first commit

system/Session/Handlers/RedisHandler.php

@@ -0,0 +1,405 @@
+<?php
+
+/**
+ * This file is part of the CodeIgniter 4 framework.
+ *
+ * (c) CodeIgniter Foundation <admin@codeigniter.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CodeIgniter\Session\Handlers;
+
+use CodeIgniter\Session\Exceptions\SessionException;
+use Config\App as AppConfig;
+use Exception;
+use Redis;
+use RedisException;
+
+/**
+ * Session handler using Redis for persistence
+ */
+class RedisHandler extends BaseHandler
+{
+	/**
+	 * phpRedis instance
+	 *
+	 * @var Redis|null
+	 */
+	protected $redis;
+
+	/**
+	 * Key prefix
+	 *
+	 * @var string
+	 */
+	protected $keyPrefix = 'ci_session:';
+
+	/**
+	 * Lock key
+	 *
+	 * @var string|null
+	 */
+	protected $lockKey;
+
+	/**
+	 * Key exists flag
+	 *
+	 * @var boolean
+	 */
+	protected $keyExists = false;
+
+	/**
+	 * Number of seconds until the session ends.
+	 *
+	 * @var integer
+	 */
+	protected $sessionExpiration = 7200;
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Constructor
+	 *
+	 * @param AppConfig $config
+	 * @param string    $ipAddress
+	 *
+	 * @throws Exception
+	 */
+	public function __construct(AppConfig $config, string $ipAddress)
+	{
+		parent::__construct($config, $ipAddress);
+
+		if (empty($this->savePath))
+		{
+			throw SessionException::forEmptySavepath();
+		}
+
+		if (preg_match('#(?:tcp://)?([^:?]+)(?:\:(\d+))?(\?.+)?#', $this->savePath, $matches))
+		{
+			if (! isset($matches[3]))
+			{
+				$matches[3] = '';
+			} // Just to avoid undefined index notices below
+
+			$this->savePath = [
+				'host'     => $matches[1],
+				'port'     => empty($matches[2]) ? null : $matches[2],
+				'password' => preg_match('#auth=([^\s&]+)#', $matches[3], $match) ? $match[1] : null,
+				'database' => preg_match('#database=(\d+)#', $matches[3], $match) ? (int) $match[1] : null,
+				'timeout'  => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : null,
+			];
+
+			preg_match('#prefix=([^\s&]+)#', $matches[3], $match) && $this->keyPrefix = $match[1];
+		}
+		else
+		{
+			throw SessionException::forInvalidSavePathFormat($this->savePath);
+		}
+
+		if ($this->matchIP === true)
+		{
+			$this->keyPrefix .= $this->ipAddress . ':';
+		}
+
+		$this->sessionExpiration = empty($config->sessionExpiration)
+			? (int) ini_get('session.gc_maxlifetime')
+			: (int) $config->sessionExpiration;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Open
+	 *
+	 * Sanitizes save_path and initializes connection.
+	 *
+	 * @param  string $savePath Server path
+	 * @param  string $name     Session cookie name, unused
+	 * @return boolean
+	 */
+	public function open($savePath, $name): bool
+	{
+		if (empty($this->savePath))
+		{
+			return false;
+		}
+
+		$redis = new Redis();
+
+		if (! $redis->connect($this->savePath['host'], $this->savePath['port'], $this->savePath['timeout']))
+		{
+			$this->logger->error('Session: Unable to connect to Redis with the configured settings.');
+		}
+		elseif (isset($this->savePath['password']) && ! $redis->auth($this->savePath['password']))
+		{
+			$this->logger->error('Session: Unable to authenticate to Redis instance.');
+		}
+		elseif (isset($this->savePath['database']) && ! $redis->select($this->savePath['database']))
+		{
+			$this->logger->error('Session: Unable to select Redis database with index ' . $this->savePath['database']);
+		}
+		else
+		{
+			$this->redis = $redis;
+			return true;
+		}
+
+		return false;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Read
+	 *
+	 * Reads session data and acquires a lock
+	 *
+	 * @param string $sessionID Session ID
+	 *
+	 * @return string	Serialized session data
+	 */
+	public function read($sessionID): string
+	{
+		if (isset($this->redis) && $this->lockSession($sessionID))
+		{
+			// Needed by write() to detect session_regenerate_id() calls
+			if (is_null($this->sessionID)) // @phpstan-ignore-line
+			{
+				$this->sessionID = $sessionID;
+			}
+
+			$sessionData                               = $this->redis->get($this->keyPrefix . $sessionID);
+			is_string($sessionData) ? $this->keyExists = true : $sessionData = '';
+
+			$this->fingerprint = md5($sessionData);
+
+			return $sessionData;
+		}
+
+		return '';
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Write
+	 *
+	 * Writes (create / update) session data
+	 *
+	 * @param string $sessionID   Session ID
+	 * @param string $sessionData Serialized session data
+	 *
+	 * @return boolean
+	 */
+	public function write($sessionID, $sessionData): bool
+	{
+		if (! isset($this->redis))
+		{
+			return false;
+		}
+
+		// Was the ID regenerated?
+		if ($sessionID !== $this->sessionID)
+		{
+			if (! $this->releaseLock() || ! $this->lockSession($sessionID))
+			{
+				return false;
+			}
+
+			$this->keyExists = false;
+			$this->sessionID = $sessionID;
+		}
+
+		if (isset($this->lockKey))
+		{
+			$this->redis->expire($this->lockKey, 300);
+
+			if ($this->fingerprint !== ($fingerprint = md5($sessionData)) || $this->keyExists === false)
+			{
+				if ($this->redis->set($this->keyPrefix . $sessionID, $sessionData, $this->sessionExpiration))
+				{
+					$this->fingerprint = $fingerprint;
+					$this->keyExists   = true;
+					return true;
+				}
+
+				return false;
+			}
+
+			return $this->redis->expire($this->keyPrefix . $sessionID, $this->sessionExpiration);
+		}
+
+		return false;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Close
+	 *
+	 * Releases locks and closes connection.
+	 *
+	 * @return boolean
+	 */
+	public function close(): bool
+	{
+		if (isset($this->redis))
+		{
+			try
+			{
+				$pingReply = $this->redis->ping();
+				// @phpstan-ignore-next-line
+				if (($pingReply === true) || ($pingReply === '+PONG'))
+				{
+					isset($this->lockKey) && $this->redis->del($this->lockKey);
+
+					if (! $this->redis->close())
+					{
+						return false;
+					}
+				}
+			}
+			catch (RedisException $e)
+			{
+				$this->logger->error('Session: Got RedisException on close(): ' . $e->getMessage());
+			}
+
+			$this->redis = null;
+
+			return true;
+		}
+
+		return true;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Destroy
+	 *
+	 * Destroys the current session.
+	 *
+	 * @param string $sessionID
+	 *
+	 * @return boolean
+	 */
+	public function destroy($sessionID): bool
+	{
+		if (isset($this->redis, $this->lockKey))
+		{
+			if (($result = $this->redis->del($this->keyPrefix . $sessionID)) !== 1)
+			{
+				$this->logger->debug('Session: Redis::del() expected to return 1, got ' . var_export($result, true) . ' instead.');
+			}
+
+			return $this->destroyCookie();
+		}
+
+		return false;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Garbage Collector
+	 *
+	 * Deletes expired sessions
+	 *
+	 * @param  integer $maxlifetime Maximum lifetime of sessions
+	 * @return boolean
+	 */
+	public function gc($maxlifetime): bool
+	{
+		// Not necessary, Redis takes care of that.
+		return true;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Get lock
+	 *
+	 * Acquires an (emulated) lock.
+	 *
+	 * @param string $sessionID Session ID
+	 *
+	 * @return boolean
+	 */
+	protected function lockSession(string $sessionID): bool
+	{
+		// PHP 7 reuses the SessionHandler object on regeneration,
+		// so we need to check here if the lock key is for the
+		// correct session ID.
+		if ($this->lockKey === $this->keyPrefix . $sessionID . ':lock')
+		{
+			return $this->redis->expire($this->lockKey, 300);
+		}
+
+		// 30 attempts to obtain a lock, in case another request already has it
+		$lockKey = $this->keyPrefix . $sessionID . ':lock';
+		$attempt = 0;
+
+		do
+		{
+			if (($ttl = $this->redis->ttl($lockKey)) > 0)
+			{
+				sleep(1);
+				continue;
+			}
+
+			if (! $this->redis->setex($lockKey, 300, (string) time()))
+			{
+				$this->logger->error('Session: Error while trying to obtain lock for ' . $this->keyPrefix . $sessionID);
+				return false;
+			}
+
+			$this->lockKey = $lockKey;
+			break;
+		}
+		while (++ $attempt < 30);
+
+		if ($attempt === 30)
+		{
+			log_message('error', 'Session: Unable to obtain lock for ' . $this->keyPrefix . $sessionID . ' after 30 attempts, aborting.');
+			return false;
+		}
+
+		if ($ttl === -1)
+		{
+			log_message('debug', 'Session: Lock for ' . $this->keyPrefix . $sessionID . ' had no TTL, overriding.');
+		}
+
+		$this->lock = true;
+		return true;
+	}
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Release lock
+	 *
+	 * Releases a previously acquired lock
+	 *
+	 * @return boolean
+	 */
+	protected function releaseLock(): bool
+	{
+		if (isset($this->redis, $this->lockKey) && $this->lock)
+		{
+			if (! $this->redis->del($this->lockKey))
+			{
+				$this->logger->error('Session: Error while trying to free lock for ' . $this->lockKey);
+				return false;
+			}
+
+			$this->lockKey = null;
+			$this->lock    = false;
+		}
+
+		return true;
+	}
+
+	//--------------------------------------------------------------------
+}