46 lines
1.3 KiB
Python
46 lines
1.3 KiB
Python
"""
|
|
web/session.py
|
|
--------------
|
|
Session helpers using signed cookies (itsdangerous).
|
|
Stores Adobe Sign and DocuSign tokens server-side in the cookie payload.
|
|
|
|
Sessions are short-lived (1 hour) and signed but not encrypted.
|
|
Do not store sensitive secrets here beyond access tokens.
|
|
"""
|
|
|
|
from itsdangerous import URLSafeTimedSerializer, BadSignature, SignatureExpired
|
|
from fastapi import Request, Response
|
|
from web.config import settings
|
|
|
|
_serializer = URLSafeTimedSerializer(settings.session_secret_key)
|
|
_COOKIE_NAME = "migrator_session"
|
|
_MAX_AGE = 3600 # 1 hour
|
|
|
|
|
|
def get_session(request: Request) -> dict:
|
|
"""Read and verify the session cookie. Returns an empty dict if missing or invalid."""
|
|
raw = request.cookies.get(_COOKIE_NAME)
|
|
if not raw:
|
|
return {}
|
|
try:
|
|
return _serializer.loads(raw, max_age=_MAX_AGE)
|
|
except (BadSignature, SignatureExpired):
|
|
return {}
|
|
|
|
|
|
def save_session(response: Response, data: dict) -> None:
|
|
"""Sign and write session data into a cookie on the response."""
|
|
signed = _serializer.dumps(data)
|
|
response.set_cookie(
|
|
_COOKIE_NAME,
|
|
signed,
|
|
max_age=_MAX_AGE,
|
|
httponly=True,
|
|
samesite="lax",
|
|
)
|
|
|
|
|
|
def clear_session(response: Response) -> None:
|
|
"""Delete the session cookie."""
|
|
response.delete_cookie(_COOKIE_NAME)
|