Persist sessions using a consistent session secret and memcached

Fixes #79
2017-12-23 14:38:50 -08:00 · 2017-12-23 14:38:50 -08:00 · 452e81c0d2
parent 018b7a0828
commit 452e81c0d2
4 changed files with 58 additions and 8 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -2,6 +2,18 @@
 version: '3'
 services:
  webapp:
-    image: 'rtyler/codevalet-webapp:latest'
+    image: 'codevalet/webapp:latest'
    ports:
      - 9292:9292
+    links:
+      - cache
+    environment:
+      - USE_MEMCACHED=true
+      - SESSION_SECRET=fiddlesticks
+      - WARDEN_GITHUB_VERIFIER_SECRET=fiddlesticks
+
+  cache:
+    image: 'memcached:alpine'
+    command: '-v'
+    ports:
+      - 11211:11211
--- a/webapp/Gemfile
+++ b/webapp/Gemfile
@ -1,12 +1,28 @@
 source 'https://rubygems.org'

+# Web framework, yey
 gem 'sinatra'
-gem 'haml'
-gem 'warden-github'
-gem 'kramdown'
-gem 'sentry-raven'
+
+# The actual webserver
 gem 'puma'

+# For rendering all the views
+gem 'haml'
+
+# Provides some semblance of github-based authentication and authorization
+# within the rack app
+gem 'warden-github'
+
+# Responsible for markdown parsing in the webapp views
+gem 'kramdown'
+
+# Send exceptions into Sentry from the app
+gem 'sentry-raven'
+
+# For memcached access
+gem 'dalli'
+gem 'rack-cache'
+
 group :test do
  gem 'rspec'
 end
--- a/webapp/Gemfile.lock
+++ b/webapp/Gemfile.lock
@ -9,6 +9,7 @@ GEM
    addressable (2.5.1)
      public_suffix (~> 2.0, >= 2.0.2)
    concurrent-ruby (1.0.5)
+    dalli (2.7.6)
    diff-lcs (1.3)
    faraday (0.12.2)
      multipart-post (>= 1.2, < 3)
@ -25,6 +26,8 @@ GEM
    public_suffix (2.0.5)
    puma (3.10.0)
    rack (2.0.3)
+    rack-cache (1.7.1)
+      rack (>= 0.4)
    rack-protection (2.0.0)
      rack
    rspec (3.6.0)
@ -66,13 +69,15 @@ PLATFORMS
  ruby

 DEPENDENCIES
+  dalli
  haml
  kramdown
  puma
+  rack-cache
  rspec
  sentry-raven
  sinatra
  warden-github

 BUNDLED WITH
-   1.15.3
+   1.16.0
--- a/webapp/app.rb
+++ b/webapp/app.rb
@ -1,9 +1,13 @@
 #!/usr/bin/env ruby

+require 'securerandom'
+require 'yaml'
+
+require 'dalli'
 require 'haml'
+require 'rack/session/dalli'
 require 'sinatra/base'
 require 'warden/github'
-require 'yaml'

 Haml::TempleEngine.disable_option_validator!

@ -24,11 +28,24 @@ module CodeValet
    include Warden::GitHub::SSO

    enable  :sessions
+    set :session_secret, ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) }
+
    enable  :raise_errors
-    disable :show_exceptions
+
+    if ENV['PRODUCTION']
+      disable :show_exceptions
+    end

    set :public_folder, File.dirname(__FILE__) + '/assets'

+    configure do
+      if ENV['PRODUCTION'] || ENV['USE_MEMCACHED']
+        use Rack::Session::Dalli,
+          :namespace => 'webapp.sessions',
+          :cache => Dalli::Client.new(ENV.fetch('MEMCACHED_SERVER') { 'cache:11211' })
+      end
+    end
+
    use Warden::Manager do |config|
      config.failure_app = AuthFailre
      config.default_strategies :github