Use Redis for user sessions, other improvements

stagrim · Nov 3, 2023 · e736d65 · e736d65
1 parent 6a24ac3
commit e736d65
Show file tree

Hide file tree

Showing 13 changed files with 226 additions and 119 deletions.
diff --git a/gasta/.env.template b/gasta/.env.template
@@ -1,3 +1,4 @@
 SERVER_URL="<URL to server>" # Example for localhost: "http://127.0.0.1:8080"
 LDAP_URL="<URL to LDAP>" # Example for localhost: "ldap://127.0.0.1:3000"
-UUID5_NAMESPACE="<UUID>" # A Uuid to use when generating session ids (keep secret)
+UUID5_NAMESPACE="<UUID>" # A Uuid to use when generating session ids (keep secret)
+REDIS_URL="<URL to Redis>" # Example for localhost: "redis://127.0.0.1:6381"
diff --git a/gasta/dev/docker-compose.yaml b/gasta/dev/docker-compose.yaml
@@ -0,0 +1,8 @@
+version: "3.2"
+services:
+ redis-gasta-dev:
+   restart: "always"
+   image: "redis:alpine"
+   command: redis-server --save ""
+   ports:
+    - "6381:6379"
diff --git a/gasta/package.json b/gasta/package.json
@@ -20,6 +20,7 @@
 		"@sveltejs/adapter-node": "^1.3.1",
 		"@sveltejs/kit": "^1.25.0",
 		"@tailwindcss/forms": "^0.5.6",
+		"@types/cookie": "^0.5.3",
 		"@types/ldapjs": "^3.0.2",
 		"@types/node": "^20.6.0",
 		"@typescript-eslint/eslint-plugin": "^6.7.0",
@@ -45,6 +46,7 @@
 	},
 	"dependencies": {
 		"js-sha3": "^0.9.1",
-		"ldapjs": "^3.0.5"
+		"ldapjs": "^3.0.5",
+		"ioredis": "^5.3.2"
 	}
 }
diff --git a/gasta/pnpm-lock.yaml b/gasta/pnpm-lock.yaml
diff --git a/gasta/src/app.d.ts b/gasta/src/app.d.ts
@@ -15,6 +15,7 @@ declare global {
 			SERVER_URL: string,
 			LDAP_URL: string,
 			UUID5_NAMESPACE: string,
+			REDIS_URL: string,
 		}
 
 		interface Locals {

diff --git a/gasta/src/hooks.server.ts b/gasta/src/hooks.server.ts
@@ -15,22 +15,26 @@ if (env.LDAP_URL) {
     throw new Error("LDAP_URL environment variable is not defined, can't connect to LDAP")
 }
 
+if (env.REDIS_URL) {
+    console.log(`Listening to Redis on ${env.REDIS_URL}`)
+} else if (!building) {
+    throw new Error("REDIS_URL environment variable is not defined, can't connect to Redis")
+}
+
 export const handle: Handle = async ({ event, resolve }) => {
 
     // Ensure browser security
-    console.log(event.request.headers.get("SEC-CH-UA"));
-
     if (!event.url.pathname.startsWith('/not-supported') && event.request.headers.get("SEC-CH-UA")?.includes(`"Edge"`)) {
         throw redirect(303, "/not-supported")
     } else if (event.url.pathname.startsWith('/not-supported') && !event.request.headers.get("SEC-CH-UA")?.includes(`"Edge"`)) {
         throw redirect(303, "/")
     }
 
-    const valid = valid_session(event.cookies.get('session-id')!, event.request.headers.get("User-Agent")!);
+    const valid = await valid_session(event.cookies.get('session-id')!, event.request.headers.get("User-Agent")!);
     if (!event.url.pathname.startsWith("/login") && !event.url.pathname.startsWith("/not-supported")) {
         if (valid) {
-            event.locals.user = session_username(event.cookies.get('session-id')!)
-            event.locals.name = session_display_name(event.cookies.get('session-id')!)
+            event.locals.user = await session_username(event.cookies.get('session-id')!)
+            event.locals.name = await session_display_name(event.cookies.get('session-id')!)
             // console.log("Valid req, will not redirect")
         } else {
             // console.log("Invalid req, will redirect to login")