Class: Tep::Session

Inherits:

Object

• Object
• Tep::Session

Defined in:

lib/tep/session.rb

Instance Attribute Summary

• #data ⇒ Object

  Returns the value of attribute data.

• #dirty ⇒ Object

  Returns the value of attribute dirty.

Instance Method Summary

• #clear ⇒ Object
• #get(k) ⇒ Object

  Spinel doesn’t dispatch user-defined ‘[]` / `[]=` on user classes – and emitting them at all forces those methods to default-typed mrb_int params for callers we don’t have, which mismatches the underlying String/String slots.

• #has?(k) ⇒ Boolean
• #initialize ⇒ Session constructor

  A new instance of Session.

• #length ⇒ Object
• #load_from(cookie_value, secret) ⇒ Object

  Verify + decode an inbound cookie value.

• #set(k, v) ⇒ Object
• #to_cookie_value(secret) ⇒ Object

  Serialize + sign for the response cookie.

Constructor Details

#initialize ⇒ Session

Returns a new instance of Session.

# File 'lib/tep/session.rb', line 15

def initialize
  @data  = Tep.str_hash
  @dirty = false
end

Instance Attribute Details

#data ⇒ Object

Returns the value of attribute data.

# File 'lib/tep/session.rb', line 13

def data
  @data
end

#dirty ⇒ Object

Returns the value of attribute dirty.

# File 'lib/tep/session.rb', line 13

def dirty
  @dirty
end

Instance Method Details

#clear ⇒ Object

# File 'lib/tep/session.rb', line 31

def clear;     @data = Tep.str_hash; @dirty = true; end

#get(k) ⇒ Object

Spinel doesn’t dispatch user-defined ‘[]` / `[]=` on user classes – and emitting them at all forces those methods to default-typed mrb_int params for callers we don’t have, which mismatches the underlying String/String slots. So Session exposes only named methods; the translator rewrites ‘session = v` to `session.set(k, v)` and `session` to `session.get(k)` for source compatibility with Sinatra.

# File 'lib/tep/session.rb', line 27

def get(k);    @data[k];                          end

#has?(k) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tep/session.rb', line 29

def has?(k);   @data.key?(k);                     end

#length ⇒ Object

# File 'lib/tep/session.rb', line 30

def length;    @data.length;                      end

#load_from(cookie_value, secret) ⇒ Object

Verify + decode an inbound cookie value. Returns true on success (data populated), false on missing / tampered.

# File 'lib/tep/session.rb', line 35

def load_from(cookie_value, secret)
  if cookie_value.length == 0 || secret.length == 0
    return false
  end
  dot = cookie_value.rindex(".")
  if dot.nil?
    return false
  end
  payload = cookie_value[0, dot]
  sig     = cookie_value[dot + 1, cookie_value.length - dot - 1]
  expect  = Crypto.sp_crypto_hmac_sha256_hex(secret, payload)
  if !Tep.timing_safe_eq(sig, expect)
    return false
  end
  Url.parse_query(payload).each do |k, v|
    @data[k] = v
  end
  true
end

#set(k, v) ⇒ Object

# File 'lib/tep/session.rb', line 28

def set(k, v); @data[k] = v; @dirty = true;       end

#to_cookie_value(secret) ⇒ Object

Serialize + sign for the response cookie. Caller decides when to call this (typically only when @dirty).

# File 'lib/tep/session.rb', line 57

def to_cookie_value(secret)
  payload = ""
  first = true
  @data.each do |k, v|
    if !first
      payload = payload + "&"
    end
    payload = payload + Url.escape(k) + "=" + Url.escape(v)
    first = false
  end
  payload + "." + Crypto.sp_crypto_hmac_sha256_hex(secret, payload)
end