etiquette/frontends/etiquette_flask/etiquette_flask/sessions.py

import flask; from flask import request
import functools
import math
import os
import werkzeug.wrappers

import etiquette

def _generate_token(length=32):
    randbytes = os.urandom(math.ceil(length / 2))
    token = ''.join('{:02x}'.format(x) for x in randbytes)
    token = token[:length]
    return token

def _normalize_token(token):
    if isinstance(token, flask.Request):
        token = token.cookies.get('etiquette_session', None)
    return token


class SessionManager:
    def __init__(self):
        self.sessions = {}

    def add(self, session):
        self.sessions[session.token] = session

    def get(self, token):
        token = _normalize_token(token)
        session = self.sessions.get(token, None)
        return session

    def give_token(self, function):
        '''
        This decorator ensures that the user has an `etiquette_session` cookie
        before reaching the request handler.
        If the user does not have the cookie, they are given one.
        If they do, its lifespan is reset.
        '''
        @functools.wraps(function)
        def wrapped(*args, **kwargs):
            # Inject new token so the function doesn't know the difference
            token = request.cookies.get('etiquette_session', None)
            if not token:
                token = _generate_token()
                request.cookies = dict(request.cookies)
                request.cookies['etiquette_session'] = token

            response = function(*args, **kwargs)
            if not isinstance(response, (flask.Response, werkzeug.wrappers.Response)):
                response = flask.Response(response)

            # Send the token back to the client
            # but only if the endpoint didn't manually set the cookie.
            for (headerkey, value) in response.headers:
                if headerkey == 'Set-Cookie' and value.startswith('etiquette_session='):
                    break
            else:
                response.set_cookie('etiquette_session', value=token, max_age=86400)
                self.maintain(token)

            return response
        return wrapped

    def maintain(self, token):
        session = self.get(token)
        if session:
            session.maintain()

    def remove(self, token):
        token = _normalize_token(token)
        if token in self.sessions:
            self.sessions.pop(token)

class Session:
    def __init__(self, request, user):
        self.token = _normalize_token(request)
        self.user = user
        self.ip_address = request.remote_addr
        self.user_agent = request.headers.get('User-Agent', '')
        self.last_activity = int(etiquette.helpers.now())

    def maintain(self):
        self.last_activity = int(etiquette.helpers.now())
Use urandom instead of uuid for session id. 2018-01-13 23:49:14 +00:00			`import flask; from flask import request`
very early session and registration support 2016-12-18 13:12:14 +00:00			`import functools`
Use urandom instead of uuid for session id. 2018-01-13 23:49:14 +00:00			`import math`
			`import os`
Include werkzeug Response type in typecheck. 2017-09-18 21:10:25 +00:00			`import werkzeug.wrappers`
very early session and registration support 2016-12-18 13:12:14 +00:00
Don't use `from etiquette import`. 2018-01-14 00:12:52 +00:00			`import etiquette`
Move modules into an actual package 2017-02-05 03:55:13 +00:00
Use urandom instead of uuid for session id. 2018-01-13 23:49:14 +00:00			`def _generate_token(length=32):`
			`randbytes = os.urandom(math.ceil(length / 2))`
			`token = ''.join('{:02x}'.format(x) for x in randbytes)`
			`token = token[:length]`
very early session and registration support 2016-12-18 13:12:14 +00:00			`return token`

			`def _normalize_token(token):`
			`if isinstance(token, flask.Request):`
			`token = token.cookies.get('etiquette_session', None)`
Oops, fix missing return statement. That would cause problems. 2018-01-14 00:14:01 +00:00			`return token`
Improve separation between front & back with etiquette_flask package Move flask-specific operations out of etiquette's files and into new etiquette_flask. In etiquette_site.py, etiquette calls are fully qualified. 2017-05-02 04:23:16 +00:00

very early session and registration support 2016-12-18 13:12:14 +00:00			`class SessionManager:`
			`def __init__(self):`
			`self.sessions = {}`

			`def add(self, session):`
			`self.sessions[session.token] = session`

			`def get(self, token):`
			`token = _normalize_token(token)`
Use urandom instead of uuid for session id. 2018-01-13 23:49:14 +00:00			`session = self.sessions.get(token, None)`
			`return session`
very early session and registration support 2016-12-18 13:12:14 +00:00
			`def give_token(self, function):`
			`'''`
			This decorator ensures that the user has an `etiquette_session` cookie
			`before reaching the request handler.`
			`If the user does not have the cookie, they are given one.`
			`If they do, its lifespan is reset.`
			`'''`
			`@functools.wraps(function)`
			`def wrapped(args, *kwargs):`
			`# Inject new token so the function doesn't know the difference`
			`token = request.cookies.get('etiquette_session', None)`
			`if not token:`
			`token = _generate_token()`
			`request.cookies = dict(request.cookies)`
			`request.cookies['etiquette_session'] = token`

			`response = function(args, *kwargs)`
Include werkzeug Response type in typecheck. 2017-09-18 21:10:25 +00:00			`if not isinstance(response, (flask.Response, werkzeug.wrappers.Response)):`
very early session and registration support 2016-12-18 13:12:14 +00:00			`response = flask.Response(response)`

			`# Send the token back to the client`
			`# but only if the endpoint didn't manually set the cookie.`
			`for (headerkey, value) in response.headers:`
			`if headerkey == 'Set-Cookie' and value.startswith('etiquette_session='):`
			`break`
			`else:`
			`response.set_cookie('etiquette_session', value=token, max_age=86400)`
			`self.maintain(token)`

			`return response`
			`return wrapped`

			`def maintain(self, token):`
			`session = self.get(token)`
			`if session:`
			`session.maintain()`

			`def remove(self, token):`
			`token = _normalize_token(token)`
			`if token in self.sessions:`
			`self.sessions.pop(token)`

			`class Session:`
			`def __init__(self, request, user):`
			`self.token = _normalize_token(request)`
			`self.user = user`
			`self.ip_address = request.remote_addr`
			`self.user_agent = request.headers.get('User-Agent', '')`
Don't use `from etiquette import`. 2018-01-14 00:12:52 +00:00			`self.last_activity = int(etiquette.helpers.now())`
very early session and registration support 2016-12-18 13:12:14 +00:00
			`def maintain(self):`
Don't use `from etiquette import`. 2018-01-14 00:12:52 +00:00			`self.last_activity = int(etiquette.helpers.now())`