feat: Support Multiple session stores #277
Conversation
Codecov ReportAttention: Patch coverage is
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
ElijahAhianyo
force-pushed
the
elijah/session-store-dynamic
branch
from
f8e50cd to
3c6dbd6
Compare
|
@m4tx @seqre this PR is not fully ready, but I'd love some initial feedback if this design is heading in the right direction or makes any sense to you at all. Example usagesNo session storage specified(using the admin example)when the session_store is not provided, it defaults to the struct AdminProject;
impl Project for AdminProject {
...
fn config(&self, _config_name: &str) -> cot::Result<ProjectConfig> {
Ok(ProjectConfig::builder()
.debug(true)
.database(
DatabaseConfig::builder()
.url("sqlite://db.sqlite3?mode=rwc")
.build(),
)
.auth_backend(AuthBackendConfig::Database)
.middlewares(
MiddlewareConfig::builder()
.session(SessionMiddlewareConfig::builder()
.secure(false)
.build())
.build(),
)
.build())
}
...
}Session storage provided using MemoryStore provided by Cotstruct AdminProject;
impl Project for AdminProject {
...
fn config(&self, _config_name: &str) -> cot::Result<ProjectConfig> {
Ok(ProjectConfig::builder()
.debug(true)
.database(
DatabaseConfig::builder()
.url("sqlite://db.sqlite3?mode=rwc")
.build(),
)
.auth_backend(AuthBackendConfig::Database)
.middlewares(
MiddlewareConfig::builder()
.session(SessionMiddlewareConfig::builder()
.secure(false)
.session_store(Arc::new(MemoryStore::default()))
.build())
.build(),
)
.build())
}
...
}(Also haven't played around custom SessionStores yet) |
|
@ElijahAhianyo I think we should do this similarly to the Auth backend, i.e. the Lines 335 to 351 in 70995f0 Lines 1240 to 1241 in 70995f0 It's not ideal (mainly because it inflates the number of methods in the |
Based on your suggestion, I did some research and now have a clearer picture. My plan is to start by sketching out what the TOML file might look like, then work my way down into implementation details. I looked at how other frameworks handle this and identified two main patterns we canexplore: 1 a. Self-contained store configYou declare the store type and provide any necessary connection details (or file paths, in the case of file storage): secret_key = "{{ dev_secret_key }}"
[database]
url = "sqlite://db.sqlite3?mode=rwc"
[auth_backend]
type = "database"
[middlewares]
live_reload.enabled = true
[middlewares.session]
secure = false
[middlewares.session.store]
type = "redis"
connection = "redis://"1 b Per-store subsectionThe approach in 1.a could get quite noisy(or maybe not) if different store types have some configs specific to them. secret_key = "{{ dev_secret_key }}"
[database]
url = "sqlite://db.sqlite3?mode=rwc"
[auth_backend]
type = "database"
[middlewares]
live_reload.enabled = true
[middlewares.session]
secure = false
[middlewares.session.store]
type = "file"
[middlewares.session.store.file]
dir = "/tmp/"
2. Named connectionsThe first pattern forces you to re-declare connection details even if you’ve already defined them under [databases] or [caches](currently not implemented). It also assumes a single DB/cache backend. We may need to structurally change the API to support this: secret_key = "{{ dev_secret_key }}"
[databases]
default = "postgres://…"
[caches]
redis_main = "redis://…"
[middlewares.session]
store = "redis"
connection = "cache.redis_main" # or, alternatively, use a separate `connection_source` field instead of dotted notationOption 1 should be easy to implement given our current design. However, with option 2, do we have any plans to support multiple DBs or caches? @m4tx let me also know if you've got other opinions on what the TOML should look like. |
Ah, that's a good question. Definitely yes, but certainly not in the near future. After some consideration, I think it would make sense to have some sort of hybrid between 1a and 2. I can imagine the following typical use cases for the session backends:
If we want to store sessions externally, we probably should already have an API for that. This doesn't apply for in-memory or file stores (because they're mainly development-focused anyway), but we already have a way to define a DB connection in the config (for use with the Cot's ORM) and the framework user shouldn't need to provide the same credentials twice, but the session store should rather use the Cot's ORM directly. The same should be true for Redis/Mongo/whatever cache – we don't have any Cache API at the moment, but I think we should at some point. And when we have the Cache API, we should just be able to use it to implement session stores. So I think we could try to translate these use cases into Config files:
[middlewares.session.store]
type = "memory"[middlewares.session.store]
type = "file"
path = "sessions.db"
[middlewares.session.store]
type = "database" # will just use Cot's ORM
For now, something like so should be good enough: [middlewares.session.store]
type = "redis"
url = "redis://localhost:6379"But, when Cot gets a dedicated Cache API with its own connection settings, the above can be just changed to: [middlewares.session.store]
type = "cache" # similarly to "database", this just means we'll use Cot's Cache API
name = "cache1" # optional; only needed if more than one cache is definedDo you think the above makes sense? Obviously, implementing a Cache API is out of scope for this PR, but if you'd like to do it as well, you're more than welcome to. |
@m4tx Yes, that makes sense. I can look into having a Cache API(we can create an issue to track this), in a separate PR—almost async with this one. Would you still want that designed with a singular backend in mind for now, and support multi later? |
|
@ElijahAhianyo actually, I think cases 1 and 3 from my answer can be merged together – there's nothing stopping us from implementing in-memory and file-backed caching. This would leave us with only two session backends that we would need to implement - I've created an issue to track the Cache API: #308.
I think having just one backend is 100% fine for now - we can work on this to add support for multiple ones later, as this doesn't sound like an everyday use case anyways. |
@m4tx I see, just so we're on the same page on what the TOML file should look like in the context of this PR, If we have two(
[middlewares.session.store]
type = "cache"
cache_type = "redis" # very verbose
url = "redis://localhost:6379"
[middlewares.session.store]
type = "cache"
url = "redis://localhost:6379" # will be infered as redis store from the uri
|
|
@ElijahAhianyo I think option number 2 should be good enough, as it doesn't duplicate the data in the config, and it will be consistent with the ORM behavior. When creating the Cache API, we just need to make sure it's possible to register new cache backends (for instance, the cache backend may need to provide all the URL schemas it supports, and our code would just try to match the URL to all registered backends). By the way, just to be sure, this is fine for now: [middlewares.session.store]
type = "cache"
url = "redis://localhost:6379"But eventually we'll want to have something closer to this (when we have the Cache API): [cache]
URL = "redis://localhost:6379"
[middlewares.session.store]
type = "cache" |
ElijahAhianyo
force-pushed
the
elijah/session-store-dynamic
branch
from
1c7763d to
fe3713b
Compare
github-actions
bot
added
the
C-cli
| }, | ||
| #[cfg(feature = "db")] | ||
| Self::Database => { | ||
| unimplemented!(); |
There was a problem hiding this comment.
I ended up moving the DB implementation into another PR since there are some nuances to it; The DB option requires a migration model and generated migration, which I haven't gotten to the bottom of
ElijahAhianyo
changed the title
ElijahAhianyo
changed the title
| let store = MemoryStore::default(); | ||
| let layer = SessionManagerLayer::new(store); | ||
| Self { inner: layer } | ||
| pub fn new(store: Arc<dyn SessionStore + Send + Sync>) -> Self { |
There was a problem hiding this comment.
| pub fn new(store: Arc<dyn SessionStore + Send + Sync>) -> Self { | |
| pub fn new<T: SessionStore + Send + Sync + 'static>(store: T) -> Self { |
Would this make sense?
There was a problem hiding this comment.
Yeah this works. Excuse my ignorance, is the idea here to make the API more ergonomic by handling the trait object boxing internally, so callers can pass in concrete types directly?
| @@ -15,3 +15,6 @@ cache_timeout = "1year" | |||
|
|
|||
| [middlewares.session] | |||
| secure = false | |||
|
|
|||
| [middlewares.session.store] | |||
| type = "memory" | |||
There was a problem hiding this comment.
I think there's not much point in specifying this if this is the default value—however, it will be good to set this to "db" when we implement this backend (both for dev and prod configs).
There was a problem hiding this comment.
Yeah I agree with this. I only had this as a placeholder since we dont really have the db option fully implemented yet. Would you want me to remove this change until the db implementation is ready?
| #[derive(Debug, Error)] | ||
| /// Errors that can occur when using the Redis session store. | ||
| #[non_exhaustive] | ||
| pub enum RedisStoreError { |
There was a problem hiding this comment.
Perhaps it would be good to make this private and wrap this inside a public struct? This way we won't have to expose deadpool_redis and redis crates in the public API. I'm not quite sure how much value it is for the user to have concrete, public error variants.
What do you think?
There was a problem hiding this comment.
Perhaps it would be good to make this private and wrap this inside a public struct?
I'm not sure I follow the public struct wrapping part(would appreciate some further elaboration). Since we typically convert RedisStoreError to session_store::Error, users shouldn't see the concrete types directly unless I'm missing something.
Would it work better to make the enum private and have constructors return Result<Self, session_store::Error>? Though I'm wondering if there are cases where users might benefit from matching on specific error variants when using RedisStore directly (that is if there are cases where users use the stores directly) .
Alternatively, what about keeping the enum public but hiding the external crate details like this:
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum RedisStoreError {
#[error("Pool connection error: {0}")]
PoolConnection(String),
#[error("Pool creation error: {0}")]
PoolCreation(String),
#[error("Redis command error: {0}")]
Command(String),
#[error("Serialization error: {0}")]
Serialize(serde_json::Error),
#[error("Deserialization error: {0}")]
Deserialize(serde_json::Error),
}This removes the external crate exposure while staying consistent with our other store error types. Does this approach also seem reasonable?
There was a problem hiding this comment.
If you feel like it will be valuable for users to have specific error variants, then I'm okay with this. However, I think it will be best to have this instead:
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum RedisStoreError {
#[error("Pool connection error: {0}")]
PoolConnection(Box<dyn Error + Send + Sync>),
#[error("Pool creation error: {0}")]
PoolCreation(Box<dyn Error + Send + Sync>),
#[error("Redis command error: {0}")]
Command(Box<dyn Error + Send + Sync>),
#[error("Serialization error: {0}")]
Serialize(Box<dyn Error + Send + Sync>), // not 100% sure if we want to keep serde_json's error types - this sounds like implementation detail
#[error("Deserialization error: {0}")]
Deserialize(Box<dyn Error + Send + Sync>),
}I slightly modified your code to have Box<dyn Error> everywhere (I'm okay with having serde_json's error types, though, I think) – this way we won't lose the original error data (it might be useful to display it on Cot's error page), but we won't have API breakage every time redis crates are updated (note that when using concrete error types, even something as harmless-looking as updating deadpool-redis from 0.21 to 0.22 means we need to bump our major version as well, since we effectively expose its API!).
| #[cfg(feature = "cache")] | ||
| impl From<String> for CacheUrl { | ||
| fn from(url: String) -> Self { | ||
| Self(url::Url::parse(&url).expect("invalid cache URL")) |
There was a problem hiding this comment.
@m4tx I drew inspiration from the DbUrl implementation here. However, if this is Fallible, shouldn't we implement the TryFrom trait instead?
There was a problem hiding this comment.
I believe we panic here instead of handling the error on a principle that if a configuration is incorrect, the application should not start anyway.
This Pr lays the foundation for supporting multiple session stores. Currently, there are 4 supported store types:
Memory, Cache, File and DB(implementation to be added in a follow up PR).
Memory
This is the default store which stores the session data in a thread-safe hashmap. It is suitable for development environments
Toml Example
Config Example
File Store
The file store persists sessions in a specified directory as files on a file system.
Toml Example
Config Example
Cache Store
The cache store uses a configured cache backed to persist data. This PR ships with support for a Redis backend. Support for other cache backends will be added in follow up PRs.
The cache store is gated behind the
cachefeature, while the redis implementation is gated behind theredisfeature. To use the redis cache store, you will have to enable both.Toml Example
Config Example
DB store
The DB store uses Cot's ORM to persist session data, Its implementation details will be added in a follow up PR.