refacto session traits and objects

Author: fupelaqu

session/core/src/main/scala/app/softnetwork/session/service/SessionEndpoints.scala

@@ -24,17 +24,17 @@ trait SessionEndpoints extends TapirEndpoints {
 
   import TapirSessionOptions._
 
-  lazy val oneOffSession: SessionContinuityEndpoints[Session] = oneOff
+  lazy val oneOffSession: TapirSessionContinuity[Session] = oneOff
 
-  lazy val refreshableSession: SessionContinuityEndpoints[Session] = refreshable
+  lazy val refreshableSession: TapirSessionContinuity[Session] = refreshable
 
   import TapirCsrfOptions._
 
   lazy val checkHeaderMode: TapirCsrfCheckMode[Session] = checkHeader
 
   lazy val checkHeaderAndFormMode: TapirCsrfCheckMode[Session] = checkHeaderAndForm
 
-  lazy val sc: SessionContinuityEndpoints[Session] = oneOffSession
+  lazy val sc: TapirSessionContinuity[Session] = oneOffSession
 
   lazy val st: SetSessionTransport = CookieST
 
@@ -52,28 +52,28 @@ trait SessionEndpoints extends TapirEndpoints {
 
 case class OneOffCookieSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints {
-  override lazy val sc: SessionContinuityEndpoints[Session] = oneOffSession
+  override lazy val sc: TapirSessionContinuity[Session] = oneOffSession
   override lazy val st: SetSessionTransport = CookieST
   override lazy val checkMode: TapirCsrfCheckMode[Session] = checkHeaderAndForm
 }
 
 case class OneOffHeaderSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints {
-  override lazy val sc: SessionContinuityEndpoints[Session] = oneOffSession
+  override lazy val sc: TapirSessionContinuity[Session] = oneOffSession
   override lazy val st: SetSessionTransport = HeaderST
   override lazy val checkMode: TapirCsrfCheckMode[Session] = checkHeaderAndForm
 }
 
 case class RefreshableCookieSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints {
-  override lazy val sc: SessionContinuityEndpoints[Session] = refreshableSession
+  override lazy val sc: TapirSessionContinuity[Session] = refreshableSession
   override lazy val st: SetSessionTransport = CookieST
   override lazy val checkMode: TapirCsrfCheckMode[Session] = checkHeaderAndForm
 }
 
 case class RefreshableHeaderSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints {
-  override lazy val sc: SessionContinuityEndpoints[Session] = refreshableSession
+  override lazy val sc: TapirSessionContinuity[Session] = refreshableSession
   override lazy val st: SetSessionTransport = HeaderST
   override lazy val checkMode: TapirCsrfCheckMode[Session] = checkHeaderAndForm
 }

session/core/src/main/scala/com/softwaremill/session/CsrfEndpoints.scala

@@ -1,67 +1,33 @@
 package com.softwaremill.session
 
-import sttp.model.Method._
+import sttp.model.Method
 import sttp.model.headers.{CookieValueWithMeta, CookieWithMeta}
-import sttp.model.{Method, StatusCode}
-import sttp.monad.FutureMonad
-import sttp.tapir.server.PartialServerEndpointWithSecurityOutput
 import sttp.tapir._
+import sttp.tapir.server.PartialServerEndpointWithSecurityOutput
 
 import scala.concurrent.{ExecutionContext, Future}
 
-private[session] trait CsrfEndpoints[T] extends CsrfCheck {
-
-  import com.softwaremill.session.AkkaToTapirImplicits._
-
-  def manager: SessionManager[T]
-
-  implicit def ec: ExecutionContext
-
-  def csrfCookie: EndpointIO.Header[Option[CookieValueWithMeta]] =
-    setCookieOpt(manager.config.csrfCookieConfig.name).description("set csrf token as cookie")
-
-  def submittedCsrfCookie: EndpointInput.Cookie[Option[String]] =
-    cookie(manager.config.csrfCookieConfig.name)
-
-  def submittedCsrfHeader: EndpointIO.Header[Option[String]] = header[Option[String]](
-    manager.config.csrfSubmittedName
-  ).description("read csrf token as header")
-
-  def setNewCsrfToken(): CookieWithMeta = manager.csrfManager.createCookie()
-
-  def hmacTokenCsrfProtectionLogic(
-    method: Method,
-    csrfTokenFromCookie: Option[String],
-    submittedCsrfToken: Option[String]
-  ): Either[Unit, (Option[CookieValueWithMeta], Unit)] = {
-    csrfTokenFromCookie match {
-      case Some(cookie) =>
-        val token = cookie
-        submittedCsrfToken match {
-          case Some(submitted) =>
-            if (submitted == token && token.nonEmpty && manager.csrfManager.validateToken(token)) {
-              Right((None, ()))
-            } else {
-              Left(())
-            }
-          case _ =>
-            Left(())
-        }
-      // if a cookie is not set, generating a new one for **get** requests, rejecting other
-      case _ =>
-        if (method.is(GET)) {
-          Right((Some(manager.csrfManager.createCookie().valueWithMeta), ()))
-        } else {
-          Left(())
-        }
-    }
-  }
-
-  def hmacTokenCsrfProtection[
-    SECURITY_INPUT,
-    PRINCIPAL,
-    SECURITY_OUTPUT
-  ](
+trait CsrfEndpoints {
+
+  /** Protects against CSRF attacks using a double-submit cookie. The cookie will be set on any
+    * `GET` request which doesn't have the token set in the header. For all other requests, the
+    * value of the token from the CSRF cookie must match the value in the custom header (or request
+    * body, if `checkFormBody` is `true`).
+    *
+    * The cookie value is the concatenation of a timestamp and its HMAC hash following the OWASP
+    * recommendation for CSRF prevention:
+    * @see
+    *   <a
+    *   href="https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#hmac-based-token-pattern">OWASP</a>
+    *
+    * Note that this scheme can be broken when not all subdomains are protected or not using HTTPS
+    * and secure cookies, and the token is placed in the request body (not in the header).
+    *
+    * See the documentation for more details.
+    */
+  def hmacTokenCsrfProtection[T, SECURITY_INPUT, PRINCIPAL, SECURITY_OUTPUT](
+    checkMode: TapirCsrfCheckMode[T]
+  )(
     body: => PartialServerEndpointWithSecurityOutput[
       SECURITY_INPUT,
       PRINCIPAL,
@@ -81,86 +47,48 @@ private[session] trait CsrfEndpoints[T] extends CsrfCheck {
     Unit,
     Any,
     Future
-  ] = {
-    val partial =
-      // extract csrf token from cookie
-      csrfTokenFromCookie()
-        // extract request method
-        .securityIn(extractFromRequest(req => req.method))
-        // extract submitted csrf token from header
-        .securityIn(submittedCsrfHeader)
-        // extract submitted csrf token from form
-        .securityIn(formBody[Map[String, String]])
-        .out(csrfCookie)
-        .errorOut(statusCode(StatusCode.Unauthorized))
-        .serverSecurityLogicWithOutput {
-          case (
-                csrfTokenFromCookie,
-                method,
-                submittedCsrfTokenFromHeader,
-                submittedCsrfTokenFromForm
-              ) =>
-            Future.successful(
-              hmacTokenCsrfProtectionLogic(
-                method,
-                csrfTokenFromCookie,
-                if (checkHeaderAndForm)
-                  submittedCsrfTokenFromHeader.fold(
-                    submittedCsrfTokenFromForm.get(manager.config.csrfSubmittedName)
-                  )(Option(_))
-                else
-                  submittedCsrfTokenFromHeader
-              )
-            )
-        }
-    partial.endpoint
-      .prependSecurityIn(body.securityInput)
-      .out(body.securityOutput)
-      .out(partial.securityOutput)
-      .serverSecurityLogicWithOutput {
-        case (
-              securityInput,
-              csrfTokenFromCookie,
-              method,
-              submittedCsrfTokenFromHeader,
-              submittedCsrfTokenFromForm
-            ) =>
-          partial
-            .securityLogic(new FutureMonad())(
-              (
-                csrfTokenFromCookie,
-                method,
-                submittedCsrfTokenFromHeader,
-                submittedCsrfTokenFromForm
-              )
-            )
-            .flatMap {
-              case Left(l) => Future.successful(Left(l))
-              case Right(r) =>
-                body.securityLogic(new FutureMonad())(securityInput).map {
-                  case Left(l2) => Left(l2)
-                  case Right(r2) =>
-                    Right(((r2._1, r._1), r2._2))
-                }
-            }
-      }
-  }
+  ] =
+    checkMode.hmacTokenCsrfProtection {
+      body
+    }
 
-  def csrfTokenFromCookie(): Endpoint[Option[String], Unit, Unit, Unit, Any] =
-    endpoint
-      // extract csrf token from cookie
-      .securityIn(submittedCsrfCookie)
+  def csrfCookie[T](
+    checkMode: TapirCsrfCheckMode[T]
+  ): EndpointIO.Header[Option[CookieValueWithMeta]] =
+    checkMode.csrfCookie
 
-}
+  def csrfTokenFromCookie[T](
+    checkMode: TapirCsrfCheckMode[T]
+  ): Endpoint[Option[String], Unit, Unit, Unit, Any] =
+    checkMode.csrfTokenFromCookie()
 
-sealed trait CsrfCheck {
-  def checkHeaderAndForm: Boolean
+  def setNewCsrfToken[T](
+    checkMode: TapirCsrfCheckMode[T]
+  ): CookieWithMeta =
+    checkMode.setNewCsrfToken()
 }
 
-trait CsrfCheckHeader extends CsrfCheck {
-  val checkHeaderAndForm: Boolean = false
+object CsrfEndpoints extends CsrfEndpoints
+
+object TapirCsrfOptions {
+  def checkHeader[T](implicit manager: SessionManager[T], ec: ExecutionContext) =
+    new TapirCsrfCheckHeader[T]()
+  def checkHeaderAndForm[T](implicit manager: SessionManager[T], ec: ExecutionContext) =
+    new TapirCsrfCheckHeaderAndForm[T]()
 }
 
-trait CsrfCheckHeaderAndForm extends CsrfCheck {
-  val checkHeaderAndForm: Boolean = true
+sealed trait TapirCsrfCheckMode[T] extends TapirCsrf[T] {
+  def manager: SessionManager[T]
+  def ec: ExecutionContext
+  def csrfManager: CsrfManager[T] = manager.csrfManager
 }
+
+class TapirCsrfCheckHeader[T](implicit val manager: SessionManager[T], val ec: ExecutionContext)
+    extends TapirCsrfCheckMode[T]
+    with CsrfCheckHeader
+
+class TapirCsrfCheckHeaderAndForm[T](implicit
+  val manager: SessionManager[T],
+  val ec: ExecutionContext
+) extends TapirCsrfCheckMode[T]
+    with CsrfCheckHeaderAndForm

session/core/src/main/scala/com/softwaremill/session/OneOffSessionEndpoints.scala renamed to session/core/src/main/scala/com/softwaremill/session/OneOffTapirSession.scala

@@ -9,8 +9,8 @@ import sttp.tapir.{cookie, header, _}
 
 import scala.concurrent.{ExecutionContext, Future}
 
-private[session] trait OneOffSessionEndpoints[T] {
-  import AkkaToTapirImplicits._
+private[session] trait OneOffTapirSession[T] {
+  import TapirImplicits._
 
   implicit def manager: SessionManager[T]
 

session/core/src/main/scala/com/softwaremill/session/RefreshableSessionEndpoints.scala renamed to session/core/src/main/scala/com/softwaremill/session/RefreshableTapirSession.scala

@@ -12,9 +12,9 @@ import scala.concurrent.{ExecutionContext, Future}
 import scala.language.implicitConversions
 import scala.util.{Failure, Success}
 
-private[session] trait RefreshableSessionEndpoints[T] extends Completion {
-  this: OneOffSessionEndpoints[T] =>
-  import com.softwaremill.session.AkkaToTapirImplicits._
+private[session] trait RefreshableTapirSession[T] extends Completion {
+  this: OneOffTapirSession[T] =>
+  import com.softwaremill.session.TapirImplicits._
 
   implicit def refreshTokenStorage: RefreshTokenStorage[T]
 

session/core/src/main/scala/com/softwaremill/session/TapirSession.scala renamed to session/core/src/main/scala/com/softwaremill/session/SessionEndpoints.scala

@@ -5,7 +5,7 @@ import sttp.tapir.server.PartialServerEndpointWithSecurityOutput
 
 import scala.concurrent.{ExecutionContext, Future}
 
-trait TapirSession {
+trait SessionEndpoints {
 
   /** Set the session cookie with the session content. The content is signed, optionally encrypted
     * and with an optional expiry date.
@@ -14,7 +14,7 @@ trait TapirSession {
     * cookie.
     */
   def setSession[T, INPUT](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: SetSessionTransport
   )(endpoint: => Endpoint[INPUT, Unit, Unit, Unit, Any])(implicit
     f: INPUT => Option[T]
@@ -29,7 +29,7 @@ trait TapirSession {
     * If refreshable, tries to create a new session based on the refresh token cookie.
     */
   def session[T](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: GetSessionTransport,
     required: Option[Boolean]
   ): PartialServerEndpointWithSecurityOutput[Seq[Option[String]], SessionResult[T], Unit, Unit, Seq[
@@ -46,7 +46,7 @@ trait TapirSession {
     * users.
     */
   def invalidateSession[T, SECURITY_INPUT, PRINCIPAL](
-    sc: SessionContinuityEndpoints[T]
+    sc: TapirSessionContinuity[T]
   )(
     body: => PartialServerEndpointWithSecurityOutput[
       SECURITY_INPUT,
@@ -73,7 +73,7 @@ trait TapirSession {
   /** Read an optional session from the session cookie.
     */
   def optionalSession[T](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: GetSessionTransport
   ): PartialServerEndpointWithSecurityOutput[Seq[Option[String]], Option[T], Unit, Unit, Seq[
     Option[String]
@@ -83,15 +83,15 @@ trait TapirSession {
   /** Read a required session from the session cookie.
     */
   def requiredSession[T](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: GetSessionTransport
   ): PartialServerEndpointWithSecurityOutput[Seq[Option[String]], T, Unit, Unit, Seq[
     Option[String]
   ], Unit, Any, Future] =
     sc.requiredSession(st)
 
   def touchSession[T](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: GetSessionTransport,
     required: Option[Boolean]
   ): PartialServerEndpointWithSecurityOutput[Seq[Option[String]], SessionResult[T], Unit, Unit, Seq[
@@ -103,7 +103,7 @@ trait TapirSession {
     * [[SessionConfig.sessionMaxAgeSeconds]] option, as it sets the expiry date anew.
     */
   def touchOptionalSession[T](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: GetSessionTransport
   ): PartialServerEndpointWithSecurityOutput[Seq[Option[String]], Option[T], Unit, Unit, Seq[
     Option[String]
@@ -115,7 +115,7 @@ trait TapirSession {
     * [[SessionConfig.sessionMaxAgeSeconds]] option, as it sets the expiry date anew.
     */
   def touchRequiredSession[T](
-    sc: SessionContinuityEndpoints[T],
+    sc: TapirSessionContinuity[T],
     st: GetSessionTransport
   ): PartialServerEndpointWithSecurityOutput[Seq[Option[String]], T, Unit, Unit, Seq[
     Option[String]
@@ -137,15 +137,15 @@ object TapirSessionOptions {
 }
 
 class OneOffTapir[T](implicit val manager: SessionManager[T], val ec: ExecutionContext)
-    extends OneOffSessionContinuity[T]
-    with OneOffSessionEndpoints[T]
+    extends OneOffTapirSessionContinuity[T]
+    with OneOffTapirSession[T]
 
 class RefreshableTapir[T](implicit
   val manager: SessionManager[T],
   val refreshTokenStorage: RefreshTokenStorage[T],
   val ec: ExecutionContext
-) extends RefreshableSessionContinuity[T]
-    with RefreshableSessionEndpoints[T]
-    with OneOffSessionEndpoints[T]
+) extends RefreshableTapirSessionContinuity[T]
+    with RefreshableTapirSession[T]
+    with OneOffTapirSession[T]
 
-object TapirSession extends TapirSession {}
+object SessionEndpoints extends SessionEndpoints {}