gered/aging-session
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

initial commit. forking original from tag "0.3.1" by Kira Systems

Browse source 
https://github.com/kirasystems/aging-session
This commit is contained in:
Gered 2021-12-29 17:22:01 -05:00
commit 6b9e11880f
8 changed files with 582 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.gitignore vendored Normal file
View file

@ -0,0 +1,18 @@
.DS_Store
/target
/classes
/checkouts
/out
pom.xml
pom.xml.asc
*.jar
*.class
.lein-*
.nrepl-port
/*.project
/*.classpath
/.settings/
*.iml
*.ipr
*.iws
.idea

280
LICENSE Normal file
View file

@ -0,0 +1,280 @@
Eclipse Public License - v 2.0
THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION
OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
1. DEFINITIONS
"Contribution" means:
a) in the case of the initial Contributor, the initial content
Distributed under this Agreement, and
b) in the case of each subsequent Contributor:
i) changes to the Program, and
ii) additions to the Program;
where such changes and/or additions to the Program originate from
and are Distributed by that particular Contributor. A Contribution
"originates" from a Contributor if it was added to the Program by
such Contributor itself or anyone acting on such Contributor's behalf.
Contributions do not include changes or additions to the Program that
are not Modified Works.
"Contributor" means any person or entity that Distributes the Program.
"Licensed Patents" mean patent claims licensable by a Contributor which
are necessarily infringed by the use or sale of its Contribution alone
or when combined with the Program.
"Program" means the Contributions Distributed in accordance with this
Agreement.
"Recipient" means anyone who receives the Program under this Agreement
or any Secondary License (as applicable), including Contributors.
"Derivative Works" shall mean any work, whether in Source Code or other
form, that is based on (or derived from) the Program and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship.
"Modified Works" shall mean any work in Source Code or other form that
results from an addition to, deletion from, or modification of the
contents of the Program, including, for purposes of clarity any new file
in Source Code form that contains any contents of the Program. Modified
Works shall not include works that contain only declarations,
interfaces, types, classes, structures, or files of the Program solely
in each case in order to link to, bind by name, or subclass the Program
or Modified Works thereof.
"Distribute" means the acts of a) distributing or b) making available
in any manner that enables the transfer of a copy.
"Source Code" means the form of a Program preferred for making
modifications, including but not limited to software source code,
documentation source, and configuration files.
"Secondary License" means either the GNU General Public License,
Version 2.0, or any later versions of that license, including any
exceptions or additional permissions as identified by the initial
Contributor.
2. GRANT OF RIGHTS
a) Subject to the terms of this Agreement, each Contributor hereby
grants Recipient a non-exclusive, worldwide, royalty-free copyright
license to reproduce, prepare Derivative Works of, publicly display,
publicly perform, Distribute and sublicense the Contribution of such
Contributor, if any, and such Derivative Works.
b) Subject to the terms of this Agreement, each Contributor hereby
grants Recipient a non-exclusive, worldwide, royalty-free patent
license under Licensed Patents to make, use, sell, offer to sell,
import and otherwise transfer the Contribution of such Contributor,
if any, in Source Code or other form. This patent license shall
apply to the combination of the Contribution and the Program if, at
the time the Contribution is added by the Contributor, such addition
of the Contribution causes such combination to be covered by the
Licensed Patents. The patent license shall not apply to any other
combinations which include the Contribution. No hardware per se is
licensed hereunder.
c) Recipient understands that although each Contributor grants the
licenses to its Contributions set forth herein, no assurances are
provided by any Contributor that the Program does not infringe the
patent or other intellectual property rights of any other entity.
Each Contributor disclaims any liability to Recipient for claims
brought by any other entity based on infringement of intellectual
property rights or otherwise. As a condition to exercising the
rights and licenses granted hereunder, each Recipient hereby
assumes sole responsibility to secure any other intellectual
property rights needed, if any. For example, if a third party
patent license is required to allow Recipient to Distribute the
Program, it is Recipient's responsibility to acquire that license
before distributing the Program.
d) Each Contributor represents that to its knowledge it has
sufficient copyright rights in its Contribution, if any, to grant
the copyright license set forth in this Agreement.
e) Notwithstanding the terms of any Secondary License, no
Contributor makes additional grants to any Recipient (other than
those set forth in this Agreement) as a result of such Recipient's
receipt of the Program under the terms of a Secondary License
(if permitted under the terms of Section 3).
3. REQUIREMENTS
3.1 If a Contributor Distributes the Program in any form, then:
a) the Program must also be made available as Source Code, in
accordance with section 3.2, and the Contributor must accompany
the Program with a statement that the Source Code for the Program
is available under this Agreement, and informs Recipients how to
obtain it in a reasonable manner on or through a medium customarily
used for software exchange; and
b) the Contributor may Distribute the Program under a license
different than this Agreement, provided that such license:
i) effectively disclaims on behalf of all other Contributors all
warranties and conditions, express and implied, including
warranties or conditions of title and non-infringement, and
implied warranties or conditions of merchantability and fitness
for a particular purpose;
ii) effectively excludes on behalf of all other Contributors all
liability for damages, including direct, indirect, special,
incidental and consequential damages, such as lost profits;
iii) does not attempt to limit or alter the recipients' rights
in the Source Code under section 3.2; and
iv) requires any subsequent distribution of the Program by any
party to be under a license that satisfies the requirements
of this section 3.
3.2 When the Program is Distributed as Source Code:
a) it must be made available under this Agreement, or if the
Program (i) is combined with other material in a separate file or
files made available under a Secondary License, and (ii) the initial
Contributor attached to the Source Code the notice described in
Exhibit A of this Agreement, then the Program may be made available
under the terms of such Secondary Licenses, and
b) a copy of this Agreement must be included with each copy of
the Program.
3.3 Contributors may not remove or alter any copyright, patent,
trademark, attribution notices, disclaimers of warranty, or limitations
of liability ("notices") contained within the Program from any copy of
the Program which they Distribute, provided that Contributors may add
their own appropriate notices.
4. COMMERCIAL DISTRIBUTION
Commercial distributors of software may accept certain responsibilities
with respect to end users, business partners and the like. While this
license is intended to facilitate the commercial use of the Program,
the Contributor who includes the Program in a commercial product
offering should do so in a manner which does not create potential
liability for other Contributors. Therefore, if a Contributor includes
the Program in a commercial product offering, such Contributor
("Commercial Contributor") hereby agrees to defend and indemnify every
other Contributor ("Indemnified Contributor") against any losses,
damages and costs (collectively "Losses") arising from claims, lawsuits
and other legal actions brought by a third party against the Indemnified
Contributor to the extent caused by the acts or omissions of such
Commercial Contributor in connection with its distribution of the Program
in a commercial product offering. The obligations in this section do not
apply to any claims or Losses relating to any actual or alleged
intellectual property infringement. In order to qualify, an Indemnified
Contributor must: a) promptly notify the Commercial Contributor in
writing of such claim, and b) allow the Commercial Contributor to control,
and cooperate with the Commercial Contributor in, the defense and any
related settlement negotiations. The Indemnified Contributor may
participate in any such claim at its own expense.
For example, a Contributor might include the Program in a commercial
product offering, Product X. That Contributor is then a Commercial
Contributor. If that Commercial Contributor then makes performance
claims, or offers warranties related to Product X, those performance
claims and warranties are such Commercial Contributor's responsibility
alone. Under this section, the Commercial Contributor would have to
defend claims against the other Contributors related to those performance
claims and warranties, and if a court requires any other Contributor to
pay any damages as a result, the Commercial Contributor must pay
those damages.
5. NO WARRANTY
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF
TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. Each Recipient is solely responsible for determining the
appropriateness of using and distributing the Program and assumes all
risks associated with its exercise of rights under this Agreement,
including but not limited to the risks and costs of program errors,
compliance with applicable laws, damage to or loss of data, programs
or equipment, and unavailability or interruption of operations.
6. DISCLAIMER OF LIABILITY
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS
SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
7. GENERAL
If any provision of this Agreement is invalid or unenforceable under
applicable law, it shall not affect the validity or enforceability of
the remainder of the terms of this Agreement, and without further
action by the parties hereto, such provision shall be reformed to the
minimum extent necessary to make such provision valid and enforceable.
If Recipient institutes patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the
Program itself (excluding combinations of the Program with other software
or hardware) infringes such Recipient's patent(s), then such Recipient's
rights granted under Section 2(b) shall terminate as of the date such
litigation is filed.
All Recipient's rights under this Agreement shall terminate if it
fails to comply with any of the material terms or conditions of this
Agreement and does not cure such failure in a reasonable period of
time after becoming aware of such noncompliance. If all Recipient's
rights under this Agreement terminate, Recipient agrees to cease use
and distribution of the Program as soon as reasonably practicable.
However, Recipient's obligations under this Agreement and any licenses
granted by Recipient relating to the Program shall continue and survive.
Everyone is permitted to copy and distribute copies of this Agreement,
but in order to avoid inconsistency the Agreement is copyrighted and
may only be modified in the following manner. The Agreement Steward
reserves the right to publish new versions (including revisions) of
this Agreement from time to time. No one other than the Agreement
Steward has the right to modify this Agreement. The Eclipse Foundation
is the initial Agreement Steward. The Eclipse Foundation may assign the
responsibility to serve as the Agreement Steward to a suitable separate
entity. Each new version of the Agreement will be given a distinguishing
version number. The Program (including Contributions) may always be
Distributed subject to the version of the Agreement under which it was
received. In addition, after a new version of the Agreement is published,
Contributor may elect to Distribute the Program (including its
Contributions) under the new version.
Except as expressly stated in Sections 2(a) and 2(b) above, Recipient
receives no rights or licenses to the intellectual property of any
Contributor under this Agreement, whether expressly, by implication,
estoppel or otherwise. All rights in the Program not expressly granted
under this Agreement are reserved. Nothing in this Agreement is intended
to be enforceable by any entity that is not a Contributor or Recipient.
No third-party beneficiary rights are created under this Agreement.
Exhibit A - Form of Secondary Licenses Notice
"This Source Code may also be made available under the following
Secondary Licenses when the conditions for such availability set forth
in the Eclipse Public License, v. 2.0 are satisfied: GNU General Public
License as published by the Free Software Foundation, either version 2
of the License, or (at your option) any later version, with the GNU
Classpath Exception which is available at
https://www.gnu.org/software/classpath/license.html."
Simply including a copy of this Agreement, including this Exhibit A
is not sufficient to license the Source Code under Secondary Licenses.
If it is not possible or desirable to put the notice in a particular
file, then You may include the notice in a location (such as a LICENSE
file in a relevant directory) where a recipient would be likely to
look for such a notice.
You may add additional accurate notices of copyright ownership.

64
README.md Normal file
View file

@ -0,0 +1,64 @@
# aging-session
A memory based ring session store that has a concept of time. The primary goal
is to allow the session store to deallocate old sessions. While much of this
may be written on top of the standard ring session store, there is ultimately
no way to get rid of sessions that are no longer being visited.
Depending on how long running a server is and on how big its sessions are,
the unallocated sessions can potentially accumulate more and more memory.
Another possible scenario is a denial of service attack where the attacker
continually asks for new sessions thus exhusting the server of memory.
This session store has a sweeper thread that will apply a set of functions
to every session object after every X requests are made. These functions
are also applied to every session when it is read.
## Dependency
To use aging-session, include the following dependency in your project.clj file.
[aging-session "0.3.1"]
## Usage
The following creates a memory aging store that refreshes the timestamp every
time the session is written and erases entries after 1 hour.
```clojure
(ns myapp
(:use
ring.middleware.session
aging-session.memory)
(:require ['aging-session.event :as event]))
(def app
(wrap-session handler {:store (aging-memory-store
:refresh-on-write true
:events [(event/expires-after 3600)])}))
```
Event functions take two parameters: the current timestamp and a session entry
with a timestamp key and an value key. The timestamp key stores the sessions
timestamp and the value key stores the session itself. Functions should return
a new entry, or nil. If they return nil, the session entry is deleted. The
expires after function illustrates this.
```clojure
(defn expires-after
"Expires an entry if left untouched for a given number of seconds."
[seconds]
(let [ms (* 1000 seconds)]
(fn [now entry] (if-not (> (- now (:timestamp entry)) ms) entry))))
```
Event functions are applied in order and can be used to modify sessions in
any time-based way. For instance, one may wish to set a reauthentication flag
in sessions older than 1 hour, and delete sessions older than 2 hours.
## License
Copyright © 2012 DiligenceEngine Inc.
Distributed under the Eclipse Public License, the same as Clojure.

7
project.clj Normal file
View file

@ -0,0 +1,7 @@
(defproject net.gered/aging-session "0.1.0-SNAPSHOT"
:description "Memory based ring session with expiry and time based mutation."
:url "https://github.com/gered/aging-session"
:license {:name "Eclipse Public License"
:url "http://www.eclipse.org/legal/epl-v10.html"}
:dependencies [[ring/ring-core "1.2.2"]]
:profiles {:dev {:dependencies [[org.clojure/clojure "1.6.0"]]}})

7
src/aging_session/event.clj Normal file
View file

@ -0,0 +1,7 @@
(ns aging-session.event)
(defn expires-after
"Expires an entry if left untouched for a given number of seconds."
[seconds]
(let [ms (* 1000 seconds)]
(fn [now entry] (if-not (> (- now (:timestamp entry)) ms) entry))))

103
src/aging_session/memory.clj Normal file
View file

@ -0,0 +1,103 @@
(ns aging-session.memory
"In-memory session storage with mortality."
(:require [ring.middleware.session.store :refer :all])
(:import java.util.UUID))
(defrecord SessionEntry [timestamp value])
(defn- now
"Return the current time in milliseconds."
[]
(System/currentTimeMillis))
(defn- new-entry
"Create a new session entry for data."
[data]
(SessionEntry. (now) data))
(defn- write-entry
"Write over an existing entry. If timestamp is missing, recreate."
[session-map key data]
(if (get-in session-map [key :timestamp])
(assoc-in session-map [key :value] data)
(assoc session-map key (new-entry data))))
(defn- update-entry
"Update a session entry based on event functions."
[event-fns ts [k v]]
(loop [entry v, fns (seq event-fns)]
(if (and entry fns)
(recur ((first fns) ts entry) (next fns))
(if entry [k entry]))))
(defn- sweep-session
"Sweep the session and run all session functions."
[session-map event-fns]
(let [ts (now)]
(into {} (keep #(update-entry event-fns ts %) session-map))))
(defn- sweep-entry
"Sweep a single entry."
[session-map event-fns key]
(if-let [[_ entry] (update-entry event-fns (now) [key (get session-map key)])]
(assoc session-map key entry)
(dissoc session-map key)))
(defprotocol AgingStore
(read-timestamp [store key]
"Read a session from the store and return its timestamp. If no key exists, returns nil."))
(defrecord MemoryAgingStore [session-map refresh-on-write refresh-on-read req-count req-limit event-fns]
AgingStore
(read-timestamp [_ key]
(get-in @session-map [key :timestamp]))
SessionStore
(read-session [_ key]
(swap! session-map sweep-entry event-fns key)
(when (and refresh-on-read (contains? @session-map key))
(swap! session-map assoc-in [key :timestamp] (now)))
(get-in @session-map [key :value] {}))
(write-session [_ key data]
(let [key (or key (str (UUID/randomUUID)))]
(swap! req-count inc) ; Increase the request count
(if refresh-on-write ; Write key and and update timestamp.
(swap! session-map assoc key (new-entry data))
(swap! session-map write-entry key data))
key))
(delete-session [_ key]
(swap! session-map dissoc key)
nil))
(defn sweeper-thread
"Sweeper thread that watches the session and cleans it."
[{:keys [req-count req-limit session-map event-fns]} sweep-delay]
(loop []
(when (>= @req-count req-limit)
(swap! session-map sweep-session event-fns)
(reset! req-count 0))
(. Thread (sleep sweep-delay)) ;; sleep for 30s
(recur)))
(defn in-thread
"Run a function in a thread."
[afn]
(.start (Thread. afn)))
(defn aging-memory-store
"Creates an in-memory session storage engine."
[& opts]
(let [{:keys [session-atom refresh-on-write refresh-on-read sweep-every sweep-delay events]
:or {session-atom (atom {})
refresh-on-write false
refresh-on-read false
sweep-every 200
sweep-delay 30000
events []}} opts
counter-atom (atom 0)
store (MemoryAgingStore. session-atom refresh-on-write refresh-on-read counter-atom sweep-every events)]
(in-thread #(sweeper-thread store sweep-delay))
store))

48
test/aging_session/event_test.clj Normal file
View file

@ -0,0 +1,48 @@
(ns aging-session.event_test
(:require
[aging-session.event :as event]
[clojure.test :refer :all]
[ring.middleware.session.store :refer :all]
[aging-session.memory :refer :all]))
(deftest session-expiry
(testing "Test session expiry."
(let [as (aging-memory-store :events [(event/expires-after 1)])]
(write-session as "mykey" {:foo 1})
(. Thread (sleep 1500))
(is (= (read-session as "mykey") {})))))
(deftest session-expiry-by-sweep
(testing "Test session expiry sweep."
(let [as (aging-memory-store
:events [(event/expires-after 1)]
:sweep-every 5
:sweep-delay 1000)]
(write-session as "mykey" {:foo 1})
(. Thread (sleep 1500))
; key should still exist, even though it's expired
(is (not (nil? (read-timestamp as "mykey"))))
; key should exist for three more writes
(write-session as "other-key" {:foo 1})
(is (not (nil? (read-timestamp as "mykey"))))
(write-session as "other-key" {:foo 1})
(is (not (nil? (read-timestamp as "mykey"))))
(write-session as "other-key" {:foo 1})
(is (not (nil? (read-timestamp as "mykey"))))
; on the fifth write and after 30s, key should not exist
(write-session as "other-key" {:foo 1})
(. Thread (sleep 2000))
(is (nil? (read-timestamp as "mykey"))))))
(deftest refresh-on-read-nonexistant-key-then-sweep
(testing "Test an empty session read (with refresh-on-read enabled) then check that the expiry sweep still works"
(let [as (aging-memory-store
:events [(event/expires-after 1)]
:refresh-on-read true
:sweep-every 1
:sweep-delay 1000)]
(is (= (read-session as "foo") {}))
; read again to trigger the sweep
(is (= (read-session as "foo") {})))))

55
test/aging_session/memory_test.clj Normal file
View file

@ -0,0 +1,55 @@
(ns aging-session.memory_test
(:require
[clojure.test :refer :all]
[ring.middleware.session.store :refer :all]
[aging-session.memory :refer :all]))
(deftest basic-read-empty
(testing "Test session reads."
(let [as (aging-memory-store)]
(is (= (read-session as "mykey") {})))))
(deftest basic-write
(testing "Test session writes and reads."
(let [as (aging-memory-store)]
(write-session as "mykey" {:a 1})
(is (= (read-session as "mykey") {:a 1}))
(write-session as "mykey" {:a 2})
(is (= (read-session as "mykey") {:a 2})))))
(deftest basic-delete
(testing "Test session delete."
(let [as (aging-memory-store)]
(write-session as "mykey" {:a 1})
(delete-session as "mykey")
(is (= (read-session as "mykey") {})))))
(deftest timestamp-on-creation
(testing "Test the behaviour where each entry's timestamp is set only on session creation."
(let [as (aging-memory-store)]
(write-session as "mykey" {:foo 1})
(let [ts1 (read-timestamp as "mykey")]
(is (integer? ts1))
(write-session as "mykey" {:foo 2})
(is (= ts1 (read-timestamp as "mykey")))
(is (= (read-session as "mykey") {:foo 2}))))))
(deftest timestamp-on-write
(testing "Test the behaviour where each entry's timestamp is refreshed on write."
(let [as (aging-memory-store :refresh-on-write true)]
(write-session as "mykey" {:foo 1})
(let [ts1 (read-timestamp as "mykey")]
(. Thread (sleep 10))
(write-session as "mykey" {:foo 2})
(is (not (= ts1 (read-timestamp as "mykey"))))
(is (= (read-session as "mykey") {:foo 2}))))))
(deftest timestamp-on-read
(testing "Test the behaviour where each entry's timestamp is refreshed on read."
(let [as (aging-memory-store :refresh-on-read true)]
(write-session as "mykey" {:foo 1})
(let [ts1 (read-timestamp as "mykey")]
(. Thread (sleep 10))
(is (= (read-session as "mykey") {:foo 1}))
(is (not (= ts1 (read-timestamp as "mykey"))))
(is (= (read-session as "mykey") {:foo 1}))))))