Merge pull request #18 from thekid/feature/redis

Use Redis for sessions in production
thekid · Jun 17, 2022 · 5bb906a · 5bb906a
2 parents bbb89f8 + 72191c2
commit 5bb906a
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,7 @@ Export environment:
 
 ```sh
 $ export CAS_DB_PASS=... # The one you used when creating the database user above
+$ export REDIS_PASS=...  # Sessions use filesystem during development, redis only in prod
 $ export CRYPTO_KEY=...  # Must have 32 characters, generate with `openssl rand -base64 24`
 ```
 
@@ -55,6 +56,7 @@ You can also put these variables into a file named **credentials**, if you wish:
 $ cat > credentials
 CAS_DB_PASS=...
 CRYPTO_KEY=...
+REDIS_PASS=...
 ```
 
 Running

diff --git a/composer.json b/composer.json
@@ -17,6 +17,7 @@
     "xp-forge/credentials": "^2.0",
     "xp-forge/google-authenticator": "^5.0",
     "xp-forge/mongodb": "^1.3",
+    "xp-forge/redis-sessions": "^1.1",
     "xp-lang/php-compact-methods": "^1.0",
     "xp-lang/xp-records": "^2.0",
     "xp-lang/xp-static": "^0.3",

diff --git a/src/main/etc/mongo/inject.ini b/src/main/etc/mongo/inject.ini
@@ -1,4 +1,4 @@
 de.thekid.cas.Persistence=de.thekid.cas.InMongoDB("mongodb://cas:${secret.cas_db_pass}@localhost", "cas")
-
+string[redis]=redis://${secret.redis_pass}@localhost
 string[services]=https?://thekid.de|http://localhost:3000
 string[secret]=${secret.crypto_key}
diff --git a/src/main/etc/sql/inject.ini b/src/main/etc/sql/inject.ini
@@ -1,4 +1,4 @@
 de.thekid.cas.Persistence=de.thekid.cas.InDatabase("mysql://cas:${secret.cas_db_pass}@localhost/IDENTITIES")
-
+string[redis]=redis://${secret.redis_pass}@localhost
 string[services]=https?://thekid.de|http://localhost:3000
 string[secret]=${secret.crypto_key}
diff --git a/src/main/php/de/thekid/cas/Frontend.php b/src/main/php/de/thekid/cas/Frontend.php
@@ -2,7 +2,7 @@
 
 use inject\Bindings;
 use lang\Environment;
-use web\session\{Sessions, InFileSystem};
+use web\session\{Sessions, InFileSystem, InRedis};
 
 /** Sessioning and templates */
 class Frontend extends Bindings {
@@ -12,11 +12,16 @@ public function __construct(private string $templates, private bool $dev) { }
   /** @param inject.Injector */
   public function configure($inject) {
 
-    // Allow session cookies to be sent via `http` during development
-    $sessions= new InFileSystem(Environment::tempDir())->named('auth');
-    $sessions->cookies()->insecure($this->dev);
+    // Use file system for sessions and allow session cookies to be sent via
+    // `http` during development, use Redis otherwise to be able to cluster
+    if ($this->dev) {
+      $sessions= new InFileSystem(Environment::tempDir());
+      $sessions->cookies()->insecure(true);
+    } else {
+      $sessions= new InRedis($inject->get('string', 'redis'));
+    }
 
-    $inject->bind(Sessions::class, $sessions);
+    $inject->bind(Sessions::class, $sessions->named('auth'));
     $inject->bind(Templating::class, new TemplateEngine($this->templates));
   }
 }