1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

extern crate time;

#[cfg(feature = "hyper")]
extern crate hyper;

use connectionsignature::ConnectionSignature;
use token::Token;
use sessionpolicy::SessionPolicy;
use time::{Timespec, Duration};
use std::collections::HashMap;
use AuthError;

// use std::net::SocketAddr;
// use std::net::IpAddr;
use std::sync::{Mutex, MutexGuard};

#[derive(Debug)]
struct Session {
    last_access: Timespec,
    // We're not using this right now, but will need it when we match policies
    // signature: ConnectionSignature,
}

impl Session {
    fn new(_: &ConnectionSignature) -> Session {
        Session {
            last_access: time::now().to_timespec(),
            // signature: signature.clone(),
        }
    }
}

#[derive(Debug)]
pub struct SessionManager {
    expiration: Duration,
    policy: SessionPolicy,
    // cookie_dir: String,
    sessions: Mutex<HashMap<ConnectionSignature, Session>>,
}

impl SessionManager {
    pub fn new(expiration: Duration, policy: SessionPolicy) -> SessionManager {
        SessionManager {
            expiration: expiration,
            policy: policy,
            // cookie_dir: "cookies".to_string(),
            sessions: Mutex::new(HashMap::new()),
        }
    }

    // This makes sure that the connectionsignature matches our policy and also
    // matches the session it is being applied to.
    // It's a good idea, but I'm not sure where to glue it in right now.
    // fn valid_connection(&self, signature: &ConnectionSignature, token: &Token) -> bool {
    //     self.policy.suitable_connection(signature) && match self.sessions.get(token) {
    //         Some(sess) => sess.signature == *signature,
    //         None => false,
    //     }
    // }

    pub fn is_expired(&self, signature: &ConnectionSignature) -> Result<bool, AuthError> {
        let mut hashmap = self.sessions.lock().map_err(|_| AuthError::Mutex)?;
        Ok(self.is_expired_locked(signature, &mut hashmap))
    }

    fn is_expired_locked(&self, signature: &ConnectionSignature, hashmap: &mut MutexGuard<HashMap<ConnectionSignature, Session>>) -> bool {
        let rv = match hashmap.get(signature) {
            Some(sess) => {
                (time::now().to_timespec() - sess.last_access) >= self.expiration
            }
            None => true
        };
        if rv {
            self.stop_locked(&signature, hashmap);
        }
        debug!("is_expired about to return {}", rv);
        rv
    }

    fn stop_locked(&self, signature: &ConnectionSignature, hashmap: &mut MutexGuard<HashMap<ConnectionSignature, Session>>) -> Option<Session> {
        hashmap.remove(signature)
    }

    // This has the same caveats as stop_all_sessions; should it be a Result?
    pub fn stop(&self, signature: &ConnectionSignature) {
        match self.sessions.lock() {
            Ok(mut hashmap) => self.stop_locked(signature, &mut hashmap),
            Err(poisoned) => poisoned.into_inner().remove(signature),
        };
    }

    pub fn start(&self, mut signature: ConnectionSignature) -> Result<ConnectionSignature, AuthError> {
        let mut hashmap = self.sessions.lock().map_err(|_| AuthError::Mutex)?;
        let need_insert = self.is_expired_locked(&signature, &mut hashmap);

        if need_insert {
            signature.token = Token::new(&self.policy.salt);
            hashmap.insert(signature.clone(), Session::new(&signature));
        } else {
            match hashmap.get_mut(&signature) {
                Some(sess) => sess.last_access = time::now().to_timespec(),
                None => return Err(AuthError::InternalConsistency), // this should be impossible
            }
        }
        Ok(signature)
    }

    // TODO: Nickel does not give us direct access to a hyper response object.
    // We need to figure out a clean way of setting the cookie, ideally w/o
    // requiring Nickel to be compiled in.

    // Should this fail if the mutex blew up?
    // It's not supposed to break anyway.
    pub fn stop_all_sessions(&self) {
        match self.sessions.lock() {
            Ok(mut hashmap) => hashmap.clear(),
            Err(poisoned) => poisoned.into_inner().clear(),
        }
    }
}

/*
    // Session data methods
    pub fn get_data(&self, key: &str) -> Result<Option<String>, AuthError> {
        panic!("Not implemented!");
    }

    // Session data methods
    pub fn set_data(&self, key: &str, value: &str) -> Result<(), AuthError> {
        panic!("Not implemented!");
    }

    // Session data methods
    pub fn get_persistant_data(&self, key: &str) -> Result<Option<String>, AuthError> {
        panic!("Not implemented!");
    }

    // Session data methods
    pub fn set_persistant_data(&self, key: &str, value: &str) -> Result<(), AuthError> {
        panic!("Not implemented!");
    }
}
*/

/*
#[cfg(test)]
mod tests {
    #[test]
    fn it_works() {
    }
}
*/