Implemented cookiepack/token expiration.

rapidoid-http-fast/src/main/java/org/rapidoid/http/HttpUtils.java

@@ -53,7 +53,8 @@ public class HttpUtils extends RapidoidThing implements HttpMetadata {
 
 	private static final byte[] EMPTY_RESPONSE = {};
 
-	public static final String _USER = "_USER";
+	public static final String _USER = "_user";
+	public static final String _EXPIRES = "_expires";
 
 	private static final Mapper<String[], String> PATH_PARAM_EXTRACTOR = new Mapper<String[], String>() {
 		@Override
@@ -84,17 +85,18 @@ public static Map<String, Serializable> initAndDeserializeCookiePack(Req req) {
 	}
 
 	public static void saveCookipackBeforeRenderingHeaders(Req req, Map<String, Serializable> cookiepack) {
-		if (cookiepack != null) {
-			String cookie;
-			if (!cookiepack.isEmpty()) {
-				byte[] cookiepackBytes = serializeCookiepack(cookiepack);
-				byte[] cookiepackEncrypted = Crypto.encrypt(cookiepackBytes);
-				cookie = Str.toBase64(cookiepackEncrypted).replace('+', '$').replace('/', '_');
-			} else {
-				cookie = "";
-			}
+		String token = token(cookiepack);
+		req.response().cookie(COOKIEPACK, token, "path=/", "HttpOnly");
+	}
 
-			req.response().cookie(COOKIEPACK, cookie, "path=/", "HttpOnly");
+	public static String token(Map<String, Serializable> cookiepack) {
+		if (U.notEmpty(cookiepack)) {
+			byte[] cookiepackBytes = serializeCookiepack(cookiepack);
+			byte[] cookiepackEncrypted = Crypto.encrypt(cookiepackBytes);
+			return Str.toBase64(cookiepackEncrypted).replace('+', '$').replace('/', '_');
+
+		} else {
+			return "";
 		}
 	}
 

rapidoid-http-fast/src/main/java/org/rapidoid/http/handler/AbstractAsyncHttpHandler.java

@@ -59,7 +59,12 @@ public boolean needsParams() {
 	public HttpStatus handle(Channel ctx, boolean isKeepAlive, Req req, Object extra) {
 		U.notNull(req, "HTTP request");
 
-		String username = req.cookiepack(HttpUtils._USER, null);
+		String username = getUser(req);
+
+		if (username == null) {
+			req.response().logout();
+		}
+
 		Set<String> roles = userRoles(username);
 
 		TransactionMode txMode;
@@ -86,6 +91,25 @@ public HttpStatus handle(Channel ctx, boolean isKeepAlive, Req req, Object extra
 		return HttpStatus.ASYNC;
 	}
 
+	private String getUser(Req req) {
+		if (req.hasCookiepack()) {
+			String username = req.cookiepack(HttpUtils._USER, null);
+
+			if (username != null) {
+				long expiresOn = req.cookiepack(HttpUtils._EXPIRES);
+
+				if (expiresOn < U.time()) {
+					username = null; // expired
+				}
+			}
+
+			return username;
+
+		} else {
+			return null;
+		}
+	}
+
 	private Set<String> userRoles(String username) {
 		if (username != null) {
 			try {
@@ -214,9 +238,7 @@ public Object invokeAndTransformResult(Mapper<Object, Object> transformation) th
 			}
 		};
 
-		Object result = wrapper.wrap(req, invocation);
-
-		return result;
+		return wrapper.wrap(req, invocation);
 	}
 
 	protected abstract Object handleReq(Channel ctx, boolean isKeepAlive, Req req, Object extra) throws Exception;

rapidoid-http-fast/src/main/java/org/rapidoid/http/impl/ReqImpl.java

@@ -628,7 +628,7 @@ public <T extends Serializable> T session(String name, T defaultValue) {
 
 	@Override
 	public boolean hasCookiepack() {
-		return cookie(COOKIEPACK, null) != null || data(TOKEN, null) != null;
+		return U.notEmpty(cookiepack) || cookie(COOKIEPACK, null) != null || data(TOKEN, null) != null;
 	}
 
 	@Override

rapidoid-http-fast/src/main/java/org/rapidoid/http/impl/RespImpl.java

@@ -327,15 +327,20 @@ public boolean login(String username, String password) {
 		U.must(rolesProvider != null, "A roles provider wasn't set!");
 
 		boolean success;
-		Set<String> roles;
 
 		try {
 			success = loginProvider.login(username, password);
+
 			if (success) {
-				roles = rolesProvider.getRolesForUser(username);
+				Set<String> roles = rolesProvider.getRolesForUser(username);
+				long expiresOn = U.time() + 3600 * 1000; // FIXME customize
+
 				Ctxs.ctx().setUser(new UserInfo(username, roles));
+
 				request().cookiepack().put(HttpUtils._USER, username);
+				request().cookiepack().put(HttpUtils._EXPIRES, expiresOn);
 			}
+
 		} catch (Throwable e) {
 			throw U.rte("Login error!", e);
 		}
@@ -345,8 +350,14 @@ public boolean login(String username, String password) {
 
 	@Override
 	public void logout() {
-		Ctxs.ctx().setUser(UserInfo.ANONYMOUS);
-		request().cookiepack().remove(HttpUtils._USER);
+		if (Ctxs.hasContext()) {
+			Ctxs.ctx().setUser(UserInfo.ANONYMOUS);
+		}
+
+		if (request().hasCookiepack()) {
+			request().cookiepack().remove(HttpUtils._USER);
+			request().cookiepack().remove(HttpUtils._EXPIRES);
+		}
 	}
 
 	@Override