feat: add SessionMiddleware configuration (#251)

ElijahAhianyo · pre-commit-ci[bot] · web-flow · commit 96a6661090c2 · 2025-03-21T22:09:57.000+01:00
* Add SessionMiddleWare Configuration

* revert config path monkeypatch

* chore(pre-commit.ci): auto fixes from pre-commit hooks

* revert debug code

* make secure config true by default

* chore(pre-commit.ci): auto fixes from pre-commit hooks

---------

Co-authored-by: pre-commit-ci[bot] &lt;66853113+pre-commit-ci[bot]@users.noreply.github.com&gt;
diff --git a/cot-cli/src/project_template/config/dev.toml b/cot-cli/src/project_template/config/dev.toml
@@ -5,3 +5,6 @@ url = "sqlite://db.sqlite3?mode=rwc"
 
 [middlewares]
 live_reload.enabled = true
+
+[middlewares.session]
+secure = false
diff --git a/cot/src/config.rs b/cot/src/config.rs
@@ -413,6 +413,8 @@ impl DatabaseConfig {
 pub struct MiddlewareConfig {
     /// The configuration for the live reload middleware.
     pub live_reload: LiveReloadMiddlewareConfig,
+    /// The configuration for the session middleware.
+    pub session: SessionMiddlewareConfig,
 }
 
 impl MiddlewareConfig {
@@ -438,16 +440,18 @@ impl MiddlewareConfigBuilder {
     /// # Examples
     ///
     /// ```
-    /// use cot::config::{LiveReloadMiddlewareConfig, MiddlewareConfig};
+    /// use cot::config::{LiveReloadMiddlewareConfig, MiddlewareConfig, SessionMiddlewareConfig};
     ///
     /// let config = MiddlewareConfig::builder()
     ///     .live_reload(LiveReloadMiddlewareConfig::builder().enabled(true).build())
+    ///     .session(SessionMiddlewareConfig::builder().secure(false).build())
     ///     .build();
     /// ```
     #[must_use]
     pub fn build(&self) -> MiddlewareConfig {
         MiddlewareConfig {
             live_reload: self.live_reload.clone().unwrap_or_default(),
+            session: self.session.clone().unwrap_or_default(),
         }
     }
 }
@@ -514,6 +518,68 @@ impl LiveReloadMiddlewareConfigBuilder {
     }
 }
 
+/// The configuration for the session middleware.
+///
+/// This is used as part of the [`MiddlewareConfig`] struct.
+///
+/// # Examples
+///
+/// ```
+/// use cot::config::SessionMiddlewareConfig;
+///
+/// let config = SessionMiddlewareConfig::builder().secure(false).build();
+/// ```
+#[derive(Debug, Default, Clone, PartialEq, Eq, Builder, Serialize, Deserialize)]
+#[builder(build_fn(skip, error = std::convert::Infallible))]
+#[serde(default)]
+pub struct SessionMiddlewareConfig {
+    /// Whether the session middleware is secure.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use cot::config::SessionMiddlewareConfig;
+    ///
+    /// let config = SessionMiddlewareConfig::builder().secure(false).build();
+    /// ```
+    pub secure: bool,
+}
+
+impl SessionMiddlewareConfig {
+    /// Create a new [`SessionMiddlewareConfigBuilder`] to build a
+    /// [`SessionMiddlewareConfig`].
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use cot::config::SessionMiddlewareConfig;
+    ///
+    /// let config = SessionMiddlewareConfig::builder().build();
+    /// ```
+    #[must_use]
+    pub fn builder() -> SessionMiddlewareConfigBuilder {
+        SessionMiddlewareConfigBuilder::default()
+    }
+}
+
+impl SessionMiddlewareConfigBuilder {
+    /// Builds the session middleware configuration.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use cot::config::SessionMiddlewareConfig;
+    ///
+    /// let config = SessionMiddlewareConfig::builder().secure(false).build();
+    /// ```
+    #[must_use]
+    pub fn build(&self) -> SessionMiddlewareConfig {
+        SessionMiddlewareConfig {
+            secure: self.secure.unwrap_or(true),
+        }
+    }
+}
+
 /// A secret key.
 ///
 /// This is a wrapper over a byte array, which is used to store a cryptographic
@@ -718,6 +784,10 @@ mod tests {
             secret_key = "123abc"
             fallback_secret_keys = ["456def", "789ghi"]
             auth_backend = { type = "none" }
+            [middlewares]
+            live_reload.enabled = true
+            [middlewares.session]
+            secure = false
         "#;
 
         let config = ProjectConfig::from_toml(toml_content).unwrap();
@@ -729,6 +799,8 @@ mod tests {
         assert_eq!(config.fallback_secret_keys[0].as_bytes(), b"456def");
         assert_eq!(config.fallback_secret_keys[1].as_bytes(), b"789ghi");
         assert_eq!(config.auth_backend, AuthBackendConfig::None);
+        assert!(config.middlewares.live_reload.enabled);
+        assert!(!config.middlewares.session.secure);
     }
 
     #[test]
diff --git a/cot/src/middleware.rs b/cot/src/middleware.rs
@@ -248,14 +248,60 @@ where
 /// A middleware that provides session management.
 ///
 /// By default, it uses an in-memory store for session data.
-#[derive(Debug, Copy, Clone)]
-pub struct SessionMiddleware;
+#[derive(Debug, Clone)]
+pub struct SessionMiddleware {
+    inner: SessionManagerLayer<MemoryStore>,
+}
 
 impl SessionMiddleware {
     /// Crates a new instance of [`SessionMiddleware`].
     #[must_use]
     pub fn new() -> Self {
-        Self {}
+        let store = MemoryStore::default();
+        let layer = SessionManagerLayer::new(store);
+        Self { inner: layer }
+    }
+    /// Creates a new instance of [`SessionMiddleware`] from the application
+    /// context.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use cot::middleware::SessionMiddleware;
+    /// use cot::project::{RootHandlerBuilder, WithApps};
+    /// use cot::{BoxedHandler, Project, ProjectContext};
+    ///
+    /// struct MyProject;
+    /// impl Project for MyProject {
+    ///     fn middlewares(
+    ///         &self,
+    ///         handler: RootHandlerBuilder,
+    ///         context: &ProjectContext<WithApps>,
+    ///     ) -> BoxedHandler {
+    ///         handler
+    ///             .middleware(SessionMiddleware::from_context(context))
+    ///             .build()
+    ///     }
+    /// }
+    /// ```
+    #[must_use]
+    pub fn from_context(context: &crate::ProjectContext<crate::project::WithApps>) -> Self {
+        Self::new().secure(context.config().middlewares.session.secure)
+    }
+    /// Sets the secure flag for the session middleware.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use cot::middleware::SessionMiddleware;
+    ///
+    /// let middleware = SessionMiddleware::new().secure(false);
+    /// ```
+    #[must_use]
+    pub fn secure(self, secure: bool) -> Self {
+        Self {
+            inner: self.inner.with_secure(secure),
+        }
     }
 }
 
@@ -269,12 +315,9 @@ impl<S> tower::Layer<S> for SessionMiddleware {
     type Service = <SessionManagerLayer<MemoryStore> as tower::Layer<S>>::Service;
 
     fn layer(&self, inner: S) -> Self::Service {
-        let session_store = MemoryStore::default();
-        let session_layer = SessionManagerLayer::new(session_store);
-        session_layer.layer(inner)
+        self.inner.layer(inner)
     }
 }
-
 #[cfg(feature = "live-reload")]
 type LiveReloadLayerType = tower::util::Either<
     (
diff --git a/examples/admin/src/main.rs b/examples/admin/src/main.rs
@@ -2,7 +2,7 @@ use cot::__private::async_trait;
 use cot::admin::AdminApp;
 use cot::auth::db::{DatabaseUser, DatabaseUserApp};
 use cot::cli::CliMetadata;
-use cot::config::{DatabaseConfig, ProjectConfig};
+use cot::config::{DatabaseConfig, MiddlewareConfig, ProjectConfig, SessionMiddlewareConfig};
 use cot::middleware::{LiveReloadMiddleware, SessionMiddleware};
 use cot::project::{WithApps, WithConfig};
 use cot::request::Request;
@@ -63,6 +63,11 @@ impl Project for AdminProject {
                     .url("sqlite://db.sqlite3?mode=rwc")
                     .build(),
             )
+            .middlewares(
+                MiddlewareConfig::builder()
+                    .session(SessionMiddlewareConfig::builder().secure(false).build())
+                    .build(),
+            )
             .build())
     }
 
@@ -79,7 +84,7 @@ impl Project for AdminProject {
     ) -> BoxedHandler {
         handler
             .middleware(StaticFilesMiddleware::from_context(context))
-            .middleware(SessionMiddleware::new())
+            .middleware(SessionMiddleware::from_context(context))
             .middleware(LiveReloadMiddleware::new())
             .build()
     }
