feat(sessions): add support for remote redis session store (#3345)

Description
====================
zot currently stores session cookies in memory or in a local directory.
For cases where the session cookies should be independent of the
instance where they were created such as multiple instances of zot, or a
fully stateless zot instance, there is a need to support a remote
session storage.
This change adds support for using Redis and Redis-compatible services as a
remote session driver as well as introduces a new configuration option
for it.

What has changed
=======================
- New config added under Auth config to specify configuration for
  the session driver.
- Examples README updated with details of the new Auth config.
- The config supports only 2 drivers in this change - local and redis
- Using the local driver is backwards compatible and behaves the same
  way that zot currently works for local session storage.
- Omitting this config does not result in an error. In this case, zot
  behaves as it normally does for local session storage.
- When configured, zot can use redis for persisting cookie
  information for zot UI.
- The cookie in the store is deleted on logout or after the max
  expiry time for the cookie.
- Configuration for the redis session driver accepts the same configuration
  values as that of the remote meta cache.
- A separate connection is established for the session driver. An
  existing connection for meta cache will not be re-used for the
  session driver.
- A key prefix is configurable for the redis session driver. The value will be
  converted into a string for use. If no value is provided, a default
  prefix of "zotsession" will be used.
- Redis sessions does not support hash key or encryption in this change.
- New BATS test added to verify zot behavior with Redis session store.
- Github workflow updated to install valkey-tools dependency for BATS.

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

pkg/api/cookiestore.go

@@ -12,7 +12,12 @@ import (
 	"time"
 
 	"github.com/gorilla/sessions"
+	"github.com/rbcervilla/redisstore/v9"
 
+	"zotregistry.dev/zot/errors"
+	"zotregistry.dev/zot/pkg/api/config"
+	rediscfg "zotregistry.dev/zot/pkg/api/config/redis"
+	"zotregistry.dev/zot/pkg/log"
 	"zotregistry.dev/zot/pkg/scheduler"
 	"zotregistry.dev/zot/pkg/storage"
 	storageConstants "zotregistry.dev/zot/pkg/storage/constants"
@@ -36,7 +41,11 @@ func (c *CookieStore) RunSessionCleaner(sch *scheduler.Scheduler) {
 	}
 }
 
-func NewCookieStore(storeController storage.StoreController, hashKey, encryptKey []byte) (*CookieStore, error) {
+func NewCookieStore(
+	authCfg *config.AuthConfig,
+	storeController storage.StoreController,
+	log log.Logger,
+) (*CookieStore, error) {
 	// To store custom types in our cookies
 	// we must first register them using gob.Register
 	gob.Register(map[string]interface{}{})
@@ -47,10 +56,109 @@ func NewCookieStore(storeController storage.StoreController, hashKey, encryptKey
 
 	var needsCleanup bool
 
+	if authCfg.SessionDriver == nil {
+		// If the session driver is not configured, then
+		// behave in the usual way for file system cookie store and memory cookie store.
+		createdStore, returnedSessionsDir, doesStoreNeedCleanup, err := localSessionStoreInit(
+			storeController,
+			authCfg.SessionHashKey,
+			authCfg.SessionEncryptKey,
+		)
+		if err != nil {
+			return &CookieStore{}, err
+		}
+
+		store = createdStore
+		sessionsDir = returnedSessionsDir
+		needsCleanup = doesStoreNeedCleanup
+	} else {
+		switch authCfg.SessionDriver["name"] {
+		case storageConstants.RedisDriverName:
+			{
+				prefix, ok := rediscfg.GetString(authCfg.SessionDriver, "keyprefix", false, log)
+				if !ok {
+					prefix = "zotsession"
+				}
+
+				// The redisstore library code uses a colon to separate the prefix
+				// and the actual key and is expected to be part of the prefix argument.
+				// ref: https://github.com/rbcervilla/redisstore/blob/v9.0.0/redisstore.go#L44
+				// This adds a colon to the prefix only if it is not empty.
+				if prefix != "" {
+					prefix += ":"
+				}
+
+				client, err := rediscfg.GetRedisClient(authCfg.SessionDriver, log)
+				if err != nil {
+					return nil, err
+				}
+
+				redisStore, err := redisstore.NewRedisStore(context.Background(), client)
+				if err != nil {
+					return nil, err
+				}
+
+				redisStore.KeyPrefix(prefix)
+				redisStore.Options(sessions.Options{
+					MaxAge: cookiesMaxAge,
+					Path:   "/",
+				})
+
+				store = redisStore
+			}
+		case storageConstants.LocalStorageDriverName:
+			{
+				// This behaves the same as if there was no sessionDriver config.
+				// It is also the same behaviour prior to supporting this config.
+				// This allows for a backwards compatible migration path for upgrades.
+				createdStore, sessDir, cleanupReq, err := localSessionStoreInit(
+					storeController,
+					authCfg.SessionHashKey,
+					authCfg.SessionEncryptKey,
+				)
+				if err != nil {
+					return &CookieStore{}, err
+				}
+
+				store = createdStore
+				sessionsDir = sessDir
+				needsCleanup = cleanupReq
+			}
+		default:
+			return nil, fmt.Errorf(
+				"%w: sessiondriver %s not supported",
+				errors.ErrBadConfig,
+				authCfg.SessionDriver["name"],
+			)
+		}
+	}
+
+	return &CookieStore{
+		Store:        store,
+		rootDir:      sessionsDir,
+		needsCleanup: needsCleanup,
+	}, nil
+}
+
+// Handles creation and init of a local session store.
+// This can be either in memory or on the local file system.
+// Returns a session Store, root directory for the sessions if applicable,
+// a boolean indicating whether clean up is required, and an error.
+func localSessionStoreInit(
+	storeController storage.StoreController,
+	hashKey,
+	encryptKey []byte,
+) (sessions.Store, string, bool, error) {
+	var store sessions.Store
+
+	var sessionsDir string
+
+	var needsCleanup bool
+
 	if storeController.DefaultStore.Name() == storageConstants.LocalStorageDriverName {
 		sessionsDir = path.Join(storeController.DefaultStore.RootDir(), "_sessions")
 		if err := os.MkdirAll(sessionsDir, storageConstants.DefaultDirPerms); err != nil {
-			return &CookieStore{}, err
+			return &CookieStore{}, "", false, err
 		}
 
 		localStore := sessions.NewFilesystemStore(sessionsDir, hashKey, encryptKey)
@@ -67,11 +175,7 @@ func NewCookieStore(storeController storage.StoreController, hashKey, encryptKey
 		store = memStore
 	}
 
-	return &CookieStore{
-		Store:        store,
-		rootDir:      sessionsDir,
-		needsCleanup: needsCleanup,
-	}, nil
+	return store, sessionsDir, needsCleanup, nil
 }
 
 func IsExpiredSession(dirEntry fs.DirEntry) bool {