Skip to main content

modo_session/
lib.rs

1//! Database-backed HTTP sessions for the modo framework.
2//!
3//! Provides cookie-based session management with:
4//! - ULID session IDs stored in a `modo_sessions` database table
5//! - Cryptographically random tokens (32 bytes); only the SHA-256 hash is persisted
6//! - Server-side fingerprint validation to detect session hijacking
7//! - Automatic LRU eviction when `max_sessions_per_user` is exceeded
8//! - Sliding expiry via periodic `touch` updates
9//!
10//! # Quick start
11//!
12//! ```rust,no_run
13//! // In your app entry point:
14//! let session_store = modo_session::SessionStore::new(
15//!     &db,
16//!     modo_session::SessionConfig::default(),
17//!     config.core.cookies.clone(),
18//! );
19//!
20//! app.service(session_store.clone())
21//!    .layer(modo_session::layer(session_store))
22//!    .run()
23//!    .await?;
24//! ```
25//!
26//! Then inject [`SessionManager`] as an extractor in any handler:
27//!
28//! ```rust,no_run
29//! async fn login(session: modo_session::SessionManager) -> modo::HandlerResult<()> {
30//!     session.authenticate("user-123").await?;
31//!     Ok(())
32//! }
33//! ```
34//!
35//! # Features
36//!
37//! - `cleanup-job` — registers a cron job (via `modo-jobs`) that deletes expired
38//!   sessions every 15 minutes.  Requires the `modo-jobs` crate.
39
40pub mod config;
41pub mod device;
42pub mod entity;
43pub mod fingerprint;
44pub mod manager;
45pub mod meta;
46pub mod middleware;
47pub mod store;
48pub mod types;
49
50#[cfg(feature = "cleanup-job")]
51pub mod cleanup;
52
53// Public API
54pub use config::SessionConfig;
55pub use manager::SessionManager;
56pub use meta::SessionMeta;
57pub use middleware::{layer, user_id_from_extensions};
58pub use store::SessionStore;
59pub use types::{SessionData, SessionId, SessionToken};
60
61// Re-exports for macro-generated code
62pub use chrono;
63pub use modo;
64pub use modo_db;
65pub use serde;
66pub use serde_json;