bfb11cc20f
- Force using the dedicated authentication site configured via auth-host - Stricter host validation - Using the restricted app consistently for all access control (instead of the old loginview).
52 lines
1.4 KiB
Python
52 lines
1.4 KiB
Python
"""
|
|
FastAPI-specific session management for WebAuthn authentication.
|
|
|
|
This module provides FastAPI-specific session management functionality:
|
|
- Extracting client information from FastAPI requests
|
|
- Setting and clearing HTTP-only cookies via FastAPI Response objects
|
|
|
|
Generic session management functions have been moved to authsession.py
|
|
"""
|
|
|
|
from fastapi import Request, Response, WebSocket
|
|
|
|
from ..authsession import EXPIRES
|
|
|
|
AUTH_COOKIE_NAME = "__Host-auth"
|
|
|
|
|
|
def infodict(request: Request | WebSocket, type: str) -> dict:
|
|
"""Extract client information from request."""
|
|
return {
|
|
"ip": request.client.host if request.client else None,
|
|
"user_agent": request.headers.get("user-agent", "")[:500] or None,
|
|
"session_type": type,
|
|
}
|
|
|
|
|
|
def set_session_cookie(response: Response, token: str) -> None:
|
|
"""Set the session token as an HTTP-only cookie."""
|
|
response.set_cookie(
|
|
key=AUTH_COOKIE_NAME,
|
|
value=token,
|
|
max_age=int(EXPIRES.total_seconds()),
|
|
httponly=True,
|
|
secure=True,
|
|
path="/",
|
|
samesite="lax",
|
|
)
|
|
|
|
|
|
def clear_session_cookie(response: Response) -> None:
|
|
# FastAPI's delete_cookie does not set the secure attribute
|
|
response.set_cookie(
|
|
key=AUTH_COOKIE_NAME,
|
|
value="",
|
|
max_age=0,
|
|
expires=0,
|
|
httponly=True,
|
|
secure=True,
|
|
path="/",
|
|
samesite="lax",
|
|
)
|