feat(sessions): add support for remote redis session store (#3345)

Description
====================
zot currently stores session cookies in memory or in a local directory.
For cases where the session cookies should be independent of the
instance where they were created such as multiple instances of zot, or a
fully stateless zot instance, there is a need to support a remote
session storage.
This change adds support for using Redis and Redis-compatible services as a
remote session driver as well as introduces a new configuration option
for it.

What has changed
=======================
- New config added under Auth config to specify configuration for
  the session driver.
- Examples README updated with details of the new Auth config.
- The config supports only 2 drivers in this change - local and redis
- Using the local driver is backwards compatible and behaves the same
  way that zot currently works for local session storage.
- Omitting this config does not result in an error. In this case, zot
  behaves as it normally does for local session storage.
- When configured, zot can use redis for persisting cookie
  information for zot UI.
- The cookie in the store is deleted on logout or after the max
  expiry time for the cookie.
- Configuration for the redis session driver accepts the same configuration
  values as that of the remote meta cache.
- A separate connection is established for the session driver. An
  existing connection for meta cache will not be re-used for the
  session driver.
- A key prefix is configurable for the redis session driver. The value will be
  converted into a string for use. If no value is provided, a default
  prefix of "zotsession" will be used.
- Redis sessions does not support hash key or encryption in this change.
- New BATS test added to verify zot behavior with Redis session store.
- Github workflow updated to install valkey-tools dependency for BATS.

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

pkg/cli/server/root.go

@@ -332,6 +332,58 @@ func validateCacheConfig(cfg *config.Config, logger zlog.Logger) error {
 	return nil
 }
 
+func validateRemoteSessionStoreConfig(cfg *config.Config, logger zlog.Logger) error {
+	// it is okay for the session driver config to be nil
+	// this is backwards compatible for older configs
+	if cfg.HTTP.Auth.SessionDriver == nil {
+		return nil
+	}
+
+	sessionDriverName, ok := cfg.HTTP.Auth.SessionDriver["name"]
+	if !ok {
+		msg := "must provide session driver name!"
+		logger.Error().Err(zerr.ErrBadConfig).Msg(msg)
+
+		return fmt.Errorf("%w: %s", zerr.ErrBadConfig, msg)
+	}
+
+	allowedDriverNames := []string{
+		storageConstants.RedisDriverName,
+		storageConstants.LocalStorageDriverName,
+	}
+
+	isValidDriver := false
+
+	for _, allowedDriverName := range allowedDriverNames {
+		if allowedDriverName == sessionDriverName {
+			isValidDriver = true
+
+			break
+		}
+	}
+
+	if !isValidDriver {
+		msg := fmt.Sprintf("session store driver %s is not allowed!", sessionDriverName)
+		logger.Error().Err(zerr.ErrBadConfig).Msg(msg)
+
+		return fmt.Errorf("%w: %s", zerr.ErrBadConfig, msg)
+	}
+
+	// If the redis driver is being used, then session keys must not be configured
+	// as redis session store does not support these yet.
+
+	if sessionDriverName == storageConstants.RedisDriverName {
+		if cfg.HTTP.Auth.SessionKeysFile != "" {
+			msg := "session keys not supported when redis session driver is used!"
+			logger.Error().Err(zerr.ErrBadConfig).Msg(msg)
+
+			return fmt.Errorf("%w: %s", zerr.ErrBadConfig, msg)
+		}
+	}
+
+	return nil
+}
+
 func validateExtensionsConfig(cfg *config.Config, logger zlog.Logger) error {
 	if cfg.Extensions != nil && cfg.Extensions.Mgmt != nil {
 		logger.Warn().Msg("mgmt extensions configuration option has been made redundant and will be ignored.")
@@ -405,6 +457,10 @@ func validateConfiguration(config *config.Config, logger zlog.Logger) error {
 		return err
 	}
 
+	if err := validateRemoteSessionStoreConfig(config, logger); err != nil {
+		return err
+	}
+
 	if err := validateExtensionsConfig(config, logger); err != nil {
 		return err
 	}