Can use Redis to store user sessions

src/data/app_config.rs

@@ -67,6 +67,30 @@ pub struct AppConfig {
     /// to authenticate
     #[arg(long, env)]
     pub disable_local_login: bool,
+
+    /// Use Redis to store cookie sessions
+    #[arg(long, env)]
+    pub use_redis: bool,
+
+    /// Redis connection hostname
+    #[clap(long, env, default_value = "localhost")]
+    redis_hostname: String,
+
+    /// Redis connection port
+    #[clap(long, env, default_value_t = 6379)]
+    redis_port: u16,
+
+    /// Redis database number
+    #[clap(long, env, default_value_t = 0)]
+    redis_db_number: i64,
+
+    /// Redis username
+    #[clap(long, env)]
+    redis_username: Option<String>,
+
+    /// Redis password
+    #[clap(long, env, default_value = "secretredis")]
+    redis_password: String,
 }
 
 lazy_static::lazy_static! {
@@ -137,6 +161,21 @@ impl AppConfig {
         let domain = self.domain_name();
         domain.split_once(':').map(|i| i.0).unwrap_or(domain)
     }
+
+    /// Get Redis connection configuration
+    pub fn redis_connection_string(&self) -> Option<String> {
+        match self.use_redis {
+            true => Some(format!(
+                "redis://{}:{}@{}:{}/{}",
+                self.redis_username.as_deref().unwrap_or(""),
+                self.redis_password,
+                self.redis_hostname,
+                self.redis_port,
+                self.redis_db_number
+            )),
+            false => None,
+        }
+    }
 }
 
 #[cfg(test)]

src/main.rs

@@ -6,7 +6,7 @@ use actix_identity::IdentityMiddleware;
 use actix_identity::config::LogoutBehavior;
 use actix_remote_ip::RemoteIPConfig;
 use actix_session::SessionMiddleware;
-use actix_session::storage::CookieSessionStore;
+use actix_session::storage::{CookieSessionStore, RedisSessionStore};
 use actix_web::cookie::{Key, SameSite};
 use actix_web::middleware::Logger;
 use actix_web::{App, HttpResponse, HttpServer, get, middleware, web};
@@ -26,6 +26,7 @@ use basic_oidc::data::provider::ProvidersManager;
 use basic_oidc::data::user::User;
 use basic_oidc::data::webauthn_manager::WebAuthManager;
 use basic_oidc::middlewares::auth_middleware::AuthMiddleware;
+use basic_oidc::middlewares::multi_session_store::MultiSessionStore;
 
 #[get("/health")]
 async fn health() -> &'static str {
@@ -69,6 +70,18 @@ async fn main() -> std::io::Result<()> {
             .expect("Failed to change default admin password!");
     }
 
+    let redis_store = match AppConfig::get().redis_connection_string() {
+        Some(s) => {
+            log::info!("Connect to Redis session store...");
+            Some(
+                RedisSessionStore::new(s)
+                    .await
+                    .expect("Failed to connect to Redis!"),
+            )
+        }
+        None => None,
+    };
+
     let users_actor = UsersActor::new(users).start();
     let bruteforce_actor = BruteForceActor::default().start();
     let providers_states_actor = ProvidersStatesActor::default().start();
@@ -91,7 +104,10 @@ async fn main() -> std::io::Result<()> {
 
     HttpServer::new(move || {
         let session_mw = SessionMiddleware::builder(
-            CookieSessionStore::default(),
+            match redis_store.clone() {
+                None => MultiSessionStore::Cookie(CookieSessionStore::default()),
+                Some(s) => MultiSessionStore::Redis(s),
+            },
             Key::from(config.token_key.as_bytes()),
         )
         .cookie_name(SESSION_COOKIE_NAME.to_string())

src/middlewares/mod.rs

@@ -1 +1,2 @@
 pub mod auth_middleware;
+pub mod multi_session_store;

src/middlewares/multi_session_store.rs

@@ -0,0 +1,63 @@
+use actix_session::storage::{
+    CookieSessionStore, LoadError, RedisSessionStore, SaveError, SessionKey, SessionStore,
+    UpdateError,
+};
+use actix_web::cookie::time::Duration;
+use jwt_simple::Error;
+use std::collections::HashMap;
+
+type SessionState = HashMap<String, String>;
+
+/// Session store multiplexer.
+///
+/// Allows to easily support different store without having a lot of duplicate code
+pub enum MultiSessionStore {
+    Cookie(CookieSessionStore),
+    Redis(RedisSessionStore),
+}
+
+impl SessionStore for MultiSessionStore {
+    async fn load(&self, session_key: &SessionKey) -> Result<Option<SessionState>, LoadError> {
+        match self {
+            MultiSessionStore::Cookie(c) => c.load(session_key).await,
+            MultiSessionStore::Redis(r) => r.load(session_key).await,
+        }
+    }
+
+    async fn save(
+        &self,
+        session_state: SessionState,
+        ttl: &Duration,
+    ) -> Result<SessionKey, SaveError> {
+        match self {
+            MultiSessionStore::Cookie(c) => c.save(session_state, ttl).await,
+            MultiSessionStore::Redis(r) => r.save(session_state, ttl).await,
+        }
+    }
+
+    async fn update(
+        &self,
+        session_key: SessionKey,
+        session_state: SessionState,
+        ttl: &Duration,
+    ) -> Result<SessionKey, UpdateError> {
+        match self {
+            MultiSessionStore::Cookie(c) => c.update(session_key, session_state, ttl).await,
+            MultiSessionStore::Redis(r) => r.update(session_key, session_state, ttl).await,
+        }
+    }
+
+    async fn update_ttl(&self, session_key: &SessionKey, ttl: &Duration) -> Result<(), Error> {
+        match self {
+            MultiSessionStore::Cookie(c) => c.update_ttl(session_key, ttl).await,
+            MultiSessionStore::Redis(r) => r.update_ttl(session_key, ttl).await,
+        }
+    }
+
+    async fn delete(&self, session_key: &SessionKey) -> Result<(), Error> {
+        match self {
+            MultiSessionStore::Cookie(c) => c.delete(session_key).await,
+            MultiSessionStore::Redis(r) => r.delete(session_key).await,
+        }
+    }
+}