diff --git a/Cargo.toml b/Cargo.toml index 5df2f1586..a04815cb2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ aead = "0.5" aes-gcm = "0.10" anyhow = "1" async-compression = "0.3" -async-session = "3" +async-session = { git = "https://github.com/http-rs/async-session", branch = "overhaul-session-and-session-store" } async-trait = "0.1" base64 = "0.21" bytes = "1" diff --git a/crates/session/Cargo.toml b/crates/session/Cargo.toml index 97d5ec306..f5700127d 100644 --- a/crates/session/Cargo.toml +++ b/crates/session/Cargo.toml @@ -19,6 +19,9 @@ rustdoc-args = ["--cfg", "docsrs"] [dependencies] async-session.workspace = true +base64.workspace = true +sha2.workspace = true +hmac.workspace = true cookie = { workspace = true, features = ["percent-encode", "signed"] } salvo_core = { workspace = true, default-features = false } tracing.workspace = true diff --git a/crates/session/src/lib.rs b/crates/session/src/lib.rs index af12fbedc..28fbeb1c8 100644 --- a/crates/session/src/lib.rs +++ b/crates/session/src/lib.rs @@ -76,12 +76,12 @@ pub use async_session::{CookieStore, MemoryStore, Session, SessionStore}; use std::fmt::{self, Formatter}; use std::time::Duration; -use async_session::base64; -use async_session::hmac::{Hmac, Mac, NewMac}; -use async_session::sha2::Sha256; +use base64::{engine::general_purpose::STANDARD as BASE64, Engine}; use cookie::{Cookie, Key, SameSite}; +use hmac::{Hmac, Mac}; use salvo_core::http::uri::Scheme; use salvo_core::{async_trait, Depot, Error, FlowCtrl, Handler, Request, Response}; +use sha2::{digest::generic_array::GenericArray, Sha256}; /// Key for store data in depot. pub const SESSION_KEY: &str = "::salvo::session"; @@ -131,7 +131,7 @@ pub struct HandlerBuilder { key: Key, fallback_keys: Vec, } -impl fmt::Debug for HandlerBuilder { +impl fmt::Debug for HandlerBuilder { #[inline] fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { f.debug_struct("HandlerBuilder") @@ -150,7 +150,7 @@ impl fmt::Debug for HandlerBuilder { impl HandlerBuilder where - S: SessionStore, + S: SessionStore + Send + Sync + 'static, { /// Create new `HandlerBuilder` #[inline] @@ -291,7 +291,7 @@ pub struct SessionHandler { hmac: Hmac, fallback_hmacs: Vec>, } -impl fmt::Debug for SessionHandler { +impl fmt::Debug for SessionHandler { #[inline] fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { f.debug_struct("SessionHandler") @@ -310,7 +310,7 @@ impl fmt::Debug for SessionHandler { #[async_trait] impl Handler for SessionHandler where - S: SessionStore, + S: SessionStore + Send + Sync + 'static, { async fn handle(&self, req: &mut Request, depot: &mut Depot, res: &mut Response, ctrl: &mut FlowCtrl) { let cookie = req.cookies().get(&self.cookie_name); @@ -354,7 +354,7 @@ where impl SessionHandler where - S: SessionStore, + S: SessionStore + Send + Sync + 'static, { /// Create new `HandlerBuilder` pub fn builder(store: S, secret: &[u8]) -> HandlerBuilder { @@ -382,18 +382,20 @@ where // Split [MAC | original-value] into its two parts. let (digest_str, value) = cookie_value.split_at(BASE64_DIGEST_LEN); - let digest = base64::decode(digest_str).map_err(|_| Error::Other("bad base64 digest".into()))?; + let digest = BASE64 + .decode(digest_str) + .map_err(|_| Error::Other("bad base64 digest".into()))?; // Perform the verification. let mut hmac = self.hmac.clone(); hmac.update(value.as_bytes()); - if hmac.verify(&digest).is_ok() { + if hmac.verify(GenericArray::from_slice(&digest)).is_ok() { return Ok(value.to_string()); } for hmac in &self.fallback_hmacs { let mut hmac = hmac.clone(); hmac.update(value.as_bytes()); - if hmac.verify(&digest).is_ok() { + if hmac.verify(GenericArray::from_slice(&digest)).is_ok() { return Ok(value.to_string()); } } @@ -430,7 +432,7 @@ where mac.update(cookie.value().as_bytes()); // Cookie's new value is [MAC | original-value]. - let mut new_value = base64::encode(mac.finalize().into_bytes()); + let mut new_value = BASE64.encode(mac.finalize().into_bytes()); new_value.push_str(cookie.value()); cookie.set_value(new_value); }