[7.x] POC for same-session ID request concurrency limiting (#32636)

Implement opt-in session locking.

Author: taylorotwell

src/Illuminate/Cache/Lock.php

@@ -32,6 +32,13 @@ abstract class Lock implements LockContract
      */
     protected $owner;
 
+    /**
+     * The number of milliseconds to wait before re-attempting to acquire a lock while blocking.
+     *
+     * @var int
+     */
+    protected $sleepMilliseconds = 250;
+
     /**
      * Create a new lock instance.
      *
@@ -107,7 +114,7 @@ public function block($seconds, $callback = null)
         $starting = $this->currentTime();
 
         while (! $this->acquire()) {
-            usleep(250 * 1000);
+            usleep($this->sleepMilliseconds * 1000);
 
             if ($this->currentTime() - $seconds >= $starting) {
                 throw new LockTimeoutException;
@@ -144,4 +151,17 @@ protected function isOwnedByCurrentProcess()
     {
         return $this->getCurrentOwner() === $this->owner;
     }
+
+    /**
+     * Specify the number of milliseconds to sleep in between blocked lock aquisition attempts.
+     *
+     * @param  int  $milliseconds
+     * @return $this
+     */
+    public function betweenBlockedAttemptsSleepFor($milliseconds)
+    {
+        $this->sleepMilliseconds = $milliseconds;
+
+        return $this;
+    }
 }

src/Illuminate/Routing/AbstractRouteCollection.php

@@ -144,6 +144,8 @@ public function compile()
                 'defaults' => $route->defaults,
                 'wheres' => $route->wheres,
                 'bindingFields' => $route->bindingFields(),
+                'lockSeconds' => $route->locksFor(),
+                'waitSeconds' => $route->waitsFor(),
             ];
         }
 

src/Illuminate/Routing/CompiledRouteCollection.php

@@ -297,7 +297,8 @@ protected function newRoute(array $attributes)
             ->setFallback($attributes['fallback'])
             ->setDefaults($attributes['defaults'])
             ->setWheres($attributes['wheres'])
-            ->setBindingFields($attributes['bindingFields']);
+            ->setBindingFields($attributes['bindingFields'])
+            ->block($attributes['lockSeconds'] ?? null, $attributes['waitSeconds'] ?? null);
     }
 
     /**

src/Illuminate/Routing/Route.php

@@ -92,6 +92,20 @@ class Route
      */
     protected $originalParameters;
 
+    /**
+     * Indicates the maximum number of seconds the route should acquire a session lock for.
+     *
+     * @var int|null
+     */
+    protected $lockSeconds;
+
+    /**
+     * Indicates the maximum number of seconds the route should wait while attempting to acquire a session lock.
+     *
+     * @var int|null
+     */
+    protected $waitSeconds;
+
     /**
      * The computed gathered middleware.
      *
@@ -972,6 +986,51 @@ public function excludedMiddleware()
         return (array) ($this->action['excluded_middleware'] ?? []);
     }
 
+    /**
+     * Specify that the route should not allow concurrent requests from the same session.
+     *
+     * @param  int|null  $lockSeconds
+     * @param  int|null  $waitSeconds
+     * @return $this
+     */
+    public function block($lockSeconds = 10, $waitSeconds = 10)
+    {
+        $this->lockSeconds = $lockSeconds;
+        $this->waitSeconds = $waitSeconds;
+
+        return $this;
+    }
+
+    /**
+     * Specify that the route should allow concurrent requests from the same session.
+     *
+     * @return $this
+     */
+    public function withoutBlocking()
+    {
+        return $this->block(null, null);
+    }
+
+    /**
+     * Get the maximum number of seconds the route's session lock should be held for.
+     *
+     * @return int|null
+     */
+    public function locksFor()
+    {
+        return $this->lockSeconds;
+    }
+
+    /**
+     * Get the maximum number of seconds to wait while attempting to acquire a session lock.
+     *
+     * @return int|null
+     */
+    public function waitsFor()
+    {
+        return $this->waitSeconds;
+    }
+
     /**
      * Get the dispatcher for the route's controller.
      *

src/Illuminate/Session/Middleware/StartSession.php

@@ -20,15 +20,24 @@ class StartSession
      */
     protected $manager;
 
+    /**
+     * The callback that can resolve an instance of the cache factory.
+     *
+     * @var callable
+     */
+    protected $cacheFactoryResolver;
+
     /**
      * Create a new session middleware.
      *
      * @param  \Illuminate\Session\SessionManager  $manager
+     * @param  callable  $cacheFactoryResolver
      * @return void
      */
-    public function __construct(SessionManager $manager)
+    public function __construct(SessionManager $manager, callable $cacheFactoryResolver = null)
     {
         $this->manager = $manager;
+        $this->cacheFactoryResolver = $cacheFactoryResolver;
     }
 
     /**
@@ -44,11 +53,62 @@ public function handle($request, Closure $next)
             return $next($request);
         }
 
+        $session = $this->getSession($request);
+
+        if ($this->manager->shouldBlock() ||
+            ($request->route() && $request->route()->locksFor())) {
+            return $this->handleRequestWhileBlocking($request, $session, $next);
+        } else {
+            return $this->handleStatefulRequest($request, $session, $next);
+        }
+    }
+
+    /**
+     * Handle the given request within session state.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Contracts\Session\Session  $session
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    protected function handleRequestWhileBlocking(Request $request, $session, Closure $next)
+    {
+        $lockFor = $request->route() && $request->route()->locksFor()
+                        ? $request->route()->locksFor()
+                        : 10;
+
+        $lock = $this->cache($this->manager->blockDriver())
+                    ->lock('session:'.$session->getId(), $lockFor)
+                    ->betweenBlockedAttemptsSleepFor(50);
+
+        try {
+            $lock->block(
+                ! is_null($request->route()->waitsFor())
+                        ? $request->route()->waitsFor()
+                        : 10
+            );
+
+            return $this->handleStatefulRequest($request, $session, $next);
+        } finally {
+            optional($lock)->release();
+        }
+    }
+
+    /**
+     * Handle the given request within session state.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Contracts\Session\Session  $session
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    protected function handleStatefulRequest(Request $request, $session, Closure $next)
+    {
         // If a session driver has been configured, we will need to start the session here
         // so that the data is ready for an application. Note that the Laravel sessions
         // do not make use of PHP "native" sessions in any way since they are crappy.
         $request->setLaravelSession(
-            $session = $this->startSession($request)
+            $this->startSession($request, $session)
         );
 
         $this->collectGarbage($session);
@@ -71,11 +131,12 @@ public function handle($request, Closure $next)
      * Start the session for the given request.
      *
      * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Contracts\Session\Session  $session
      * @return \Illuminate\Contracts\Session\Session
      */
-    protected function startSession(Request $request)
+    protected function startSession(Request $request, $session)
     {
-        return tap($this->getSession($request), function ($session) use ($request) {
+        return tap($session, function ($session) use ($request) {
             $session->setRequestOnHandler($request);
 
             $session->start();
@@ -216,4 +277,15 @@ protected function sessionIsPersistent(array $config = null)
 
         return ! is_null($config['driver'] ?? null);
     }
+
+    /**
+     * Resolve the given cache driver.
+     *
+     * @param  string  $cache
+     * @return \Illuminate\Cache\Store
+     */
+    protected function cache($driver)
+    {
+        return call_user_func($this->cacheFactoryResolver)->driver($driver);
+    }
 }

src/Illuminate/Session/SessionManager.php

@@ -202,6 +202,26 @@ protected function buildEncryptedSession($handler)
         );
     }
 
+    /**
+     * Determine if requests for the same session should wait for each to finish before executing.
+     *
+     * @return bool
+     */
+    public function shouldBlock()
+    {
+        return $this->config->get('session.block', false);
+    }
+
+    /**
+     * Get the name of the cache store / driver that should be used to acquire session locks.
+     *
+     * @return string|null
+     */
+    public function blockDriver()
+    {
+        return $this->config->get('session.block_store');
+    }
+
     /**
      * Get the session configuration.
      *

src/Illuminate/Session/SessionServiceProvider.php

@@ -2,6 +2,7 @@
 
 namespace Illuminate\Session;
 
+use Illuminate\Contracts\Cache\Factory as CacheFactory;
 use Illuminate\Session\Middleware\StartSession;
 use Illuminate\Support\ServiceProvider;
 
@@ -18,7 +19,11 @@ public function register()
 
         $this->registerSessionDriver();
 
-        $this->app->singleton(StartSession::class);
+        $this->app->singleton(StartSession::class, function () {
+            return new StartSession($this->app->make(SessionManager::class), function () {
+                return $this->app->make(CacheFactory::class);
+            });
+        });
     }
 
     /**