smr/src/lua/session.lua

local sql = require("lsqlite3")

local db = require("db")
local util = require("util")
local queries = require("queries")

local oldconfigure = configure
local stmnt_get_session, stmnt_insert_session, stmnt_delete_session
function configure(...)
	stmnt_get_session = assert(db.conn:prepare(queries.select_valid_sessions))
	stmnt_insert_session = assert(db.conn:prepare(queries.insert_session))
	stmnt_delete_session = assert(db.conn:prepare(queries.delete_session))
	return oldconfigure(...)
end
	
local session = {}

--[[
Retreive the name and authorid of the logged in person,
or nil+error message if not logged in
]]
function session.get(req)
	http_populate_cookies(req)
	local sessionid = http_request_cookie(req,"session")
	if sessionid == nil then
		return nil, "No session cookie passed by client"
	end
	stmnt_get_session:bind_names{
		key = sessionid
	}
	local err = util.do_sql(stmnt_get_session)
	if err ~= sql.ROW then
		return nil, "No such session by logged in users"
	end
	local data = stmnt_get_session:get_values()
	stmnt_get_session:reset()
	local author = data[1]
	local authorid = data[2]
	return author,authorid
end

--[[
Start a session for someone who logged in
]]
function session.start(who)
	local rngf = assert(io.open("/dev/urandom","rb"))
	local session_t = {}
	for i = 1,64 do
		local r = string.byte(rngf:read(1))
		local s = string.char((r % 26) + 65)
		table.insert(session_t,s)
	end
	local session = table.concat(session_t)
	rngf:close()
	stmnt_insert_session:bind_names{
		sessionid = session,
		authorid = who
	}
	local err = util.do_sql(stmnt_insert_session)
	stmnt_insert_session:reset()
	assert(err == sql.DONE)
	return session
end

--[[
End a session, log someone out
]]
function session.finish(who,sessionid)
	stmnt_delete_session:bind_names{
		authorid = who,
		sessionid = sessionid
	}
	local err = util.do_sql(stmnt_delete_session)
	stmnt_delete_session:reset()
	assert(err == sql.DONE)
	return true

end

return session