Session extension improvements, fewer props considered unsafe for use…

…r model

session/README.md

@@ -1,2 +1,9 @@
 # Nibbler Session
 
+Provides a session for the server to use.
+
+Users can provide their own connector, or a Cookie connector will be used
+if one is not provided.  It is recommended that users use their own connector
+for production apps.  A sample has been provided in ./sample.connector.
+
+The default MaxAge is 30 days (86400 * 30) in all cases (which is pretty long).

session/extension.go

@@ -3,10 +3,10 @@ package session
 import (
 	"encoding/gob"
 	"errors"
-	"net/http"
 	"github.com/gorilla/sessions"
 	"github.com/markdicksonjr/nibbler"
 	"github.com/markdicksonjr/nibbler/user"
+	"net/http"
 )
 
 type SessionStoreConnector interface {
@@ -16,17 +16,17 @@ type SessionStoreConnector interface {
 type Extension struct {
 	nibbler.NoOpExtension
 
+	// settings for when you don't provide a connector
 	Secret         string
 	SessionName    string
+	MaxAge         int
+
 	StoreConnector *SessionStoreConnector	// creates cookie store if not provided
+
 	store          *sessions.Store			// created by this extension
 }
 
 func (s *Extension) Init(app *nibbler.Application) error {
-	if len(s.Secret) == 0 {
-		return errors.New("session extension requires secret")
-	}
-
 	(*app.GetConfiguration().Raw).Get()
 
 	gob.Register(map[string]interface{}{})
@@ -35,12 +35,27 @@ func (s *Extension) Init(app *nibbler.Application) error {
 	if s.StoreConnector != nil {
 		storeConnector := *s.StoreConnector
 		errConnect, store := storeConnector.Connect()
+
+		// save the store to the extension
 		s.store = &store
 		return errConnect
 	}
 
-	// if a connector isn't provided, use a cookie store
+	// otherwise, we need the session secret
+	if len(s.Secret) == 0 {
+		return errors.New("session extension requires secret")
+	}
+
+	// use a cookie store
 	var store sessions.Store = sessions.NewCookieStore([]byte(s.Secret))
+
+	// set the max age if the user has provided it
+	if s.MaxAge != 0 {
+		var cookieStore = store.(*sessions.CookieStore)
+		cookieStore.MaxAge(s.MaxAge)
+	}
+
+	// save the store to the extension
 	s.store = &store
 
 	return nil

session/sample.connector/sample.application.go

@@ -0,0 +1,91 @@
+package main
+
+import (
+	"github.com/gorilla/sessions"
+	"github.com/jinzhu/gorm"
+	"github.com/markdicksonjr/nibbler"
+	"github.com/markdicksonjr/nibbler/database/sql"
+	"github.com/markdicksonjr/nibbler/session"
+	"github.com/markdicksonjr/nibbler/user"
+	NibUserSql "github.com/markdicksonjr/nibbler/user/database/sql"
+	_ "github.com/michaeljs1990/sqlitestore"
+	"github.com/wader/gormstore"
+	"log"
+)
+
+type SqlMemoryStoreConnector struct {
+}
+
+func (s SqlMemoryStoreConnector) Connect() (error, sessions.Store) {
+	db, err := gorm.Open("sqlite3", ":memory:")
+
+	if err != nil {
+		return err, nil
+	}
+
+	store := gormstore.NewOptions(db,
+		gormstore.Options{},
+		[]byte("some-key"),
+	)
+
+	store.SessionOpts.MaxAge = 60 * 60 * 24 * 15 // 15 days
+
+	return nil, store
+}
+
+func main() {
+
+	// allocate logger and configuration
+	var logger nibbler.Logger = nibbler.DefaultLogger{}
+
+	// allocate configuration
+	config, err := nibbler.LoadConfiguration(nil)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// prepare models for initialization
+	var models []interface{}
+	models = append(models, user.User{})
+
+	// allocate an SQL controller, providing an sql extension
+	sqlController := NibUserSql.Extension{
+		SqlExtension: &sql.Extension{
+			Models: models,
+		},
+	}
+
+	// allocate user extension, providing sql extension to it
+	userExtension := user.Extension{
+		PersistenceExtension:  &sqlController, // &elasticController,
+	}
+
+	// allocate session extension, with an optional custom connector
+	var sessionConnector session.SessionStoreConnector = &SqlMemoryStoreConnector{}
+	sessionExtension := session.Extension{
+		StoreConnector: &sessionConnector,
+	}
+
+	// prepare extensions for initialization
+	extensions := []nibbler.Extension{
+		sqlController.SqlExtension,
+		&userExtension,
+		&sessionExtension,
+	}
+
+	// initialize the application
+	appContext := nibbler.Application{}
+	err = appContext.Init(config, &logger, &extensions)
+
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+
+	// start the app
+	err = appContext.Run()
+
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+}

session/sample/sample.application.go

@@ -1,36 +1,18 @@
 package main
 
 import (
-	"log"
 	"github.com/gorilla/sessions"
-	"github.com/wader/gormstore"
 	"github.com/jinzhu/gorm"
-	_ "github.com/michaeljs1990/sqlitestore"
 	"github.com/markdicksonjr/nibbler"
-	"github.com/markdicksonjr/nibbler/session"
 	"github.com/markdicksonjr/nibbler/database/sql"
+	"github.com/markdicksonjr/nibbler/session"
 	"github.com/markdicksonjr/nibbler/user"
 	NibUserSql "github.com/markdicksonjr/nibbler/user/database/sql"
+	_ "github.com/michaeljs1990/sqlitestore"
+	"github.com/wader/gormstore"
+	"log"
 )
 
-type SqlMemoryStoreConnector struct {
-}
-
-func (s SqlMemoryStoreConnector) Connect() (error, sessions.Store) {
-	db, err := gorm.Open("sqlite3", ":memory:")
-
-	if err != nil {
-		return err, nil
-	}
-
-	store := gormstore.NewOptions(db,
-		gormstore.Options{},
-		[]byte("some-key"),
-	)
-
-	return nil, store
-}
-
 func main() {
 
 	// allocate logger and configuration
@@ -60,9 +42,8 @@ func main() {
 	}
 
 	// allocate session extension, with an optional custom connector
-	var sessionConnector session.SessionStoreConnector = &SqlMemoryStoreConnector{}
 	sessionExtension := session.Extension{
-		StoreConnector: &sessionConnector,
+		MaxAge: 60 * 60 * 24 * 15, // 15 days
 		Secret: "something",
 	}
 

user/model.go

@@ -66,7 +66,6 @@ func ToJson(user *User) (result string, err error) {
 	}
 
 	result = string(userJsonBytes)
-
 	return
 }
 
@@ -75,8 +74,5 @@ func GetSafeUser(user User) User {
 	safeUser.Password = nil
 	safeUser.PasswordResetExpiration = nil
 	safeUser.PasswordResetToken = nil
-	safeUser.FailedLoginCount = nil
-	safeUser.IsActive = nil
-	safeUser.IsEmailValidated = nil
 	return safeUser
 }