cista-storage/cista/session.py

from time import time

import jwt

from cista.config import derived_secret


def session_secret():
    return derived_secret("session")


max_age = 365 * 86400  # Seconds since last login


def get(request):
    try:
        return jwt.decode(request.cookies.s, session_secret(), algorithms=["HS256"])
    except Exception:
        return False if "s" in request.cookies else None


def create(res, username, **kwargs):
    data = {
        "exp": int(time()) + max_age,
        "username": username,
        **kwargs,
    }
    s = jwt.encode(data, session_secret())
    res.cookies.add_cookie("s", s, httponly=True, max_age=max_age)


def update(res, s, **kwargs):
    s.update(kwargs)
    s = jwt.encode(s, session_secret())
    max_age = max(1, s["exp"] - int(time()))  # type: ignore
    res.cookies.add_cookie("s", s, httponly=True, max_age=max_age)


def delete(res):
    res.cookies.delete_cookie("s")


def flash(res, message: str | None):
    if message is None:
        res.cookies.delete_cookie("message")
    else:
        res.cookies.add_cookie("message", message, max_age=5)
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00			`from time import time`

			`import jwt`

Refactoring and cleanup 2023-10-21 17:17:09 +01:00			`from cista.config import derived_secret`
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00
Formatting and fix Internal Server Error on upload 2023-10-26 15:18:59 +01:00
			`def session_secret():`
			`return derived_secret("session")`


Make sessions last a year 2023-10-24 00:03:11 +01:00			`max_age = 365 * 86400 # Seconds since last login`
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00
Formatting and fix Internal Server Error on upload 2023-10-26 15:18:59 +01:00
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00			`def get(request):`
			`try:`
Refactor with its own entry point and startup script cista, instead of running via sanic. Config file handling and Droppy updates. HTTP redirection/acme server added. 2023-10-19 00:06:14 +01:00			`return jwt.decode(request.cookies.s, session_secret(), algorithms=["HS256"])`
Formatting and fix Internal Server Error on upload 2023-10-26 15:18:59 +01:00			`except Exception:`
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00			`return False if "s" in request.cookies else None`

Formatting and fix Internal Server Error on upload 2023-10-26 15:18:59 +01:00
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00			`def create(res, username, **kwargs):`
			`data = {`
			`"exp": int(time()) + max_age,`
			`"username": username,`
			`**kwargs,`
			`}`
Refactor with its own entry point and startup script cista, instead of running via sanic. Config file handling and Droppy updates. HTTP redirection/acme server added. 2023-10-19 00:06:14 +01:00			`s = jwt.encode(data, session_secret())`
Login error handling and flash messages. Remove host prefix on cookies because of https://bugs.chromium.org/p/chromium/issues/detail?id=1245434 2023-10-19 17:55:59 +01:00			`res.cookies.add_cookie("s", s, httponly=True, max_age=max_age)`
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00
Formatting and fix Internal Server Error on upload 2023-10-26 15:18:59 +01:00
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00			`def update(res, s, **kwargs):`
			`s.update(kwargs)`
Refactor with its own entry point and startup script cista, instead of running via sanic. Config file handling and Droppy updates. HTTP redirection/acme server added. 2023-10-19 00:06:14 +01:00			`s = jwt.encode(s, session_secret())`
Cleanup, bugfixes. Added access control on files and API. 2023-10-23 02:51:39 +01:00			`max_age = max(1, s["exp"] - int(time())) # type: ignore`
			`res.cookies.add_cookie("s", s, httponly=True, max_age=max_age)`
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00
Formatting and fix Internal Server Error on upload 2023-10-26 15:18:59 +01:00
Implemented login page and new jwt-based sessions. Watching cleanup. 2023-10-17 23:06:27 +01:00			`def delete(res):`
Login error handling and flash messages. Remove host prefix on cookies because of https://bugs.chromium.org/p/chromium/issues/detail?id=1245434 2023-10-19 17:55:59 +01:00			`res.cookies.delete_cookie("s")`
Implemented control commands and tests. Rewritten error and session/flash handling. 2023-10-21 02:44:43 +01:00

			`def flash(res, message: str \| None):`
			`if message is None:`
			`res.cookies.delete_cookie("message")`
			`else:`
			`res.cookies.add_cookie("message", message, max_age=5)`