v2/rails: native Session (no v1 gem) — graceful sign-out on bad/old session#29
Merged
Conversation
…ession
Add Terminalwire::V2::Rails::Session: a JWT-backed, client-stored session (v1's
Terminalwire::Rails::Session, ported onto the v2 context's identical file/directory/
storage_path API), and point the v2 shell's `session` shim at it. So a v2-only app
needs no v1 gem for current_user/login/whoami.
Resilient by design: a missing, empty, tampered, or wrong-secret session reads as
EMPTY rather than raising — upgrading v1 -> v2 (or rotating the secret) just signs
the user out ("log in again"), it never crashes a command. Adds the jwt dependency.
Specs: 6 session cases; full suite 96/0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
Terminalwire::V2::Rails::Session(JWT-backed client session ported onto the v2 context) and points the v2 shell'ssessionshim at it, so a v2-only app needs no v1 gem for current_user/login/whoami. A missing/tampered/wrong-secret session reads as EMPTY (log in again) instead of raising — v1→v2 migration never crashes a command. Adds the jwt dep. 6 session specs; full suite 96/0.