fastn_session with expires_at and Login with Custom Expiration

Cargo.toml

@@ -35,6 +35,7 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 thiserror = "1"
 chrono = { version = "0.4", default-features = false, features = ["serde"] }
+cookie = "0.18"
 diesel = { version = ">=2, <2.2", features = ["serde_json"] }
 serde_urlencoded = "0.7"
 include_dir = "0.7"
@@ -43,6 +44,7 @@ uuid = { version = "1.8", default-features = false, features = ["v8"] }
 ft-sys-shared = { path = "ft-sys-shared", version = "0.1.2" }
 ft-derive = { path = "ft-derive", version = "0.1.1" }
 ft-sys = { path = "ft-sys", version = "0.1.3" }
+ft-sdk = { path = "ft-sdk", version = "0.1.12" }
 
 
 [workspace.dependencies.rusqlite]

ft-sdk/Cargo.toml

@@ -33,6 +33,7 @@ diesel = { workspace = true, optional = true }
 include_dir.workspace = true
 rand_core.workspace = true
 uuid.workspace = true
+cookie.workspace = true
 
 [dev-dependencies]
 pretty_assertions = "1"

ft-sdk/src/auth/mod.rs

@@ -6,7 +6,9 @@ mod utils;
 
 pub use ft_sys_shared::SESSION_KEY;
 pub use schema::{fastn_session, fastn_user};
-pub use session::SessionID;
+#[cfg(feature = "auth-provider")]
+pub use session::{expire_session_cookie, set_session_cookie};
+pub use session::{SessionID, SessionIDError};
 pub use utils::{user_data_by_query, Counter};
 
 #[derive(Clone, Debug)]
@@ -73,29 +75,52 @@ pub fn session_providers() -> Vec<String> {
     todo!()
 }
 
+/// Fetches user data based on a given session cookie.
+///
+/// This function fetches user data based on a given session cookie if the
+/// session cookie is found and is valid and user data is found.
+/// If the session cookie not found, it returns `None`.
 #[cfg(feature = "field-extractors")]
 pub fn ud(
     cookie: ft_sdk::Cookie<SESSION_KEY>,
     conn: &mut ft_sdk::Connection,
 ) -> Result<Option<ft_sys::UserData>, UserDataError> {
-    if let Some(v) = ft_sys::env::var("DEBUG_LOGGED_IN".to_string()) {
-        let mut v = v.splitn(4, ' ');
-        return Ok(Some(ft_sys::UserData {
-            id: v.next().unwrap().parse().unwrap(),
-            identity: v.next().unwrap_or_default().to_string(),
-            name: v.next().map(|v| v.to_string()).unwrap_or_default(),
-            email: v.next().map(|v| v.to_string()).unwrap_or_default(),
-            verified_email: true,
-        }));
+    ft_sdk::println!("session cookie: {cookie}");
+    // Check if debug user data is available, return it if found.
+    if let Some(ud) = get_debug_ud() {
+        return Ok(Some(ud));
     }
 
-    ft_sdk::println!("sid: {cookie}");
-
-    let sid = match cookie.0 {
+    // Extract the session ID from the cookie.
+    let session_id = match cookie.0 {
         Some(v) => v,
         None => return Ok(None),
     };
 
+    ud_from_session_key(conn, &ft_sdk::auth::SessionID(session_id))
+}
+
+/// Fetches user data based on a given session id.
+///
+/// This function fetches user data based on a given session id if the
+/// session is valid and user data is found.
+/// If the session cookie not found, it returns `None`.
+#[cfg(feature = "field-extractors")]
+pub fn ud_from_session_key(
+    conn: &mut ft_sdk::Connection,
+    session_id: &ft_sdk::auth::SessionID,
+) -> Result<Option<ft_sys::UserData>, UserDataError> {
+    // Check if debug user data is available, return it if found.
+    if let Some(ud) = get_debug_ud() {
+        return Ok(Some(ud));
+    }
+
+    ft_sdk::println!("sid: {}", session_id.0);
+
+    // Validate the session using the extracted session ID.
+    session_id.validate_session(conn)?;
+
+    // Query the database to get the user data associated with the session ID.
     let (UserId(id), identity, data) = match utils::user_data_by_query(
         conn,
         r#"
@@ -107,13 +132,14 @@ pub fn ud(
                 fastn_session.id = $1
                 AND fastn_user.id = fastn_session.uid
             "#,
-        sid.as_str(),
+        session_id.0.as_str(),
     ) {
         Ok(v) => v,
         Err(UserDataError::NoDataFound) => return Ok(None),
         Err(e) => return Err(e),
     };
 
+    // Extract the primary email from the user data, prefer verified emails.
     let email = data
         .verified_emails
         .first()
@@ -122,19 +148,46 @@ pub fn ud(
 
     Ok(Some(ft_sys::UserData {
         id,
-        identity: identity.expect("user fetched from session cookie must have identity"),
+        identity: identity.ok_or_else(|| UserDataError::IdentityNotFound)?,
         name: data.name.unwrap_or_default(),
         email,
         verified_email: !data.verified_emails.is_empty(),
     }))
 }
 
+/// Check if debug user data is available, return it if found.
+fn get_debug_ud() -> Option<ft_sys::UserData> {
+    match ft_sys::env::var("DEBUG_LOGGED_IN".to_string()) {
+        Some(debug_logged_in) => {
+            let mut debug_logged_in = debug_logged_in.splitn(4, ' ');
+            Some(ft_sys::UserData {
+                id: debug_logged_in.next().unwrap().parse().unwrap(),
+                identity: debug_logged_in.next().unwrap_or_default().to_string(),
+                name: debug_logged_in
+                    .next()
+                    .map(|v| v.to_string())
+                    .unwrap_or_default(),
+                email: debug_logged_in
+                    .next()
+                    .map(|v| v.to_string())
+                    .unwrap_or_default(),
+                verified_email: true,
+            })
+        }
+        None => None,
+    }
+}
+
 #[derive(Debug, thiserror::Error)]
 pub enum UserDataError {
     #[error("no data found for the provider")]
     NoDataFound,
     #[error("multiple rows found")]
     MultipleRowsFound,
+    #[error("session error: {0:?}")]
+    SessionError(#[from] ft_sdk::auth::SessionIDError),
+    #[error("user fetched from session cookie must have identity")]
+    IdentityNotFound,
     #[error("db error: {0:?}")]
     DatabaseError(#[from] diesel::result::Error),
     #[error("failed to deserialize data from db: {0:?}")]

ft-sdk/src/auth/provider.rs

@@ -290,23 +290,57 @@ pub fn create_user(
     Ok(ft_sdk::auth::UserId(user_id))
 }
 
-/// persist the user in session and redirect to `next`
+/// Logs in a user and manages session creation or update.
 ///
-/// `identity`: Eg for GitHub, it could be the username. This is stored in the cookie so can be
-/// retrieved without a db call to show a user identifiable information.
+/// # Arguments
+///
+/// * `conn` - Mutable reference to a `ft_sdk::Connection` to interact with the database.
+/// * `user_id` - Reference to a `ft_sdk::UserId` representing the user's ID.
+/// * `session_id` - Optional `ft_sdk::auth::SessionID` representing an existing session ID.
+///
+/// # Returns
+///
+/// A `Result` containing a `ft_sdk::auth::SessionID` if the login operation is successful,
+/// or a `LoginError` if there's an issue with the login process.
 pub fn login(
     conn: &mut ft_sdk::Connection,
-    ft_sdk::UserId(user_id): &ft_sdk::UserId,
+    user_id: &ft_sdk::UserId,
     session_id: Option<ft_sdk::auth::SessionID>,
+) -> Result<ft_sdk::auth::SessionID, LoginError> {
+    login_with_custom_session_expiration(conn, user_id, session_id, None)
+}
+
+/// Logs in a user with customizable session expiration and manages session creation or update.
+///
+/// # Arguments
+///
+/// * `conn` - Mutable reference to a `ft_sdk::Connection` to interact with the database.
+/// * `user_id` - Reference to a `ft_sdk::UserId` representing the user's ID.
+/// * `session_id` - Optional `ft_sdk::auth::SessionID` representing an existing session ID.
+/// * `session_expiration_duration` - Optional `chrono::Duration` for custom session expiration.
+///
+/// # Returns
+///
+/// A `Result` containing a `ft_sdk::auth::SessionID` if the login operation is successful,
+/// or a `LoginError` if there's an issue with the login process.
+pub fn login_with_custom_session_expiration(
+    conn: &mut ft_sdk::Connection,
+    user_id: &ft_sdk::UserId,
+    session_id: Option<ft_sdk::auth::SessionID>,
+    session_expiration_duration: Option<chrono::Duration>,
 ) -> Result<ft_sdk::auth::SessionID, LoginError> {
     match session_id {
-        Some(session_id) if session_id.0 == "hello" => {
-            Ok(ft_sdk::auth::session::create_with_user(conn, *user_id)?)
-        }
-        Some(session_id) => Ok(ft_sdk::auth::session::set_user_id(
-            conn, session_id, *user_id,
+        Some(session_id) if session_id.0 == "hello" => Ok(ft_sdk::auth::session::create_with_user(
+            conn,
+            user_id,
+            session_expiration_duration,
+        )?),
+        _ => Ok(ft_sdk::auth::session::set_user_id(
+            conn,
+            session_id,
+            user_id,
+            session_expiration_duration,
         )?),
-        None => Ok(ft_sdk::auth::session::create_with_user(conn, *user_id)?),
     }
 }
 
@@ -316,7 +350,6 @@ pub enum LoginError {
     DatabaseError(#[from] diesel::result::Error),
     #[error("set user id for session {0}")]
     SetUserIDError(#[from] ft_sdk::auth::session::SetUserIDError),
-
     #[error("json error: {0}")]
     JsonError(#[from] serde_json::Error),
 }

ft-sdk/src/auth/schema.rs

@@ -20,6 +20,7 @@ diesel::table! {
         data -> Text,
         updated_at -> Timestamptz,
         created_at -> Timestamptz,
+        expires_at -> Nullable<Timestamptz>,
     }
 }