simplify jwt support configuration; JWT support bug fix

greenlaw110 · greenlaw110 · commit a59aa16e9b60 · 2017-12-05T07:29:43.000+11:00
diff --git a/src/main/java/act/conf/AppConfig.java b/src/main/java/act/conf/AppConfig.java
@@ -36,10 +36,7 @@
 import act.handler.event.ResultEvent;
 import act.i18n.I18n;
 import act.security.CSRFProtector;
-import act.session.CookieSessionMapper;
-import act.session.DefaultSessionCodec;
-import act.session.HeaderTokenSessionMapper;
-import act.session.SessionCodec;
+import act.session.*;
 import act.util.*;
 import act.view.TemplatePathResolver;
 import act.view.View;
@@ -119,9 +116,13 @@ public AppConfig<T> app(App app) {
     }
 
     public void preloadConfigurations() {
+        // ensure JWT get evaluated first to set
+        // default value for dependency settings
+        jwt();
+
         for (Method method : AppConfig.class.getDeclaredMethods()) {
             boolean isPublic = Modifier.isPublic(method.getModifiers());
-            if (isPublic && 0 == method.getParameterTypes().length && void.class != method.getReturnType() && Void.class != method.getReturnType()) {
+            if (isPublic && 0 == method.getParameterTypes().length && !"preloadConfigurations".equals(method.getName())) {
                 $.invokeVirtual(this, method);
             }
         }
@@ -934,6 +935,37 @@ private void _mergeI18nEnabled(AppConfig conf) {
             i18nEnabled = conf.i18nEnabled;
         }
     }
+
+    private Boolean jwt;
+    protected T jwt(boolean enabled) {
+        jwt = enabled;
+        return me();
+    }
+    public boolean jwt() {
+        if (null == jwt) {
+            jwt = get(JWT, false);
+            if (jwt) {
+                if (!hasConfiguration(SESSION_HEADER)) {
+                    sessionHeader("Authorization");
+                }
+                if (!hasConfiguration(SESSION_HEADER_PAYLOAD_PREFIX)) {
+                    sessionHeaderPayloadPrefix("Bearer ");
+                }
+                if (!hasConfiguration(SESSION_MAPPER)) {
+                    sessionMapper(new HeaderTokenSessionMapper(this));
+                }
+                if (!hasConfiguration(SESSION_CODEC)) {
+                    sessionCodec(new JsonWebTokenSessionCodec(this));
+                }
+            }
+        }
+        return jwt;
+    }
+    private void _mergeJWT(AppConfig config) {
+        if (!hasConfiguration(JWT)) {
+            jwt = config.jwt;
+        }
+    }
     
     private String localeParamName;
     protected T localeParamName(String name) {
@@ -1963,9 +1995,8 @@ private void _mergeSessionEncrpt(AppConfig config) {
 
     private act.session.SessionMapper sessionMapper = null;
 
-    protected T sessionMapper(act.session.SessionMapper sessionMapper) {
+    protected void sessionMapper(act.session.SessionMapper sessionMapper) {
         this.sessionMapper = sessionMapper;
-        return me();
     }
 
     public act.session.SessionMapper sessionMapper() {
@@ -1983,9 +2014,8 @@ private void _mergeSessionMapper(AppConfig config) {
 
     private SessionCodec sessionCodec = null;
 
-    protected T sessionCodec(SessionCodec codec) {
+    protected void sessionCodec(SessionCodec codec) {
         this.sessionCodec = $.notNull(codec);
-        return me();
     }
 
     public SessionCodec sessionCodec() {
@@ -2001,6 +2031,25 @@ private void _mergeSessionCodec(AppConfig config) {
         }
     }
 
+    private String sessionHeader;
+    private boolean sessionHeaderSet;
+    protected void sessionHeader(String header) {
+        this.sessionHeader = header;
+        this.sessionHeaderSet = true;
+    }
+    public String sessionHeader() {
+        if (!sessionHeaderSet) {
+            sessionHeader = get(SESSION_HEADER, null);
+            sessionHeaderSet = true;
+        }
+        return sessionHeader;
+    }
+    private void _mergeSessionHeader(AppConfig conf) {
+        if (!hasConfiguration(SESSION_HEADER)) {
+            sessionHeader = conf.sessionHeader;
+            sessionHeaderSet = conf.sessionHeaderSet;
+        }
+    }
 
     private String sessionHeaderPrefix;
     protected T sessionHeaderPrefix(String prefix) {
@@ -2015,9 +2064,8 @@ public String sessionHeaderPrefix() {
     }
 
     private String sessionHeaderPayloadPrefix = null;
-    protected T sessionHeaderPayloadPrefix(String prefix) {
+    protected void sessionHeaderPayloadPrefix(String prefix) {
         this.sessionHeaderPayloadPrefix = prefix;
-        return me();
     }
     public String sessionHeaderPayloadPrefix() {
         if (null == sessionHeaderPayloadPrefix) {
diff --git a/src/main/java/act/conf/AppConfigKey.java b/src/main/java/act/conf/AppConfigKey.java
@@ -567,6 +567,19 @@ public enum AppConfigKey implements ConfigKey {
      */
     JOB_POOL_SIZE("job.pool.size"),
 
+    /**
+     * `jwt.enabled`, toggle JWT (JSON Web Token) support.
+     *
+     * Enable this configuration has the same effect of setting
+     *
+     * * {@link #SESSION_CODEC} - {@link act.session.JsonWebTokenSessionCodec}
+     * * {@link #SESSION_HEADER_PAYLOAD_PREFIX} - `Bearer `
+     * * {@link #SESSION_HEADER} - `Authorization`
+     *
+     * Default value: `false`
+     */
+    JWT("jwt.enabled"),
+
     /**
      * {@code act.locale} specifies the application default locale
      * <p>Default value: {@link java.util.Locale#getDefault}</p>
@@ -795,6 +808,19 @@ public <T> T val(Map<String, ?> configuration) {
     @Deprecated
     SESSION_MAPPER_HEADER_PREFIX("session.mapper.header.prefix"),
 
+    /**
+     * `session.header` - specify the session header name.
+     *
+     * Effective only when {@link act.session.SessionMapper} is
+     * {@link act.session.HeaderTokenSessionMapper}.
+     *
+     * If this configuration is set then {@link #SESSION_HEADER_PREFIX}
+     * is ignored for session header name.
+     *
+     * Default value: `null`
+     */
+    SESSION_HEADER("session.header"),
+
     /**
      * `session.header.prefix`, specify the prefix of session
      * header.
@@ -803,6 +829,11 @@ public <T> T val(Map<String, ?> configuration) {
      * to {@link act.session.HeaderTokenSessionMapper} or any
      * compound session mapper that support it.
      *
+     * If {@link #SESSION_HEADER} is not set, then header name of
+     * session token is `${session.header.prefix}-Session`.
+     *
+     * The flash header name is always `${flash.header.prefix}-Flash`.
+     *
      * Default value: {@link act.session.HeaderTokenSessionMapper#DEF_HEADER_PREFIX}
      */
     SESSION_HEADER_PREFIX("session.header.prefix"),
diff --git a/src/main/java/act/session/DefaultSessionCodec.java b/src/main/java/act/session/DefaultSessionCodec.java
@@ -51,7 +51,7 @@ public class DefaultSessionCodec extends DestroyableBase implements SessionCodec
     @Inject
     public DefaultSessionCodec(AppConfig conf) {
         app = conf.app();
-        ttl = conf.sessionTtl();
+        ttl = conf.sessionTtl() * 1000;
         sessionWillExpire = ttl > 0;
         pingPath = conf .pingPath();
         encryptSession = conf.encryptSession();
diff --git a/src/main/java/act/session/HeaderTokenSessionMapper.java b/src/main/java/act/session/HeaderTokenSessionMapper.java
@@ -44,7 +44,10 @@ public class HeaderTokenSessionMapper implements SessionMapper {
     public HeaderTokenSessionMapper(AppConfig config) {
         String prefix = config.sessionHeaderPrefix();
         String headerPrefix = S.blank(prefix) ? DEF_HEADER_PREFIX : prefix;
-        sessionHeader = S.pathConcat(headerPrefix, '-', "Session");
+        sessionHeader = config.sessionHeader();
+        if (null == sessionHeader) {
+            sessionHeader = S.pathConcat(headerPrefix, '-', "Session");
+        }
         flashHeader = S.pathConcat(headerPrefix, '-', "Flash");
         sessionPayloadPrefix = config.sessionHeaderPayloadPrefix();
         hasSessionPayloadPrefix = S.notBlank(sessionPayloadPrefix);
diff --git a/src/main/java/act/session/JsonWebTokenSessionCodec.java b/src/main/java/act/session/JsonWebTokenSessionCodec.java
@@ -40,6 +40,8 @@
 import java.util.Date;
 import java.util.Map;
 
+import static org.osgl.http.H.Session.KEY_EXPIRATION;
+
 @Singleton
 @Lazy
 public class JsonWebTokenSessionCodec implements SessionCodec {
@@ -56,18 +58,34 @@ public JsonWebTokenSessionCodec(AppConfig conf) {
         } catch (UnsupportedEncodingException e) {
             throw E.unexpected(e);
         }
-        ttl = conf.sessionTtl();
+        ttl = conf.sessionTtl() * 1000;
         sessionWillExpire = ttl > 0;
         pingPath = conf .pingPath();
     }
 
     @Override
     public String encodeSession(H.Session session) {
+        if (null == session) {
+            return null;
+        }
+        boolean sessionChanged = session.changed();
+        if (!sessionChanged && (session.empty() || !sessionWillExpire)) {
+            // Nothing changed and no cookie-expire or empty, consequently send nothing back.
+            return null;
+        }
+        session.id(); // ensure session ID is generated
+        if (sessionWillExpire && !session.contains(KEY_EXPIRATION)) {
+            // session get cleared before
+            session.put(KEY_EXPIRATION, $.ms() + ttl);
+        }
         return builder(session, JWT.create().withJWTId(session.id())).sign(algorithm);
     }
 
     @Override
     public String encodeFlash(H.Flash flash) {
+        if (null == flash || flash.isEmpty()) {
+            return null;
+        }
         return builder(flash, JWT.create()).sign(algorithm);
     }
 
@@ -123,6 +141,8 @@ private void resolveFromJwtToken(H.KV<?> state, String token, boolean isSession)
                     if (isSession) {
                         state.put(H.Session.KEY_ID, val);
                     }
+                } else if ("exp".equals(key)) {
+                    state.put(H.Session.KEY_EXPIRATION, entry.getValue().asLong());
                 } else if ("iss".equals(key)) {
                     // ignore
                 } else {
