Added a filesystem pickle based server-side session management

lodel/session/lodel_filesystem_session/lodel_filesystem_session.py

@@ -0,0 +1,48 @@
+from collections import MutableMapping
+from flask.sessions import SessionMixin
+import os
+from pickle import loads, dumps, UnpicklingError
+
+
+class LodelFileSystemSession(MutableMapping, SessionMixin):
+    
+    def __init__(self, directory, sid, *args, **kwargs):
+        self.path = os.path.join(directory, sid)
+        self.sid = sid
+        self.read()
+    
+    def __getitem__(self, key):
+        self.read()
+        return self.data[key]
+    
+    def __setitem__(self, key, value):
+        self.data[key] = value
+        self.save()
+    
+    def __delitem__(self, key):
+        del self.data[key]
+        self.save()
+    
+    def __iter__(self):
+        return iter(self.data)
+    
+    def __len__(self):
+        return len(self.data)
+    
+    ## @brief Loads a session from a file
+    # @todo Specify dedicated behaviour for each exception case
+    def read(self):
+        try:
+            with open(self.path, 'rb') as session_file:
+                self.data = loads(session_file.read())
+        except FileNotFoundError:
+            self.data = {}
+        except (ValueError, EOFError, UnpicklingError):
+            self.data = {}
+    
+    ## @brief Dumps a session to a file
+    def save(self):
+        new_name = '{}.new'.format(self.path)
+        with open(new_name, 'wb') as session_file:
+            session_file.write(dumps(self.data))
+        os.rename(new_name, self.path)

lodel/session/lodel_filesystem_session/lodel_filesystem_session_interface.py

@@ -0,0 +1,76 @@
+from flask.sessions import SessionInterface
+import os
+import re
+from lodel.session.lodel_filesystem_session.lodel_filesystem_session import LodelFileSystemSession
+from contextlib import suppress
+import binascii
+
+class LodelFileSystemSessionInterface(SessionInterface):
+    
+    __sessions = dict()
+    
+    def __init__(self, directory):
+        self.directory = os.path.abspath(directory)
+        os.makedirs(self.directory, exist_ok=True)
+    
+    def open_session(self, app, request):
+        self.filename_template = app.config['lodel.filesystem_sessions']['filename_template']
+        self.session_tokensize = int(app.config['lodel.sessions']['tokensize'])
+        sid = request.cookies.get(app.session_cookie_name) or self.generate_token() #or '{}-{}'.format(uuid1(), os.getpid())
+        if LodelFileSystemSessionInterface.__sessions.get(sid, None) is None:
+            LodelFileSystemSessionInterface.__sessions[sid] = self.generate_file_path(sid, self.filename_template)
+        return LodelFileSystemSession(self.directory, sid)
+    
+    def save_session(self, app, session, response):
+        domain = self.get_cookie_domain(app)
+        
+        if not session:
+            with suppress(FileNotFoundError):
+                os.unlink(session.path)
+                del(LodelFileSystemSessionInterface.__sessions[session.sid])
+            response.delete_cookie(app.session_cookie_name, domain=domain)
+            return
+        
+        cookie_exp = self.get_expiration_time(app, session)
+        response.set_cookie(app.session_cookie_name, session.sid, expires=cookie_exp, httponly=False,
+                            domain=domain)
+
+    def generate_file_path(self, sid, filename_template):
+        return os.path.abspath(os.path.join(self.directory, filename_template) % sid)
+    
+    ## @brief Retrieves the token from the file system
+    #
+    # @param filepath str
+    # @return str|None : returns the token or None if no token was found
+    def get_token_from_filepath(self, filepath):
+        token_regex = re.compile(os.path.abspath(os.path.join(self.directory, self.filename_template % '(?P<token>.*)')))
+        token_search_result = token_regex.match(filepath)
+        if token_search_result is not None:
+            return token_search_result.groupdict()['token']
+        return None
+    
+    ## @brief generates a new session token
+    #
+    # @return str
+    #
+    # @remarks There is no valid reason for checking the generated token uniqueness:
+    #        - checking for uniqueness is slow ;
+    #        - keeping a dict with a few thousand keys of hundred bytes also is
+    #            memory expensive ;
+    #        - should the system get distributed while sharing session storage, there
+    #            would be no reasonable way to efficiently check for uniqueness ;
+    #        - sessions do have a really short life span, drastically reducing
+    #            even more an already close to inexistent risk of collision. A 64 bits
+    #            id would perfectly do the job, or to be really cautious, a 128 bits
+    #            one (actual size of UUIDs) ;
+    #        - if we are still willing to ensure uniqueness, then simply salt it
+    #            with a counter, or a timestamp, and hash the whole thing with a 
+    #            cryptographically secured method such as sha-2 if we are paranoids
+    #            and trying to avoid what will never happen, ever ;
+    #        - sure, two hexadecimal characters is one byte long. Simply go for 
+    #            bit length, not chars length.
+    def generate_token(self):
+        token = binascii.hexlify(os.urandom(self.session_tokensize))
+        if LodelFileSystemSessionInterface.__sessions.get(token, None) is not None:
+            token = self.generate_token()
+        return token.decode('utf-8')

lodel_app/__init__.py

@@ -3,6 +3,7 @@ import os
 
 from lodel.lodelsites.utils import register_lodelsites
 from lodel.utils.ini_files import ini_to_dict
+from lodel.session.lodel_filesystem_session.lodel_filesystem_session_interface import LodelFileSystemSessionInterface
 
 
 lodel_app = Flask(__name__)
@@ -10,10 +11,15 @@ lodel_app.config['DEBUG'] = True
 lodel_app.config['sites'] = {}
 lodel_app.config.update(ini_to_dict(os.path.join(os.path.dirname(os.path.abspath(__file__)), 'config.ini')))
 
+lodel_app.session_cookie_name = lodel_app.config['lodel.sessions']['session_cookie_name']
+lodel_app.permanent_session_lifetime = int(lodel_app.config['lodel.sessions']['session_lifetime'])
+lodel_app.session_interface = LodelFileSystemSessionInterface(lodel_app.config['lodel.filesystem_sessions']['path'])
+
+# Main Hooks
+from .hooks import *
+
 # Lodelsites
 register_lodelsites(lodel_app)
 
-print(lodel_app.config)
-
 # Main views
 from .views import *

lodel_app/config.ini

@@ -19,3 +19,12 @@ groups =
 emfile = examples/em_test.pickle
 dyncode = leapi_dyncode.py
 editormode = True
+
+[lodel.sessions]
+session_cookie_name = lodel_session
+tokensize = 64
+session_lifetime = 500
+
+[lodel.filesystem_sessions]
+path = sessions
+filename_template = sess_%s

lodel_app/hooks.py

@@ -0,0 +1,6 @@
+from . import lodel_app
+from flask.globals import session
+
+@lodel_app.before_request
+def make_session_permanent():
+    session.permanent = True

run.py

@@ -2,4 +2,4 @@ from lodel_app import lodel_app
 
 
 if __name__ == "__main__":
-    lodel_app.run()
+    lodel_app.run()