Simplify filter logic

Based on the fact that SessionAccessor is required to be scoped service
code became much simplier

Author: alex-kulakov

Extensions/Xtensive.Orm.Web/Filters/SessionActionFilter.cs

@@ -15,9 +15,8 @@ namespace Xtensive.Orm.Web.Filters
   /// </summary>
   public class SessionActionFilter : IActionFilter, IAsyncActionFilter
   {
-    private SessionAccessor sessionAccessor;
     private IDisposable contextBindResource;
-    private bool skipResourcesRelease;
+    private bool skipResourcesDisposal;
 
     /// <inheritdoc/>
     public void OnActionExecuting(ActionExecutingContext context) =>
@@ -119,52 +118,59 @@ protected virtual void OnSessionDisposed(ActionExecutedContext context)
     /// <returns><see langword="true"/> for complete transaction scope, otherwise, <see langword="false"/>.</returns>
     protected virtual bool CompleteTransactionOnException(Exception exception, ActionExecutedContext context) => false;
 
-    //internal void Persist(PersistReason reason) => Persist(reason, false).GetAwaiter().GetResult();
     private async ValueTask ExecuteBeforeAction(ActionExecutingContext context, bool isAsync)
     {
       var actionParameters = context.ActionDescriptor.Parameters;
 
-      skipResourcesRelease = true;
+      skipResourcesDisposal = true;
+
+      // accessor is always in services as scoped instance (one per request)
+      // so, if there is no session opened we need to open it,
+      // put it to the httpcontext and bind it to the first mention of SessionAccessor
 
       //this search can probably be improved by caching action names with needed parameters
       foreach (var p in actionParameters) {
         if (p.ParameterType == WellKnownTypes.SessionAccessorType) {
           // trying to get registered accessor as service
           var accessor = GetSessionAccesorFromServices(context.HttpContext);
-          if (accessor != null) {
-            // this is registered as service and probably filled with middleware
-            skipResourcesRelease = true;
-            sessionAccessor = accessor;
-            if (accessor.ContextIsBound) {
-              return;// middleware is in pipeline, it did the work
+          if (!accessor.ContextIsBound) {
+            if (SessionInContextExists(context.HttpContext)) {
+              // something opened session but does not bind context to accessor
+              // bind context and let outer code manage Session instance.
+              contextBindResource = accessor.BindHttpContext(context.HttpContext);
+              skipResourcesDisposal = true;
             }
             else {
-              contextBindResource = await CreateSessionAndBindContext(sessionAccessor, context, isAsync);
-              skipResourcesRelease = false;
+              // nothing is in context, create and bind,
+              // also remember that we need to dispose opened session and transaction scope
+              contextBindResource = await CreateSessionAndBindContext(accessor, context, isAsync);
+              skipResourcesDisposal = false;
             }
           }
-          else {
-            //we're using the instance Asp.Net infrastructure created for us
-            sessionAccessor = (SessionAccessor) context.ActionArguments[p.Name];
-            contextBindResource = await CreateSessionAndBindContext(sessionAccessor, context, isAsync);
-            skipResourcesRelease = false;
-          }
           break;
         }
       }
     }
 
     private async ValueTask ExecuteAfterAction(ActionExecutedContext context, bool isAsync)
     {
-      if (skipResourcesRelease) {
+      contextBindResource.DisposeSafely();
+      if (skipResourcesDisposal) {
         return;
       }
+
       // session and tx is created here
       // so we need to clean HttpContext.
-      var session = sessionAccessor.Session;
-      var tx = sessionAccessor.TransactionScope;
 
       var httpContext = context.HttpContext;
+      var session = (Session) httpContext.Items[SessionAccessor.SessionIdentifier];
+      var tx = (TransactionScope) httpContext.Items[SessionAccessor.ScopeIdentifier];
+
+      if (session == null || tx == null) {
+        // just in case user clears items, this will cause session leakage.
+        throw new InvalidOperationException("Session or TransactionScope no longer exists in HttpContext. Do not remove it from HttpContext manually.");
+      }
+
       _ = httpContext.Items.Remove(SessionAccessor.ScopeIdentifier);
       _ = httpContext.Items.Remove(SessionAccessor.SessionIdentifier);
 
@@ -185,9 +191,6 @@ private async ValueTask ExecuteAfterAction(ActionExecutedContext context, bool i
         session.Dispose();
       }
       OnSessionDisposed(context);
-
-      contextBindResource.DisposeSafely(); // unbind httpcontext
-      sessionAccessor = null;
     }
 
     private async ValueTask<IDisposable> CreateSessionAndBindContext(SessionAccessor accessor, ActionExecutingContext context, bool isAsync)
@@ -216,7 +219,13 @@ private static Domain GetDomainFromServices(HttpContext context)
       return domain ?? throw new InvalidOperationException("Domain is not found among registered services.");
     }
 
-    private static SessionAccessor GetSessionAccesorFromServices(HttpContext context) =>
-      (SessionAccessor) context.RequestServices.GetService(WellKnownTypes.SessionAccessorType);
+    private static SessionAccessor GetSessionAccesorFromServices(HttpContext context)
+    {
+      var sessionAccessor = (SessionAccessor) context.RequestServices.GetService(WellKnownTypes.SessionAccessorType);
+      return sessionAccessor ?? throw new InvalidOperationException("SessionAccessor should be registered as Scoped service.");
+    }
+
+    private static bool SessionInContextExists(HttpContext context) =>
+      context.Items.TryGetValue(SessionAccessor.SessionIdentifier, out var sessionRaw) && sessionRaw != null;
   }
 }