finalize sofwaremill akka-http-session evolutions

Author: fupelaqu

build.sbt

@@ -30,7 +30,7 @@ ThisBuild / organization := "app.softnetwork"
 
 name := "generic-persistence-api"
 
-ThisBuild / version := "0.3.2.1"
+ThisBuild / version := "0.3.2.2"
 
 ThisBuild / scalaVersion := "2.12.11"
 

session/core/src/main/scala/com/softwaremill/session/Completion.scala

@@ -4,8 +4,6 @@ import scala.concurrent.{Await, Future}
 import scala.concurrent.duration.{Duration, DurationInt, FiniteDuration}
 import scala.util.{Failure, Success, Try}
 
-import scala.language.implicitConversions
-
 trait Completion {
 
   /** maximum wait time, which may be negative (no waiting is done),

session/core/src/main/scala/com/softwaremill/session/CsrfEndpoints.scala

@@ -35,12 +35,32 @@ trait CsrfEndpoints {
       body
     }
 
-  def setNewCsrfToken[T](
+  def setNewCsrfToken[T, SECURITY_INPUT, PRINCIPAL, SECURITY_OUTPUT](
     checkMode: TapirCsrfCheckMode[T]
-  ): PartialServerEndpointWithSecurityOutput[Unit, Unit, Unit, Unit, Option[
-    CookieValueWithMeta
-  ], Unit, Any, Future] =
-    checkMode.setNewCsrfToken()
+  )(
+    body: => PartialServerEndpointWithSecurityOutput[
+      SECURITY_INPUT,
+      PRINCIPAL,
+      Unit,
+      Unit,
+      SECURITY_OUTPUT,
+      Unit,
+      Any,
+      Future
+    ]
+  ): PartialServerEndpointWithSecurityOutput[
+    SECURITY_INPUT,
+    PRINCIPAL,
+    Unit,
+    Unit,
+    (SECURITY_OUTPUT, Option[CookieValueWithMeta]),
+    Unit,
+    Any,
+    Future
+  ] =
+    checkMode.setNewCsrfToken {
+      body
+    }
 }
 
 object CsrfEndpoints extends CsrfEndpoints

session/core/src/main/scala/com/softwaremill/session/SessionEndpoints.scala

@@ -23,6 +23,17 @@ trait SessionEndpoints {
   ], Unit, Unit, Seq[Option[String]], Unit, Any, Future] =
     sc.setSession(st)(endpoint)
 
+  def setSessionWithAuth[T, A](sc: TapirSessionContinuity[T], st: SetSessionTransport)(
+    auth: EndpointInput.Auth[A, EndpointInput.AuthType.Http]
+  )(implicit
+    f: A => Option[T]
+  ): PartialServerEndpointWithSecurityOutput[(A, Seq[Option[String]]), Option[T], Unit, Unit, Seq[
+    Option[String]
+  ], Unit, Any, Future] =
+    setSession(sc, st) {
+      endpoint.securityIn(auth)
+    }
+
   /** Read a session from the session cookie, wrapped in [[SessionResult]] describing the possible
     * success/failure outcomes.
     *

session/core/src/main/scala/com/softwaremill/session/TapirCsrf.scala

@@ -28,14 +28,37 @@ private[session] trait TapirCsrf[T] { _: CsrfCheck =>
       manager.config.csrfSubmittedName
     ).description("read csrf token as header")
 
-  def setNewCsrfToken(): PartialServerEndpointWithSecurityOutput[Unit, Unit, Unit, Unit, Option[
-    CookieValueWithMeta
-  ], Unit, Any, Future] =
-    endpoint
+  def setNewCsrfToken[SECURITY_INPUT, PRINCIPAL, SECURITY_OUTPUT](
+    body: => PartialServerEndpointWithSecurityOutput[
+      SECURITY_INPUT,
+      PRINCIPAL,
+      Unit,
+      Unit,
+      SECURITY_OUTPUT,
+      Unit,
+      Any,
+      Future
+    ]
+  ): PartialServerEndpointWithSecurityOutput[
+    SECURITY_INPUT,
+    PRINCIPAL,
+    Unit,
+    Unit,
+    (SECURITY_OUTPUT, Option[CookieValueWithMeta]),
+    Unit,
+    Any,
+    Future
+  ] =
+    body.endpoint
+      .out(body.securityOutput)
       .out(csrfCookie)
-      .serverSecurityLogicSuccessWithOutput[Unit, Future](_ =>
-        Future.successful((Some(manager.csrfManager.createCookie().valueWithMeta), ()))
-      )
+      .serverSecurityLogicWithOutput { inputs =>
+        body.securityLogic(new FutureMonad())(inputs).map {
+          case Left(l) => Left(l)
+          case Right(r) =>
+            Right(((r._1, Some(manager.csrfManager.createCookie().valueWithMeta)), r._2))
+        }
+      }
 
   /** Protects against CSRF attacks using a double-submit cookie. The cookie will be set on any
     * `GET` request which doesn't have the token set in the header. For all other requests, the

session/core/src/main/scala/com/softwaremill/session/TapirEndpoints.scala

@@ -2,6 +2,7 @@ package com.softwaremill.session
 
 import sttp.model.Method
 import sttp.model.headers.CookieValueWithMeta
+import sttp.tapir.{Endpoint, EndpointInput}
 import sttp.tapir.server.PartialServerEndpointWithSecurityOutput
 
 import scala.concurrent.Future
@@ -44,6 +45,33 @@ trait TapirEndpoints extends SessionEndpoints with CsrfEndpoints {
       optionalSession(sc, st)
     }
 
+  def setNewCsrfTokenWithSession[T, INPUT](
+    sc: TapirSessionContinuity[T],
+    st: SetSessionTransport,
+    checkMode: TapirCsrfCheckMode[T]
+  )(endpoint: => Endpoint[INPUT, Unit, Unit, Unit, Any])(implicit
+    f: INPUT => Option[T]
+  ): PartialServerEndpointWithSecurityOutput[(INPUT, Seq[Option[String]]), Option[
+    T
+  ], Unit, Unit, (Seq[Option[String]], Option[CookieValueWithMeta]), Unit, Any, Future] =
+    setNewCsrfToken(checkMode) {
+      setSession(sc, st) {
+        endpoint
+      }
+    }
+
+  def setNewCsrfTokenWithAuth[T, A](
+    sc: TapirSessionContinuity[T],
+    st: SetSessionTransport,
+    checkMode: TapirCsrfCheckMode[T]
+  )(auth: EndpointInput.Auth[A, EndpointInput.AuthType.Http])(implicit
+    f: A => Option[T]
+  ): PartialServerEndpointWithSecurityOutput[(A, Seq[Option[String]]), Option[
+    T
+  ], Unit, Unit, (Seq[Option[String]], Option[CookieValueWithMeta]), Unit, Any, Future] =
+    setNewCsrfToken(checkMode) {
+      setSessionWithAuth(sc, st)(auth)
+    }
 }
 
 object TapirEndpoints extends TapirEndpoints

session/core/src/main/scala/com/softwaremill/session/TapirImplicits.scala

@@ -7,7 +7,6 @@ import sttp.model.headers.Cookie.SameSite
 import sttp.model.headers.{CookieValueWithMeta, CookieWithMeta}
 
 import java.time.Instant
-import scala.language.implicitConversions
 
 object TapirImplicits {
 

session/testkit/src/main/scala/app/softnetwork/session/scalatest/SessionEndpointsRoute.scala

@@ -7,15 +7,14 @@ import app.softnetwork.session.service._
 import com.softwaremill.session.{SessionEndpoints => _, _}
 import org.softnetwork.session.model.Session
 import sttp.model.StatusCode
-import sttp.model.headers.CookieValueWithMeta
 import sttp.tapir._
 import sttp.tapir.generic.auto._
 import sttp.tapir.json.json4s.jsonBody
-import sttp.tapir.server.{PartialServerEndpointWithSecurityOutput, ServerEndpoint}
+import sttp.tapir.server.ServerEndpoint
 
 import scala.concurrent.{ExecutionContext, Future}
 
-trait SessionEndpointsRoute extends ApiEndpoint with RouteConcatenation {
+trait SessionEndpointsRoute extends TapirEndpoints with ApiEndpoint with RouteConcatenation {
 
   import Session._
 
@@ -49,29 +48,15 @@ trait SessionEndpointsRoute extends ApiEndpoint with RouteConcatenation {
   def checkMode: TapirCsrfCheckMode[Session] = sessionEndpoints.checkMode
 
   val createSessionEndpoint: ServerEndpoint[Any, Future] = {
-    import TapirImplicits._
-    sessionEndpoints
-      .setSession(sc, st) {
-        endpoint.securityIn(jsonBody[CreateSession]).description("the session to create")
-      }
-      .post
+    setNewCsrfTokenWithSession(sc, st, checkMode) {
+      endpoint.securityIn(jsonBody[CreateSession].description("the session to create"))
+    }.post
       .in("session")
-      .out(
-        setCookieOpt(sessionEndpoints.manager.config.csrfCookieConfig.name)
-          .description("set csrf token as cookie")
-      )
-      .serverLogic(_ =>
-        _ =>
-          Future.successful(
-            Right(Some(sessionEndpoints.manager.csrfManager.createCookie().valueWithMeta))
-          )
-      )
+      .serverLogicSuccess(_ => _ => Future.successful(()))
   }
 
   val retrieveSessionEndpoint: ServerEndpoint[Any, Future] =
-    sessionEndpoints
-      .antiCsrfWithRequiredSession(sc, st, checkMode)
-      .get
+    antiCsrfWithRequiredSession(sc, st, checkMode).get
       .in("session")
       .out(
         oneOf[BusinessError](
@@ -84,11 +69,9 @@ trait SessionEndpointsRoute extends ApiEndpoint with RouteConcatenation {
       .serverLogic(_ => _ => Future.successful(Right(NotFound))) // simulate an error
 
   val invalidateSessionEndpoint: ServerEndpoint[Any, Future] =
-    sessionEndpoints
-      .invalidateSession(sc, gt)(
-        sessionEndpoints.antiCsrfWithRequiredSession(sc, st, checkMode)
-      )
-      .delete
+    invalidateSession(sc, gt)(
+      antiCsrfWithRequiredSession(sc, st, checkMode)
+    ).delete
       .in("session")
       .serverLogic(_ => _ => Future.successful(Right()))