From 0cc7e029f30962f89ef3e77f201ca728a3de944c Mon Sep 17 00:00:00 2001
From: Oliver Gorwits <oliver@cpan.org>
Date: Sat, 1 Oct 2016 16:27:48 +0100
Subject: [PATCH] [#279] Web sessions use cookies instead of files on disk (M.
 Johnson)

---
 Netdisco/Changes                                   | 1 +
 Netdisco/Makefile.PL                               | 1 +
 Netdisco/bin/netdisco-deploy                       | 7 +++++++
 Netdisco/bin/netdisco-web                          | 4 ++++
 Netdisco/bin/netdisco-web-fg                       | 3 ---
 Netdisco/lib/App/Netdisco/Manual/Configuration.pod | 6 +++---
 Netdisco/lib/App/Netdisco/Web.pm                   | 7 +++++++
 Netdisco/share/config.yml                          | 3 ++-
 8 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/Netdisco/Changes b/Netdisco/Changes
index 5df8415f..97906c53 100644
--- a/Netdisco/Changes
+++ b/Netdisco/Changes
@@ -5,6 +5,7 @@
   * systemd deployment guide
   * document env var for https reverse proxy (B. Marshall)
   * FreeBSD sshcollector support (H. Teulahti)
+  * [#279] Web sessions use cookies instead of files on disk (M. Johnson)
 
   [BUG FIXES]
 
diff --git a/Netdisco/Makefile.PL b/Netdisco/Makefile.PL
index 2384ed76..c33154ba 100644
--- a/Netdisco/Makefile.PL
+++ b/Netdisco/Makefile.PL
@@ -23,6 +23,7 @@ requires 'Dancer' => '1.3132';
 requires 'Dancer::Plugin::DBIC' => 0.2001;
 requires 'Dancer::Plugin::Auth::Extensible' => 0.30;
 requires 'Dancer::Plugin::Passphrase' => '2.0.1';
+requires 'Dancer::Session::Cookie' => '0.27';
 requires 'File::ShareDir' => 1.03;
 requires 'File::Slurp' => 9999.19;
 requires 'Guard' => 1.022;
diff --git a/Netdisco/bin/netdisco-deploy b/Netdisco/bin/netdisco-deploy
index 67101f5b..b044cd4b 100755
--- a/Netdisco/bin/netdisco-deploy
+++ b/Netdisco/bin/netdisco-deploy
@@ -125,6 +125,7 @@ sub _make_password {
   }
 }
 
+# set up initial admin user
 my $users = schema('netdisco')->resultset('User');
 if ($users->search({-bool => 'admin'})->count == 0) {
     say '';
@@ -149,6 +150,12 @@ if ($users->search({-bool => 'admin'})->count == 0) {
     print color 'reset';
 }
 
+# set initial dancer web session cookie key
+schema('netdisco')->resultset('Session')->find_or_create(
+  {id => 'dancer_session_cookie_key', a_session => \'md5(random()::text)'},
+  {key => 'primary'},
+);
+
 say '';
 $bool = $term->ask_yn(
   prompt => 'Download and update vendor MAC prefixes (OUI data)?', default => 'n',
diff --git a/Netdisco/bin/netdisco-web b/Netdisco/bin/netdisco-web
index e84a20ac..251dcb81 100755
--- a/Netdisco/bin/netdisco-web
+++ b/Netdisco/bin/netdisco-web
@@ -70,6 +70,10 @@ foreach my $file ($pid_file, $log_file) {
     chown $uid, $gid, $file;
 }
 
+# clean old web sessions
+my $sdir = dir($home, 'netdisco-web-sessions')->stringify;
+unlink glob file($sdir, '*');
+
 Daemon::Control->new({
   name => 'Netdisco Web',
   program  => \&restarter,
diff --git a/Netdisco/bin/netdisco-web-fg b/Netdisco/bin/netdisco-web-fg
index 14c6d656..220b6c0d 100755
--- a/Netdisco/bin/netdisco-web-fg
+++ b/Netdisco/bin/netdisco-web-fg
@@ -27,9 +27,6 @@ use App::Netdisco;
 use Dancer;
 warning sprintf "App::Netdisco %s web", ($App::Netdisco::VERSION || 'HEAD');
 
-my $home = ($ENV{NETDISCO_HOME} || $ENV{HOME});
-set(session_dir => dir($home, 'netdisco-web-sessions')->stringify);
-
 set plack_middlewares => [
   ['Plack::Middleware::ReverseProxy'],
   [ Expires => (
diff --git a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
index aaf8727b..da0dc9c6 100644
--- a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
+++ b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
@@ -1217,10 +1217,10 @@ you're doing.
 
 =head3 C<session>
 
-Value: String. Default: C<YAML>.
+Value: String. Default: C<cookie>.
 
-How to handle web sessions. Default is to store on disk so they can be shared
-between multiple web server processes (although it's slower).
+How to handle web sessions. Default is to store in an encrypted cookie
+using a key stored in the database by C<netdisco-deploy>.
 
 =head3 C<template>
 
diff --git a/Netdisco/lib/App/Netdisco/Web.pm b/Netdisco/lib/App/Netdisco/Web.pm
index 07c403c2..f2c63592 100644
--- a/Netdisco/lib/App/Netdisco/Web.pm
+++ b/Netdisco/lib/App/Netdisco/Web.pm
@@ -56,6 +56,13 @@ if (setting('extra_web_plugins') and ref [] eq ref setting('extra_web_plugins'))
 push @{ config->{engines}->{netdisco_template_toolkit}->{INCLUDE_PATH} },
      setting('views');
 
+# load cookie key from database
+setting('session_cookie_key' => undef);
+my $sessions = schema('netdisco')->resultset('Session');
+my $skey = $sessions->find({id => 'dancer_session_cookie_key'});
+setting('session_cookie_key' => $skey->get_column('a_session')) if $skey;
+Dancer::Session::Cookie::init(session);
+
 # workaround for https://github.com/PerlDancer/Dancer/issues/935
 hook after_error_render => sub { setting('layout' => 'main') };
 
diff --git a/Netdisco/share/config.yml b/Netdisco/share/config.yml
index 9a1c1f1b..2a87ee4e 100644
--- a/Netdisco/share/config.yml
+++ b/Netdisco/share/config.yml
@@ -308,7 +308,8 @@ plugins:
       users:
         provider: 'App::Netdisco::Web::Auth::Provider::DBIC'
         schema_name: 'netdisco'
-session: 'YAML'
+session: 'cookie'
+session_cookie_key: 'this_will_be_overridden_on_webapp_startup'
 template: 'netdisco_template_toolkit'
 route_cache: true
 appname: 'Netdisco'