rose-ash

coop/rose-ash

Fork 0

Commit Graph

Author	SHA1	Message	Date
giles	b0b0a0592b	host: durable lazy sessions — logins survive a restart Sessions were in-memory, so a restart logged everyone out (same class as the relation wipe). Move them to the durable store, but LAZILY so anonymous/crawler traffic doesn't spam it: session/create mints a sid with no row; the row appears on the first session/set (a login). A per-boot epoch (one durable write at startup, host/session-init!) keeps sids unique across restarts without a write per request. - lib/host/session.sx: lazy backend (create = no row, set = create row, exists = row written) + epoch/in-memory-counter sid generation. - serve.sh: point the session store at the durable backend + host/session-init!. - blog.sx: host/current-principal is now a durable read, so host/auth-footer (home + post footers) had to move OUT of the quasiquote into let bindings — a perform during page-tree build raises VmSuspended (the whole site 500'd for a beat). Principal computed once per page. - 2 session tests: create writes no row, set creates the row. 249/249. Verified live: site renders (anon + authed), login + footer survive a container force-recreate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-28 16:37:26 +00:00
giles	3b8e1dfe2e	host: live writes via signed sessions + kernel multi-Set-Cookie (193/193) Unblock the guarded blog write routes for browsers: a login form sets a signed session cookie that the same routes accept (alongside Bearer), so publishing works end-to-end on blog.rose-ash.com without Quart. - kernel: http-listen emit serialises a response :set-cookies LIST as one Set-Cookie header each (a headers dict can't hold more than one). Purely additive — responses without :set-cookies are unchanged. - server.sx: host/-dream->native forwards :set-cookies to the native resp. - lib/host/session.sx: durable, signed sessions on the persist KV (session/create\|exists\|get\|set\|clear), wired via dream-sessions-signed. - lib/host/auth.sx: GET/POST /login + POST /logout; host/require-user accepts a session principal OR a Bearer token. - router.sx: host/make-app wraps the whole app in the session middleware and auto-mounts /login + /logout — the front door always has sessions. - blog.sx: write routes use host/require-user; serve.sh flips POST /new from the experimental UNGUARDED route to the guarded write routes, with admin creds + signing secret + ACL grant from the container env. - session conformance suite (12): login->cookie->guarded write 201; no cookie/forged/logged-out -> 401; Bearer fallback still works. Verified live on blog.rose-ash.com: 401 unauthenticated, 303 login, 303 publish, anonymous read renders, post persists across container recreate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-25 21:51:41 +00:00

Author

SHA1

Message

Date

giles

b0b0a0592b

host: durable lazy sessions — logins survive a restart

Sessions were in-memory, so a restart logged everyone out (same class as the
relation wipe). Move them to the durable store, but LAZILY so anonymous/crawler
traffic doesn't spam it: session/create mints a sid with no row; the row appears
on the first session/set (a login). A per-boot epoch (one durable write at
startup, host/session-init!) keeps sids unique across restarts without a write
per request.

- lib/host/session.sx: lazy backend (create = no row, set = create row,
  exists = row written) + epoch/in-memory-counter sid generation.
- serve.sh: point the session store at the durable backend + host/session-init!.
- blog.sx: host/current-principal is now a durable read, so host/auth-footer
  (home + post footers) had to move OUT of the quasiquote into let bindings —
  a perform during page-tree build raises VmSuspended (the whole site 500'd for
  a beat). Principal computed once per page.
- 2 session tests: create writes no row, set creates the row.

249/249. Verified live: site renders (anon + authed), login + footer survive a
container force-recreate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-28 16:37:26 +00:00

giles

3b8e1dfe2e

host: live writes via signed sessions + kernel multi-Set-Cookie (193/193)

Unblock the guarded blog write routes for browsers: a login form sets a
signed session cookie that the same routes accept (alongside Bearer), so
publishing works end-to-end on blog.rose-ash.com without Quart.

- kernel: http-listen emit serialises a response :set-cookies LIST as one
  Set-Cookie header each (a headers dict can't hold more than one). Purely
  additive — responses without :set-cookies are unchanged.
- server.sx: host/-dream->native forwards :set-cookies to the native resp.
- lib/host/session.sx: durable, signed sessions on the persist KV
  (session/create|exists|get|set|clear), wired via dream-sessions-signed.
- lib/host/auth.sx: GET/POST /login + POST /logout; host/require-user accepts
  a session principal OR a Bearer token.
- router.sx: host/make-app wraps the whole app in the session middleware and
  auto-mounts /login + /logout — the front door always has sessions.
- blog.sx: write routes use host/require-user; serve.sh flips POST /new from
  the experimental UNGUARDED route to the guarded write routes, with admin
  creds + signing secret + ACL grant from the container env.
- session conformance suite (12): login->cookie->guarded write 201; no
  cookie/forged/logged-out -> 401; Bearer fallback still works.

Verified live on blog.rose-ash.com: 401 unauthenticated, 303 login, 303
publish, anonymous read renders, post persists across container recreate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-25 21:51:41 +00:00

2 Commits