Spaces:
Sleeping
Sleeping
| from fastapi import FastAPI, Request | |
| from fastapi.responses import Response, RedirectResponse | |
| import os | |
| import re | |
| import secrets | |
| app = FastAPI() | |
| COOKIE_NAME = "anon_session" | |
| ADMIN_COOKIE_NAME = "admin_session" | |
| COOKIE_MAX_AGE = 60 * 60 * 24 * 7 # 7 days | |
| SAFE_RE = re.compile(r"^[a-f0-9]{32}$") | |
| ADMIN_BOOTSTRAP_TOKEN = os.getenv("ADMIN_BOOTSTRAP_TOKEN", "") | |
| ADMIN_EMAIL = "admin@demo.local" | |
| ADMIN_NAME = "Rob Admin" | |
| def generate_session_id() -> str: | |
| return secrets.token_hex(16) | |
| def session_to_identity(session_id: str) -> tuple[str, str]: | |
| short_id = session_id[:12] | |
| email = f"anon-{session_id}@demo.local" | |
| name = f"Guest {short_id}" | |
| return email, name | |
| async def bootstrap(request: Request): | |
| token = request.query_params.get("token", "") | |
| if not ADMIN_BOOTSTRAP_TOKEN or token != ADMIN_BOOTSTRAP_TOKEN: | |
| return Response(status_code=403, content="Invalid bootstrap token") | |
| response = RedirectResponse(url="/", status_code=302) | |
| response.set_cookie( | |
| key=ADMIN_COOKIE_NAME, | |
| value="1", | |
| max_age=COOKIE_MAX_AGE, | |
| httponly=True, | |
| samesite="lax", | |
| secure=True, | |
| path="/", | |
| ) | |
| return response | |
| async def logout_admin(): | |
| response = RedirectResponse(url="/", status_code=302) | |
| response.delete_cookie(ADMIN_COOKIE_NAME, path="/") | |
| return response | |
| async def resolve(request: Request): | |
| admin_cookie = request.cookies.get(ADMIN_COOKIE_NAME) | |
| if admin_cookie == "1": | |
| response = Response(status_code=204) | |
| response.headers["X-Auth-Request-Email"] = ADMIN_EMAIL | |
| response.headers["X-Auth-Request-Name"] = ADMIN_NAME | |
| return response | |
| cookie_val = request.cookies.get(COOKIE_NAME) | |
| if not cookie_val or not SAFE_RE.match(cookie_val): | |
| cookie_val = generate_session_id() | |
| new_cookie = True | |
| else: | |
| new_cookie = False | |
| email, name = session_to_identity(cookie_val) | |
| response = Response(status_code=204) | |
| response.headers["X-Auth-Request-Email"] = email | |
| response.headers["X-Auth-Request-Name"] = name | |
| if new_cookie: | |
| response.set_cookie( | |
| key=COOKIE_NAME, | |
| value=cookie_val, | |
| max_age=COOKIE_MAX_AGE, | |
| httponly=True, | |
| samesite="lax", | |
| secure=True, | |
| path="/", | |
| ) | |
| return response | |
| if __name__ == "__main__": | |
| import uvicorn | |
| uvicorn.run(app, host="127.0.0.1", port=9000) | |