sqlpad
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 4 additions & 1 deletion b/‎.github/workflows/test.yml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 3 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/api-batches.md‎
Lines changed: 3 additions & 3 deletions b/‎docs/api-batches.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/configuration.md‎
Lines changed: 19 additions & 0 deletions b/‎docs/configuration.md‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎docs/getting-started.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/getting-started.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/app.js‎
Lines changed: 57 additions & 13 deletions b/‎server/app.js‎
Lines changed: 57 additions & 13 deletions
diff --git a/‎server/docker-compose.yml‎
Lines changed: 31 additions & 15 deletions b/‎server/docker-compose.yml‎
Lines changed: 31 additions & 15 deletions
diff --git a/‎server/lib/config/config-items.js‎
Lines changed: 10 additions & 0 deletions b/‎server/lib/config/config-items.js‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎server/migrations/05-00100-sessions.js‎
Lines changed: 36 additions & 0 deletions b/‎server/migrations/05-00100-sessions.js‎
Lines changed: 36 additions & 0 deletions
@@ -38,7 +38,7 @@ jobs:
     strategy:
       fail-fast: false # if one job fails, others will not be aborted
       matrix:
-        backendtype: [ '', 'mssql','mysql', 'mariadb', 'postgres' ]
+        backendtype: ['', 'mssql', 'mysql', 'mariadb', 'postgres']
         node-version: [12.x]
 
     steps:
@@ -49,6 +49,9 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Start redis
+        run: docker-compose -f server/docker-compose.yml up -d redis &
+
       - name: Start service for backend server
         if: ${{ matrix.backendtype }}
         run: docker-compose -f server/docker-compose.yml up -d ${{ matrix.backendtype }} &
 
@@ -47,7 +47,7 @@ Version 5 contains many infrastructure and API changes, as well as migrations th
 
 This release finishes the migration from an embedded JSON database to an ORM and SQLite (used by default). For new instances of SQLPad, the following alternative backend databases may be used: SQL Server, MySQL, MariaDB, or PostgreSQL via `SQLPAD_BACKEND_DB_URI`.
 
-Providing a value for `SQLPAD_DB_PATH`/`dbPath` is still required, as the filesystem is still used for sessions and storage of query results. This requirement will be removed in a later 5.x release.
+Providing a value for `SQLPAD_DB_PATH`/`dbPath` is still required, as the file system is still used for sessions and storage of query results. This requirement will be removed in a later 5.x release.
 
 Migrations will be run on SQLPad start up. To disable this behavior, set `SQLPAD_DB_AUTOMIGRATE` to `false`. Migrations may be run manually via `node server.js --config path/to/file.ext --migrate`. When using `--migrate` the process will exit after applying migrations.
 
@@ -205,12 +205,12 @@ Special thanks to @eladeyal-intel, @bruth, @yorek, @dengc367, @murphyke, and @Wi
 - Add GitHub Release builds via build pipeline (#550)
 - Add `dbInMemory` setting (#553)
 
-  `dbInMemory` will run the embedded SQLPad db in memory without logging to disk. Enabling this does not remove the need for `dbPath` at this time, as filesystem access is still required for result caches and express session support. (`dbPath` to become optional in future release)
+  `dbInMemory` will run the embedded SQLPad db in memory without logging to disk. Enabling this does not remove the need for `dbPath` at this time, as file system access is still required for result caches and express session support. (`dbPath` to become optional in future release)
 
 ### Fixes
 
 - Fix TypeError: Do not know how to serialize a BigInt (#522)
-- Fix tests for non-utc timezones (#524)
+- Fix tests for non-utc time zones (#524)
 
 ### Maintenance
 
 
@@ -10,7 +10,7 @@ Prior to v5, queries were run in SQLPad with an HTTP `POST`, with the query resu
 
 While nice and simple, it has some downsides:
 
-- long queries require long HTTP timeout configurations (not ideal, requires additional configuration to load balancers, proxy, etc)
+- long queries require long HTTP timeout configurations (not ideal, requires additional configuration to load balancers, proxy, etc.)
 - An execution with multiple statements/queries would require all queries to finish before results are sent back. Results would have to be in single response (might be too big)
 
 As of v5 new restful APIs have replaced the existing query-result API.
@@ -21,9 +21,9 @@ These newly created objects are returned as soon as they are created, each conta
 
 Immediately following creation, the batch is executed, each statement sequentially, under the same connection if the database driver supports it. On error, further statements in the batch are stopped, and the statement and batch in question is marked as status `error`.
 
-On success, the batch and statement are marked with status `finished`. Query results are written to the filesystem as a JSON file under the `results` directory inside the directory specified by the `dbPath` configuration variabled.
+On success, the batch and statement are marked with status `finished`. Query results are written to the file system as a JSON file under the `results` directory inside the directory specified by the `dbPath` configuration variable.
 
-These results on the filesystem are kept according to the `queryHistoryRetentionTimeInDays` setting, which defaults to 30 days.
+These results on the file system are kept according to the `queryHistoryRetentionTimeInDays` setting, which defaults to 30 days.
 
 ## Creating a Batch
 
 
@@ -47,6 +47,14 @@ SQLPAD_TIMEOUT_SECONDS = 300
 # Minutes to keep a session active. Session will be extended by this amount each request.
 SQLPAD_SESSION_MINUTES = 60
 
+# Store to use for user session
+# Valid values are `file` (default), `database`, `redis`, `memory`
+# `file` uses files in the sessions directory under SQLPAD_DB_PATH
+# `memory` may be used for single sqlpad instances, and works well for no-auth setups
+# `redis` offers best performance and is most commonly used. SQLPAD_REDIS_URI must also be set.
+# `database` will use whatever backend database is used (or SQLite if SQLPAD_DB_PATH is set)
+SQLPAD_SESSION_STORE = "file"
+
 # Name used for cookie. If running multiple SQLPads on same domain, set to different values.
 SQLPAD_COOKIE_NAME = "sqlpad.sid"
 
@@ -90,6 +98,17 @@ SQLPAD_QUERY_HISTORY_RESULT_MAX_ROWS = 1000
 SQLPAD_DEFAULT_CONNECTION_ID = ""
 ```
 
+## Redis
+
+Redis may be used for session storage as of `5.3.0`.
+
+```bash
+# URI for redis instance to use for user sessions if configured
+# Format should be [redis[s]:]//[[user][:password@]][host][:port][/db-number][?db=db-number[&password=bar[&option=value]]]
+# More info at http://www.iana.org/assignments/uri-schemes/prov/redis
+SQLPAD_REDIS_URI = ""
+```
+
 ## Backend Database Management
 
 SQLPad may be configured to use SQLite, PostgreSQL, MySQL, MariaDB, or SQL Server as a backing database.
 
@@ -4,7 +4,7 @@
 
 There are 2 options to run SQLPad: Install [Node.js](https://nodejs.org/) and [build and run SQLPad from the git repository](https://github.com/rickbergfalk/sqlpad/blob/master/DEVELOPER-GUIDE.md), or use the [docker images on Docker Hub](https://hub.docker.com/r/sqlpad/sqlpad/).
 
-SQLPad does not require any additional servers other than its own self. By default it uses SQLite and the filesystem for storing queries, query results, and web sessions. SQLite may be replaced with an external database using the `SQLPAD_BACKEND_DB_URI` environment variable as of v5.
+SQLPad does not require any additional servers other than its own self. By default it uses SQLite and the file system for storing queries, query results, and web sessions. SQLite may be replaced with an external database using the `SQLPAD_BACKEND_DB_URI` environment variable as of v5.
 
 The `SQLPAD_DB_PATH` must still be provided however, as it is used for sessions and query result storage. This requirement will be removed in a later 5.x release.
 
 
@@ -3,8 +3,12 @@ const path = require('path');
 const express = require('express');
 const helmet = require('helmet');
 const pino = require('pino');
+const redis = require('redis');
 const session = require('express-session');
 const FileStore = require('session-file-store')(session);
+const MemoryStore = require('memorystore')(session);
+const SequelizeStore = require('connect-session-sequelize')(session.Store);
+const RedisStore = require('connect-redis')(session);
 const appLog = require('./lib/app-log');
 const Webhooks = require('./lib/webhooks.js');
 const bodyParser = require('body-parser');
@@ -99,22 +103,62 @@ async function makeApp(config, models) {
   );
 
   const cookieMaxAgeMs = parseInt(config.get('sessionMinutes'), 10) * 60 * 1000;
-  const sessionPath = path.join(config.get('dbPath'), '/sessions');
 
-  app.use(
-    session({
-      store: new FileStore({
+  const sessionOptions = {
+    saveUninitialized: false,
+    resave: true,
+    rolling: true,
+    cookie: { maxAge: cookieMaxAgeMs },
+    secret: config.get('cookieSecret'),
+    name: config.get('cookieName'),
+  };
+  const sessionStore = config.get('sessionStore').toLowerCase();
+
+  switch (sessionStore) {
+    case 'file': {
+      const sessionPath = path.join(config.get('dbPath'), '/sessions');
+      sessionOptions.store = new FileStore({
         path: sessionPath,
         logFn: () => {},
-      }),
-      saveUninitialized: false,
-      resave: true,
-      rolling: true,
-      cookie: { maxAge: cookieMaxAgeMs },
-      secret: config.get('cookieSecret'),
-      name: config.get('cookieName'),
-    })
-  );
+      });
+      break;
+    }
+    case 'memory': {
+      sessionOptions.store = new MemoryStore({
+        checkPeriod: cookieMaxAgeMs,
+      });
+      break;
+    }
+    case 'database': {
+      sessionOptions.store = new SequelizeStore({
+        db: models.sequelizeDb.sequelize,
+        table: 'Sessions',
+      });
+      // SequelizeStore supports the touch method so per the express-session docs this should be set to false
+      sessionOptions.resave = false;
+      // SequelizeStore docs mention setting this to true if SSL is done outside of Node
+      // Not sure we have any way of knowing based on current config
+      // sessionOptions.proxy = true;
+      break;
+    }
+    case 'redis': {
+      const redisUri = config.get('redisUri');
+      if (!redisUri) {
+        throw new Error(
+          `Redis session store requires SQLPAD_REDIS_URI to be set`
+        );
+      }
+      const redisClient = redis.createClient(redisUri);
+      sessionOptions.store = new RedisStore({ client: redisClient });
+      sessionOptions.resave = false;
+      break;
+    }
+    default: {
+      throw new Error(`Invalid session store ${sessionStore}`);
+    }
+  }
+
+  app.use(session(sessionOptions));
 
   const baseUrl = config.get('baseUrl');
 
 
@@ -1,5 +1,10 @@
 version: '3'
 services:
+  redis:
+    image: redis:6-alpine
+    ports:
+      - 6379:6379
+
   mssql:
     image: 'mcr.microsoft.com/mssql/server:2017-latest'
     hostname: 'mssql'
@@ -10,10 +15,22 @@ services:
       - MSSQL_SA_PASSWORD=SuperP4ssw0rd!
       - MSSQL_PID=Express
     healthcheck:
-        test: ["CMD", "/opt/mssql-tools/bin/sqlcmd", "-S", "localhost", "-U", "sa", "-P", "SuperP4ssw0rd!", "-Q", "SELECT 1" ]
-        interval: 3s
-        timeout: 3s
-        retries: 10
+      test:
+        [
+          'CMD',
+          '/opt/mssql-tools/bin/sqlcmd',
+          '-S',
+          'localhost',
+          '-U',
+          'sa',
+          '-P',
+          'SuperP4ssw0rd!',
+          '-Q',
+          'SELECT 1',
+        ]
+      interval: 3s
+      timeout: 3s
+      retries: 10
 
   postgres:
     image: postgres:9.6-alpine
@@ -23,9 +40,9 @@ services:
       POSTGRES_DB: sqlpad
     ports:
       - '5432:5432'
-    healthcheck: 
-      test: ["CMD", "pg_isready"]
-      interval: 5s 
+    healthcheck:
+      test: ['CMD', 'pg_isready']
+      interval: 5s
       timeout: 2s
       retries: 10
 
@@ -38,12 +55,12 @@ services:
       MYSQL_PASSWORD: password
       MYSQL_DATABASE: db
       MYSQL_ROOT_PASSWORD: password
-    healthcheck: 
-      test: ["CMD", "mysqladmin", "status", "-uroot", "-ppassword"]
-      interval: 5s 
+    healthcheck:
+      test: ['CMD', 'mysqladmin', 'status', '-uroot', '-ppassword']
+      interval: 5s
       timeout: 2s
       retries: 10
-        
+
   mysql:
     image: mysql:8
     ports:
@@ -53,9 +70,8 @@ services:
       MYSQL_PASSWORD: password
       MYSQL_DATABASE: db2
       MYSQL_ROOT_PASSWORD: root
-    healthcheck: 
-      test: ["CMD", "mysql", "-uuser", "-ppassword", "-e", "select 1"]
-      interval: 5s 
+    healthcheck:
+      test: ['CMD', 'mysql', '-uuser', '-ppassword', '-e', 'select 1']
+      interval: 5s
       timeout: 2s
       retries: 10
-        
 
@@ -29,6 +29,11 @@ const configItems = [
     envVar: 'SQLPAD_SESSION_MINUTES',
     default: 60,
   },
+  {
+    key: 'sessionStore',
+    envVar: 'SQLPAD_SESSION_STORE',
+    default: 'file', // database, redis, memory
+  },
   {
     key: 'timeoutSeconds',
     envVar: 'SQLPAD_TIMEOUT_SECONDS',
@@ -428,6 +433,11 @@ const configItems = [
     envVar: 'SQLPAD_BACKEND_DB_URI',
     default: '',
   },
+  {
+    key: 'redisUri',
+    envVar: 'SQLPAD_REDIS_URI',
+    default: '',
+  },
   {
     key: 'seedDataPath',
     envVar: 'SQLPAD_SEED_DATA_PATH',
 
@@ -0,0 +1,36 @@
+const Sequelize = require('sequelize');
+
+/**
+ * @param {import('sequelize').QueryInterface} queryInterface
+ * @param {import('../lib/config')} config
+ * @param {import('../lib/logger')} appLog
+ * @param {object} nedb - collection of nedb objects created in /lib/db.js
+ */
+// eslint-disable-next-line no-unused-vars
+async function up(queryInterface, config, appLog, nedb) {
+  /**
+   * sessions table is used for web user sessions
+   */
+  await queryInterface.createTable('sessions', {
+    sid: {
+      type: Sequelize.STRING(36),
+      primaryKey: true,
+    },
+    expires: {
+      type: Sequelize.DATE,
+    },
+    data: {
+      type: Sequelize.TEXT,
+    },
+    created_at: {
+      type: Sequelize.DATE,
+    },
+    updated_at: {
+      type: Sequelize.DATE,
+    },
+  });
+}
+
+module.exports = {
+  up,
+};