Wraps any object with a toFuture
method
Consul Response
Typeclasses for Encoding data within sessions
This type uses the SessionDataEncoder to encode
generic types to com.twitter.io.Buf, then the Encryptable and Decryptable types will unwrap the Buf
encrypt/decrypt it, and then rewrap it.
Creates a new Secret that can be used to Signer.sign
Creates a new Secret that can be used to Signer.sign
unique identifier for this secret
how long this signer is valid
the random bytes for this key
Two secrets must be in rotation at any given time: - Current: used for creating new sessions and validating incoming non-expired sessions - Previous: validating incoming non-expired sessions, e.g.
Two secrets must be in rotation at any given time: - Current: used for creating new sessions and validating incoming non-expired sessions - Previous: validating incoming non-expired sessions, e.g. sessions signed by yesterday's key
Since each Secret expires (default of 1 day), the
window of a non-expired Session is somewhere between the expiry of
the current Secret
and the previous Secret
Place for current and previous valid Secret as they rotate
A container for some type A
with a unique identifier of SignedId
Helpful value class for Session operations
Session store that will store a Session[_]
data into
This type represents the value of a user's Cookie The design of this is to act as a cryptographically verifiable identifier for a user
This type represents the value of a user's Cookie The design of this is to act as a cryptographically verifiable identifier for a user
In String form, is a Base64
encoded concatenation of the following transformation:
expires: Time => Long
=> Array[Byte]
entropy: Array[Byte]
secret: Secret => SecretId
tag: => Tag
signature: Array[Byte]
the time at which this id is expired
the random bytes unique to this session id
the secret used to sign this session id
the bytes of the signature(expires, entropy, secret.id)
More object-style accessors on SignedId, implementation defined in SignedId
Tag is a byte that help us differentiate the set of SignedId from others.
Wraps any Throwable
with a toFutureException
method
Helper for Byte -> Json
Create instances of Encoder
Instances of EncryptedDataEncoder only need to contain a SessionDataEncoder TODO: remove this whole concept of an EncryptedDataEncoder type class, it's worthless.
Instances of EncryptedDataEncoder only need to contain a SessionDataEncoder
TODO: remove this whole concept of an EncryptedDataEncoder type class, it's worthless.
We can treat Session as a Functor
and apply the encryption/decryption
via mixins to the base SessionStore
Helper object for defining defaults for entropy, id size, and expiry
Helper object for defining defaults for entropy, id size, and expiry
val validSecret = Secret() val anotherSecret = Secret(Time.now + Duration(1, TimeUnit.HOURS)) // expires in an hour
Instances of SecretEncoder for Secret => A
Default implementations of SecretStoreApi
Instances of SessionDataEncoder for A => com.twitter.io.Buf
Default implementations of SessionStore with memcached and an in-memory store for mocking
Instances of SignedIdEncoder for SignedId => A
Time -> Long -> Json
This introduces types and functions that enable identifying, fetching, and storing web session data. This is accomplished by a set of types that will be used by consumers of this library:
Session
,Store
, andSecret
.A Secret is a cryptographically verifiable signing key used to sign a SignedId. Creating a
Secret
is simple. It defaults to expire at Secret.lifetimeA SignedId is a cryptographically signed identifier for a Session, it consists of entropy, expiry, secret,and signature of those items. This is meant to be used as the com.twitter.finagle.http.Cookie value, so we provide serializing to String.
A Session is product type of a cryptographically verifiable identifier SignedId and an arbitrary data type A
. The only requirement for a SessionStore[B,M] to store/fetch a
Session[A]is that there be some implicit injective views from
A => Band
B => Try[A].
We have provided default encodings for:
http.Request => Buf
,String => Buf
and their injective views.Let's say you have a Session.data type that doesn't have the injective that you need, that's OK! Assuming you are storing it in memcached, which requires a type of Buf for the value: