-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added Signed Cookie and optionally used it in Session - Other Speedups #148
Conversation
added signed cookie made session take advantage of signed or encrypted cookies. only save code on changed? conditional added comment with store options
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! only minor cosmetic changes.
src/amber/controller/base.cr
Outdated
|
||
# protected getter flash : Amber::Router::Flash::FlashStore? | ||
# protected getter cookies : Amber::Router::Cookies::Store? | ||
# protected getter session : Amber::Router::Session::AbstractStore? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I should definitely cut that.
src/amber/router/cookies.cr
Outdated
raise Exceptions::CookieOverflow.new if cookie.value.bytesize > MAX_COOKIE_SIZE | ||
@store[name] = cookie | ||
end | ||
|
||
private def decrypt_and_verify(encrypted_message) | ||
private def verify_and_decrypt(encrypted_message) | ||
String.new(@encryptor.decrypt_and_verify(encrypted_message)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kinda weird that the method is called verify_and_decrypt
and then it calls @encryptor.decrypt_and_verify
src/amber/router/cookies.cr
Outdated
String.new(@encryptor.decrypt_and_verify(encrypted_message)) | ||
rescue e | ||
"{\"value\":\"\"}" | ||
rescue e # TODO: This should probably actually raise the exception instead of rescueing from it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You think I should remove the TODO?
src/amber/router/session.cr
Outdated
@@ -24,7 +24,7 @@ module Amber::Router | |||
end | |||
|
|||
def cookie | |||
Session::CookieStore.new(cookies, session[:key].to_s, session[:expires].to_i, session[:secret].to_s) | |||
Session::CookieStore.new((session[:store] == :encrypted_cookie) ? cookies.encrypted : cookies.signed, session[:key].to_s, session[:expires].to_i, session[:secret].to_s, ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
line too long
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough.
@@ -25,15 +26,15 @@ module Amber::Controller | |||
end | |||
|
|||
def cookies | |||
@cookies ||= context.cookies | |||
context.cookies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice work, looks good to me 👍
issue #141 |
amberframework#148) * ran a bunch of tests, fixed some issues and cleaned up the code. added signed cookie made session take advantage of signed or encrypted cookies. only save code on changed? conditional added comment with store options * added test to prove that cookies with no signature return empty values * the deep magic before the dawn of time. * cleaned up store initialization at @drujensen's request * added delete and mark as changed when it delete
#148) * ran a bunch of tests, fixed some issues and cleaned up the code. added signed cookie made session take advantage of signed or encrypted cookies. only save code on changed? conditional added comment with store options * added test to prove that cookies with no signature return empty values * the deep magic before the dawn of time. * cleaned up store initialization at @drujensen's request * added delete and mark as changed when it delete
Description of the Change
Added Signed Cookies. Small cleanups and speed optimizations while staying true to @eliasjpr vision for cookies and session stores. 😓
:store => [:signed_cookie, :encrypted_cookie, :redis]
Alternate Designs
Currently different types of cookie store are passed into session cookie store which then handles everything exactly the same. This could be broken out into a completely new session cookie store but literally every line would be duplicate (NOT DRY). I think this way is a better approach. In the future it would probably be better to configure the Session Pipe with session settings instead of the Server it's self.
Why Should This Be In Core?
Sessions are important. This keeps all of the improvements from @eliasjpr session while bringing the speed really close to what it was with the older session.
Benefits
Here are benchmarks. Index sets cookie and show page reads it. Text rendered is
index => "session set"
andshow => "session works and is good!"
Benchmarks are shown in order of fastest to slowest.
No pipes enabled
Old session without flash
Modified New Signed Session without Flash
Modified New Encrypted Session without Flash
Modified New Signed Session with Flash
Old Session and Flash
New Encryped Session without Flash
Modified New Encryption Session with Flash
New Encrypted Session With Flash