Create DB session provider(based on xorm) (#13031)

* Create Xorm session provider

This PR creates a Xorm session provider which creates
the appropriate Session table for macaron/session.

Fix #7137

Signed-off-by: Andrew Thornton <art27@cantab.net>

* extraneous l

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use key instead of ID to be compatible with go-macaron/session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* And change the migration too.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update spacing of imports

Co-authored-by: 6543 <6543@obermui.de>

* Update modules/session/xorm.go

Co-authored-by: techknowlogick <matti@mdranta.net>

* add xorm provider to the virtual provider

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prep for master merge

* prep for merge master

* As per @lunny

* move migration out of the way

* Move to call this db session as per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Author: 4 people

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -551,7 +551,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
 
 ## Session (`session`)
 
-- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql, couchbase, memcache, postgres\].
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\].
 - `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.

models/migrations/migrations.go

@@ -290,6 +290,8 @@ var migrations = []Migration{
 	NewMigration("Add Dismissed to Review table", addDismissedReviewColumn),
 	// v171 -> v172
 	NewMigration("Add Sorting to ProjectBoard table", addSortingColToProjectBoard),
+	// v172 -> v173
+	NewMigration("Add sessions table for go-chi/session", addSessionTable),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v172.go

@@ -0,0 +1,20 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func addSessionTable(x *xorm.Engine) error {
+	type Session struct {
+		Key         string `xorm:"pk CHAR(16)"`
+		Data        []byte `xorm:"BLOB"`
+		CreatedUnix timeutil.TimeStamp
+	}
+	return x.Sync2(new(Session))
+}

models/models.go

@@ -132,6 +132,7 @@ func init() {
 		new(Project),
 		new(ProjectBoard),
 		new(ProjectIssue),
+		new(Session),
 	)
 
 	gonicNames := []string{"SSL", "UID"}

models/session.go

@@ -0,0 +1,122 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/modules/timeutil"
+)
+
+// Session represents a session compatible for go-chi session
+type Session struct {
+	Key    string             `xorm:"pk CHAR(16)"` // has to be Key to match with go-chi/session
+	Data   []byte             `xorm:"BLOB"`
+	Expiry timeutil.TimeStamp // has to be Expiry to match with go-chi/session
+}
+
+// UpdateSession updates the session with provided id
+func UpdateSession(key string, data []byte) error {
+	_, err := x.ID(key).Update(&Session{
+		Data:   data,
+		Expiry: timeutil.TimeStampNow(),
+	})
+	return err
+}
+
+// ReadSession reads the data for the provided session
+func ReadSession(key string) (*Session, error) {
+	session := Session{
+		Key: key,
+	}
+	sess := x.NewSession()
+	defer sess.Close()
+	if err := sess.Begin(); err != nil {
+		return nil, err
+	}
+
+	if has, err := sess.Get(&session); err != nil {
+		return nil, err
+	} else if !has {
+		session.Expiry = timeutil.TimeStampNow()
+		_, err := sess.Insert(&session)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &session, sess.Commit()
+}
+
+// ExistSession checks if a session exists
+func ExistSession(key string) (bool, error) {
+	session := Session{
+		Key: key,
+	}
+	return x.Get(&session)
+}
+
+// DestroySession destroys a session
+func DestroySession(key string) error {
+	_, err := x.Delete(&Session{
+		Key: key,
+	})
+	return err
+}
+
+// RegenerateSession regenerates a session from the old id
+func RegenerateSession(oldKey, newKey string) (*Session, error) {
+	sess := x.NewSession()
+	defer sess.Close()
+	if err := sess.Begin(); err != nil {
+		return nil, err
+	}
+
+	if has, err := sess.Get(&Session{
+		Key: newKey,
+	}); err != nil {
+		return nil, err
+	} else if has {
+		return nil, fmt.Errorf("session Key: %s already exists", newKey)
+	}
+
+	if has, err := sess.Get(&Session{
+		Key: oldKey,
+	}); err != nil {
+		return nil, err
+	} else if !has {
+		_, err := sess.Insert(&Session{
+			Key:    oldKey,
+			Expiry: timeutil.TimeStampNow(),
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if _, err := sess.Exec("UPDATE "+sess.Engine().TableName(&Session{})+" SET `key` = ? WHERE `key`=?", newKey, oldKey); err != nil {
+		return nil, err
+	}
+
+	s := Session{
+		Key: newKey,
+	}
+	if _, err := sess.Get(&s); err != nil {
+		return nil, err
+	}
+
+	return &s, sess.Commit()
+}
+
+// CountSessions returns the number of sessions
+func CountSessions() (int64, error) {
+	return x.Count(&Session{})
+}
+
+// CleanupSessions cleans up expired sessions
+func CleanupSessions(maxLifetime int64) error {
+	_, err := x.Where("created_unix <= ?", timeutil.TimeStampNow().Add(-maxLifetime)).Delete(&Session{})
+	return err
+}

modules/session/db.go

@@ -0,0 +1,172 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package session
+
+import (
+	"log"
+	"sync"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"gitea.com/go-chi/session"
+)
+
+// DBStore represents a session store implementation based on the DB.
+type DBStore struct {
+	sid  string
+	lock sync.RWMutex
+	data map[interface{}]interface{}
+}
+
+// NewDBStore creates and returns a DB session store.
+func NewDBStore(sid string, kv map[interface{}]interface{}) *DBStore {
+	return &DBStore{
+		sid:  sid,
+		data: kv,
+	}
+}
+
+// Set sets value to given key in session.
+func (s *DBStore) Set(key, val interface{}) error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	s.data[key] = val
+	return nil
+}
+
+// Get gets value by given key in session.
+func (s *DBStore) Get(key interface{}) interface{} {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	return s.data[key]
+}
+
+// Delete delete a key from session.
+func (s *DBStore) Delete(key interface{}) error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	delete(s.data, key)
+	return nil
+}
+
+// ID returns current session ID.
+func (s *DBStore) ID() string {
+	return s.sid
+}
+
+// Release releases resource and save data to provider.
+func (s *DBStore) Release() error {
+	// Skip encoding if the data is empty
+	if len(s.data) == 0 {
+		return nil
+	}
+
+	data, err := session.EncodeGob(s.data)
+	if err != nil {
+		return err
+	}
+
+	return models.UpdateSession(s.sid, data)
+}
+
+// Flush deletes all session data.
+func (s *DBStore) Flush() error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	s.data = make(map[interface{}]interface{})
+	return nil
+}
+
+// DBProvider represents a DB session provider implementation.
+type DBProvider struct {
+	maxLifetime int64
+}
+
+// Init initializes DB session provider.
+// connStr: username:password@protocol(address)/dbname?param=value
+func (p *DBProvider) Init(maxLifetime int64, connStr string) error {
+	p.maxLifetime = maxLifetime
+	return nil
+}
+
+// Read returns raw session store by session ID.
+func (p *DBProvider) Read(sid string) (session.RawStore, error) {
+	s, err := models.ReadSession(sid)
+	if err != nil {
+		return nil, err
+	}
+
+	var kv map[interface{}]interface{}
+	if len(s.Data) == 0 || s.Expiry.Add(p.maxLifetime) <= timeutil.TimeStampNow() {
+		kv = make(map[interface{}]interface{})
+	} else {
+		kv, err = session.DecodeGob(s.Data)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return NewDBStore(sid, kv), nil
+}
+
+// Exist returns true if session with given ID exists.
+func (p *DBProvider) Exist(sid string) bool {
+	has, err := models.ExistSession(sid)
+	if err != nil {
+		panic("session/DB: error checking existence: " + err.Error())
+	}
+	return has
+}
+
+// Destroy deletes a session by session ID.
+func (p *DBProvider) Destroy(sid string) error {
+	return models.DestroySession(sid)
+}
+
+// Regenerate regenerates a session store from old session ID to new one.
+func (p *DBProvider) Regenerate(oldsid, sid string) (_ session.RawStore, err error) {
+	s, err := models.RegenerateSession(oldsid, sid)
+	if err != nil {
+		return nil, err
+
+	}
+
+	var kv map[interface{}]interface{}
+	if len(s.Data) == 0 || s.Expiry.Add(p.maxLifetime) <= timeutil.TimeStampNow() {
+		kv = make(map[interface{}]interface{})
+	} else {
+		kv, err = session.DecodeGob(s.Data)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return NewDBStore(sid, kv), nil
+}
+
+// Count counts and returns number of sessions.
+func (p *DBProvider) Count() int {
+	total, err := models.CountSessions()
+	if err != nil {
+		panic("session/DB: error counting records: " + err.Error())
+	}
+	return int(total)
+}
+
+// GC calls GC to clean expired sessions.
+func (p *DBProvider) GC() {
+	if err := models.CleanupSessions(p.maxLifetime); err != nil {
+		log.Printf("session/DB: error garbage collecting: %v", err)
+	}
+}
+
+func init() {
+	session.Register("db", &DBProvider{})
+}

modules/session/virtual.go

@@ -39,6 +39,8 @@ func (o *VirtualSessionProvider) Init(gclifetime int64, config string) error {
 		o.provider = &session.FileProvider{}
 	case "redis":
 		o.provider = &RedisProvider{}
+	case "db":
+		o.provider = &DBProvider{}
 	case "mysql":
 		o.provider = &mysql.MysqlProvider{}
 	case "postgres":

modules/setting/session.go

@@ -41,7 +41,7 @@ var (
 func newSessionService() {
 	sec := Cfg.Section("session")
 	SessionConfig.Provider = sec.Key("PROVIDER").In("memory",
-		[]string{"memory", "file", "redis", "mysql", "postgres", "couchbase", "memcache"})
+		[]string{"memory", "file", "redis", "mysql", "postgres", "couchbase", "memcache", "db"})
 	SessionConfig.ProviderConfig = strings.Trim(sec.Key("PROVIDER_CONFIG").MustString(path.Join(AppDataPath, "sessions")), "\" ")
 	if SessionConfig.Provider == "file" && !filepath.IsAbs(SessionConfig.ProviderConfig) {
 		SessionConfig.ProviderConfig = path.Join(AppWorkPath, SessionConfig.ProviderConfig)