|
CppCMS
|
00001 00002 // 00003 // Copyright (C) 2008-2012 Artyom Beilis (Tonkikh) <artyomtnk@yahoo.com> 00004 // 00005 // See accompanying file COPYING.TXT file for licensing details. 00006 // 00008 #ifndef CPPCMS_SESSION_INTERFACE_H 00009 #define CPPCMS_SESSION_INTERFACE_H 00010 00011 #include <cppcms/defs.h> 00012 #include <booster/noncopyable.h> 00013 #include <booster/hold_ptr.h> 00014 #include <booster/shared_ptr.h> 00015 #include <cppcms/cstdint.h> 00016 #include <cppcms/cppcms_error.h> 00017 #include <cppcms/serialization_classes.h> 00018 #include <string> 00019 #include <map> 00020 #include <memory> 00021 #include <sstream> 00022 #include <typeinfo> 00023 00024 namespace cppcms { 00025 namespace http { 00026 class context; 00027 class request; 00028 class response; 00029 } 00030 00031 class session_api; 00032 00036 class CPPCMS_API request_forgery_error : public cppcms_error { 00037 public: 00039 request_forgery_error() : 00040 cppcms_error("Cross site request forgery detected") 00041 { 00042 } 00043 }; 00044 00069 class CPPCMS_API session_interface : private booster::noncopyable { 00070 public: 00071 00073 session_interface(http::context &); 00074 ~session_interface(); 00076 00080 bool is_set(std::string const &key); 00084 void erase(std::string const &key); 00088 void clear(); 00089 00093 bool is_exposed(std::string const &key); 00098 void expose(std::string const &key,bool val=true); 00102 void hide(std::string const &key); 00103 00108 std::string &operator[](std::string const &key); 00112 void set(std::string const &key,std::string const &v); 00113 00118 std::string get(std::string const &key); 00119 00123 std::string get(std::string const &key,std::string const &default_value); 00124 00134 template<typename T> 00135 T get(std::string const &key) 00136 { 00137 std::istringstream ss(get(key)); 00138 ss.imbue(std::locale::classic()); 00139 T value; 00140 ss>>value; 00141 if(ss.fail() || !ss.eof()) 00142 throw std::bad_cast(); 00143 return value; 00144 } 00145 00151 template<typename T> 00152 void set(std::string const &key,T const &value) 00153 { 00154 std::ostringstream ss; 00155 ss.imbue(std::locale::classic()); 00156 ss<<value; 00157 set(key,ss.str()); 00158 } 00159 00165 template<typename Serializable> 00166 void store_data(std::string const &key,Serializable const &object) 00167 { 00168 std::string buffer; 00169 serialization_traits<Serializable>::save(object,buffer); 00170 set(key,buffer); 00171 } 00172 00181 template<typename Serializable> 00182 void fetch_data(std::string const &key,Serializable &object) 00183 { 00184 std::string buffer=get(key); 00185 serialization_traits<Serializable>::load(buffer,object); 00186 } 00187 00191 enum { 00192 fixed, 00193 renew, 00194 00195 browser 00196 00197 }; 00198 00202 int age(); 00206 void age(int t); 00210 void default_age(); 00211 00215 int expiration(); 00219 void expiration(int h); 00223 void default_expiration(); 00224 00236 void on_server(bool srv); 00237 00241 bool on_server(); 00242 00243 00249 void set_session_cookie(std::string const &data); 00255 void clear_session_cookie(); 00256 00262 std::string get_session_cookie(); 00263 00268 bool load(); 00269 00275 void save(); 00276 00284 bool is_blocking(); 00285 00290 void reset_session(); 00291 00292 00300 bool validate_csrf_token(std::string const &str); 00309 void validate_request_origin(); 00310 00325 void request_origin_validation_is_required(bool required); 00326 00331 std::string get_csrf_token(); 00336 std::string get_csrf_token_cookie_name(); 00337 00338 private: 00339 friend class http::response; 00340 friend class http::request; 00341 00342 00343 00344 struct entry; 00345 00346 typedef std::map<std::string,entry> data_type; 00347 data_type data_,data_copy_; 00348 http::context *context_; 00349 00350 // Cached defaults 00351 int timeout_val_def_; 00352 int how_def_; 00353 00354 // User Values 00355 int timeout_val_; 00356 int how_; 00357 00358 // Information from session data 00359 time_t timeout_in_; 00360 00361 uint32_t new_session_ : 1; 00362 uint32_t saved_ : 1; 00363 uint32_t on_server_ : 1; 00364 uint32_t loaded_ : 1; 00365 uint32_t reset_ : 1; 00366 uint32_t csrf_checked_ : 1; 00367 uint32_t csrf_do_validation_ : 1; 00368 uint32_t csrf_validation_ : 1; 00369 uint32_t reserved_ : 24; 00370 00371 std::string temp_cookie_; 00372 00373 // storage itself 00374 00375 booster::shared_ptr<session_api> storage_; 00376 struct _data; 00377 booster::hold_ptr<_data> d; // for future use 00378 00379 int cookie_age(); 00380 time_t session_age(); 00381 00382 void check(); 00383 void update_exposed(bool); 00384 00385 00386 void set_session_cookie(int64_t age,std::string const &data,std::string const &key=std::string()); 00387 00388 void save_data(std::map<std::string,entry> const &data,std::string &s); 00389 void load_data(std::map<std::string,entry> &data,std::string const &s); 00390 std::string generate_csrf_token(); 00391 }; 00392 00393 } // cppcms 00394 00395 00396 #endif
1.7.6.1