mirror of
https://github.com/project-zot/zot.git
synced 2026-06-17 12:58:02 +08:00
feat(sessions): add support for remote redis session store (#3345)
Description ==================== zot currently stores session cookies in memory or in a local directory. For cases where the session cookies should be independent of the instance where they were created such as multiple instances of zot, or a fully stateless zot instance, there is a need to support a remote session storage. This change adds support for using Redis and Redis-compatible services as a remote session driver as well as introduces a new configuration option for it. What has changed ======================= - New config added under Auth config to specify configuration for the session driver. - Examples README updated with details of the new Auth config. - The config supports only 2 drivers in this change - local and redis - Using the local driver is backwards compatible and behaves the same way that zot currently works for local session storage. - Omitting this config does not result in an error. In this case, zot behaves as it normally does for local session storage. - When configured, zot can use redis for persisting cookie information for zot UI. - The cookie in the store is deleted on logout or after the max expiry time for the cookie. - Configuration for the redis session driver accepts the same configuration values as that of the remote meta cache. - A separate connection is established for the session driver. An existing connection for meta cache will not be re-used for the session driver. - A key prefix is configurable for the redis session driver. The value will be converted into a string for use. If no value is provided, a default prefix of "zotsession" will be used. - Redis sessions does not support hash key or encryption in this change. - New BATS test added to verify zot behavior with Redis session store. - Github workflow updated to install valkey-tools dependency for BATS. Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>
This commit is contained in:
Vishwas Rajashekar
committed by
GitHub
GitHub
parent
cbbd39745c
commit
86af38abfc
@@ -370,6 +370,45 @@ Using that cookie on subsequent calls will authenticate them, asumming the cooki
|
||||
In case of using filesystem storage sessions are saved in zot's root directory.
|
||||
In case of using cloud storage sessions are saved in memory.
|
||||
|
||||
Note: By default, the session driver config would be local for file system or in-memory. The session driver name for this is `local`. An example config is shown below, but the config can be omitted as it is a default.
|
||||
|
||||
```
|
||||
"auth": {
|
||||
"htpasswd": {
|
||||
"path": "test/data/htpasswd"
|
||||
},
|
||||
"sessionDriver": {
|
||||
"name": "local"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Note: This `sessionDriver` config is optional if a local session storage is desired.
|
||||
|
||||
#### Remote Session Storage Driver
|
||||
|
||||
Redis and Redis-compatible storage drivers can also be used for cases where session storage is required to be kept separately from zot or multiple zot instances need to share the session information.
|
||||
|
||||
This can be configured in the `auth` section of the configuration as shown below:
|
||||
|
||||
`sessionDriver`
|
||||
|
||||
```
|
||||
"auth": {
|
||||
"htpasswd": {
|
||||
"path": "test/data/htpasswd"
|
||||
},
|
||||
"sessionDriver": {
|
||||
"name": "redis",
|
||||
"url": "redis://localhost:6379",
|
||||
"keyprefix": "zotsession"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
The `redis` driver configuration options are the same as those in the [Redis Cache Driver](#redis) section. If the `redis` session driver is being used along with a `redis` cache driver and both configurations point to the same Redis instance, there will be two independent connections used.
|
||||
|
||||
Note: The `redis` session driver cannot be specified along with configuration for the SessionKeysFile.
|
||||
|
||||
### Securing session based login
|
||||
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
{
|
||||
"distSpecVersion": "1.1.1",
|
||||
"storage": {
|
||||
"rootDirectory": "/tmp/zot"
|
||||
},
|
||||
"http": {
|
||||
"address": "127.0.0.1",
|
||||
"port": "8080",
|
||||
"realm": "zot",
|
||||
"auth": {
|
||||
"htpasswd": {
|
||||
"path": "/tmp/zotpasswd"
|
||||
},
|
||||
"sessionDriver": {
|
||||
"name": "redis",
|
||||
"url": "redis://localhost:6379",
|
||||
"keyprefix": "zotsession"
|
||||
}
|
||||
}
|
||||
},
|
||||
"log": {
|
||||
"level": "debug"
|
||||
},
|
||||
"extensions": {
|
||||
"search": {
|
||||
"cve": {
|
||||
"updateInterval": "2h"
|
||||
}
|
||||
},
|
||||
"ui": {
|
||||
"enable": true
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user