Add max_age for short-lived session.

This commit is contained in:
sfigato 2019-09-05 17:57:40 +02:00
parent 1c241d268f
commit f507a26b9d
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
2 changed files with 13 additions and 3 deletions

View File

@ -39,12 +39,16 @@ def init_secret() -> bytes:
return base64.urlsafe_b64decode(fernet_key) return base64.urlsafe_b64decode(fernet_key)
def setup_session(app: web.Application, secure: bool): def setup_session(app: web.Application, secure: bool, max_age: int):
secret = init_secret() secret = init_secret()
setup( setup(
app, app,
EncryptedCookieStorage( EncryptedCookieStorage(
secret_key=secret, cookie_name="BOTZ_SESSION", httponly=False, secure=secure secret_key=secret,
cookie_name="BOTZ_SESSION",
httponly=False,
secure=secure,
max_age=max_age,
), ),
) )
@ -69,7 +73,7 @@ def run(
app["headless"] = conf["headless"] app["headless"] = conf["headless"]
if conf["http"].get("cors_allow"): if conf["http"].get("cors_allow"):
app.on_response_prepare.append(on_prepare_cors) app.on_response_prepare.append(on_prepare_cors)
setup_session(app, conf["http"]["cookie_secure"]) setup_session(app, conf["http"]["cookie_secure"], conf["http"]["session_timeout"])
add_static_routes(alog) add_static_routes(alog)
app.add_routes(routes) app.add_routes(routes)
addr = [] addr = []

View File

@ -24,6 +24,7 @@ def read_conf(path: T.Optional[T.Text]) -> T.Dict:
port: <int, the port to bind to> port: <int, the port to bind to>
cookie_name: <defaults to BOTZ_SESSION> cookie_name: <defaults to BOTZ_SESSION>
cookie_secure: <bool, whether to set Secure cookie flag, defaults to true> cookie_secure: <bool, whether to set Secure cookie flag, defaults to true>
session_timeout: <int, the expiration time of the session ins secs, defaults to 300>
cors_allow: <an optional single allowed Cross Origin domain> cors_allow: <an optional single allowed Cross Origin domain>
""" """
if path is None: if path is None:
@ -90,4 +91,9 @@ def validate_http_log(conf: T.Dict[T.Text, T.Any]) -> T.Dict[T.Text, T.Any]:
conf["http"]["cookie_name"] = "BOTZ_SESSION" conf["http"]["cookie_name"] = "BOTZ_SESSION"
if conf["http"].get("cookie_secure") is None: if conf["http"].get("cookie_secure") is None:
conf["http"]["cookie_secure"] = True conf["http"]["cookie_secure"] = True
if conf["http"].get("session_timeout") is None:
conf["http"]["session_timeout"] = 300
elif isinstance(conf["http"]["session_timeout"], str):
conf["http"]["session_timeout"] = int(conf["http"]["session_timeout"])
return conf return conf