode::INTERNAL_SERVER_ERROR,
                            "failed to load session",
                        )
                    })?
            };
        req.extensions_mut().insert(session.clone());
        let session_copied = session.clone();
        if !session_key_exists {
            cookies.add(
                Cookie::build(("silent-web-session", cookie_value))
                    .max_age(cookie::time::Duration::hours(2))
                    .secure(true),
            );
        }
        let mut res = next.call(req).await?;
        if res.extensions().get::<Session>().is_none() {
            res.extensions_mut().insert(session_copied);
        }
        if res.extensions().get::<CookieJar>().is_none() {
            res.extensions_mut().insert(cookies);
        } else {
            if let Some(cookie_jar) = res.extensions().get::<CookieJar>() {
                for cookie in cookie_jar.iter() {
                    cookies.add(cookie.clone());
                }
            }
            res.extensions_mut().insert(cookies.clone());
        }
        Ok(res)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::handler::HandlerWrapper;
    use crate::session::session_ext::SessionExt;
    use async_session::MemoryStore;
    use cookie::{Cookie, CookieJar};
    use std::sync::Arc;

    // 辅助函数:创建用于测试的安全 Cookie(带 Secure 属性)
    fn test_cookie(name: &str, value: impl AsRef<str>) -> Cookie<'static> {
        Cookie::build((name.to_owned(), value.as_ref().to_owned()))
            .secure(true)
            .build()
    }

    // 创建测试用的 handler
    async fn test_handler(_req: Request) -> crate::Result<Response> {
        Ok(Response::empty())
    }

    #[test]
    fn test_session_middleware_default() {
        // 测试 SessionMiddleware 的 Default 实现
        let middleware = SessionMiddleware::<MemoryStore>::default();
        // 验证 Arc 引用计数
        let _count = Arc::strong_count(&middleware.session_store);
    }

    #[test]
    fn test_session_middleware_new() {
        // 测试 SessionMiddleware::new 构造函数
        let store = MemoryStore::new();
        let middleware = SessionMiddleware::new(store);
        // 验证 Arc 引用计数
        let _count = Arc::strong_count(&middleware.session_store);
    }

    #[tokio::test]
    async fn test_middleware_with_no_session_cookie() {
        // 测试没有 session cookie 时的行为(应该创建新 session)
        let middleware = SessionMiddleware::default();

        let mut req = Request::empty();

        // 设置空的 cookie jar
        req.extensions_mut().insert(CookieJar::new());

        let handler = HandlerWrapper::new(test_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
        let res = result.unwrap();

        // 验证 response 中有 session
        assert!(res.extensions().get::<Session>().is_some());
    }

    #[tokio::test]
    async fn test_middleware_with_valid_session_cookie() {
        // 测试有有效 session cookie 时的行为
        let middleware = SessionMiddleware::default();

        // 首先创建一个 session 并获取 cookie
        let store = middleware.session_store.read().await;
        let session = Session::new();
        let cookie_value = store.store_session(session).await.unwrap().unwrap();
        drop(store);

        // 创建带有 session cookie 的请求
        let mut jar = CookieJar::new();
        jar.add(test_cookie("silent-web-session", cookie_value));

        let mut req = Request::empty();
        req.extensions_mut().insert(jar);

        let handler = HandlerWrapper::new(test_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
        let res = result.unwrap();

        // 验证 response 中有 session
        assert!(res.extensions().get::<Session>().is_some());
    }

    #[tokio::test]
    async fn test_middleware_creates_new_session_if_cookie_invalid() {
        // 测试当 cookie 中的 session 无效时创建新 session
        let middleware = SessionMiddleware::default();

        // 创建带有无效 session cookie 的请求
        let mut jar = CookieJar::new();
        jar.add(test_cookie("silent-web-session", "invalid_cookie_value"));

        let mut req = Request::empty();
        req.extensions_mut().insert(jar);

        let handler = HandlerWrapper::new(test_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
        let res = result.unwrap();

        // 验证即使 cookie 无效,也能正常处理
        assert!(res.extensions().get::<Session>().is_some());
    }

    #[tokio::test]
    async fn test_middleware_session_inserted_to_request() {
        // 测试 session 被正确插入到 request extensions
        let middleware = SessionMiddleware::default();

        let mut req = Request::empty();
        req.extensions_mut().insert(CookieJar::new());

        let handler = HandlerWrapper::new(test_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
    }

    #[tokio::test]
    async fn test_middleware_preserves_response_session() {
        // 测试中间件保留 response 中的 session
        let middleware = SessionMiddleware::default();

        let mut req = Request::empty();
        req.extensions_mut().insert(CookieJar::new());

        // 创建一个会修改 session 的 handler
        async fn session_handler(mut req: Request) -> crate::Result<Response> {
            let session = req.sessions_mut();
            session.insert("test_key", "test_value").unwrap();
            Ok(Response::empty())
        }

        let handler = HandlerWrapper::new(session_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
        let res = result.unwrap();

        // 验证 response 中有 session
        assert!(res.extensions().get::<Session>().is_some());
    }

    #[tokio::test]
    async fn test_middleware_with_existing_cookie_jar() {
        // 测试当 response 中已有 CookieJar 时的行为
        let middleware = SessionMiddleware::default();

        let mut req = Request::empty();
        req.extensions_mut().insert(CookieJar::new());

        // 创建一个会添加 cookie 的 handler
        async fn cookie_handler(_req: Request) -> crate::Result<Response> {
            let mut res = Response::empty();
            let mut jar = CookieJar::new();
            jar.add(test_cookie("test_cookie", "test_value"));
            res.extensions_mut().insert(jar);
            Ok(res)
        }

        let handler = HandlerWrapper::new(cookie_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
        let res = result.unwrap();

        // 验证 response 中有 CookieJar
        assert!(res.extensions().get::<CookieJar>().is_some());
    }

    #[tokio::test]
    async fn test_middleware_adds_cookie_when_session_key_not_exists() {
        // 测试当 session key 不存在时添加 cookie
        let middleware = SessionMiddleware::default();

        let jar = CookieJar::new();
        // 不添加 session cookie

        let mut req = Request::empty();
        req.extensions_mut().insert(jar);

        let handler = HandlerWrapper::new(test_handler).arc();
        let middlewares: Vec<Arc<dyn MiddleWareHandler>> = vec![];
        let next = Next::build(handler, &middlewares);
        let result = middleware.handle(req, &next).await;

        assert!(result.is_ok());
        let res = result.unwrap();

        // 验证 response 中有 cookie jar
        if let Some(cookie_jar) = res.extensions().get::<CookieJar>() {
            // 应该有 session cookie
            assert!(cookie_jar.get("silent-web-session").is_some());
        }
    }
}