pollutri
/
res_levis_API
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
5 提交
1 分支
203 MiB
 
 
 
 
目录树: 1141c5ca64
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '1141c5ca64'
${ noResults }
res_levis_API/lib/python3.6/site-packages/starlette/middleware/sessions.py

78 行
3.0 KiB
原始文件 Blame 文件历史 

  1. import json

  2. import typing

  3. from base64 import b64decode, b64encode

  4. 

  5. import itsdangerous

  6. from itsdangerous.exc import BadSignature

  7. 

  8. from starlette.datastructures import MutableHeaders, Secret

  9. from starlette.requests import HTTPConnection

  10. from starlette.types import ASGIApp, Message, Receive, Scope, Send

  11. 

  12. 

  13. class SessionMiddleware:

  14.     def __init__(

  15.         self,

  16.         app: ASGIApp,

  17.         secret_key: typing.Union[str, Secret],

  18.         session_cookie: str = "session",

  19.         max_age: int = 14 * 24 * 60 * 60,  # 14 days, in seconds

  20.         same_site: str = "lax",

  21.         https_only: bool = False,

  22.     ) -> None:

  23.         self.app = app

  24.         self.signer = itsdangerous.TimestampSigner(str(secret_key))

  25.         self.session_cookie = session_cookie

  26.         self.max_age = max_age

  27.         self.security_flags = "httponly; samesite=" + same_site

  28.         if https_only:  # Secure flag can be used with HTTPS only

  29.             self.security_flags += "; secure"

  30. 

  31.     async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:

  32.         if scope["type"] not in ("http", "websocket"):  # pragma: no cover

  33.             await self.app(scope, receive, send)

  34.             return

  35. 

  36.         connection = HTTPConnection(scope)

  37.         initial_session_was_empty = True

  38. 

  39.         if self.session_cookie in connection.cookies:

  40.             data = connection.cookies[self.session_cookie].encode("utf-8")

  41.             try:

  42.                 data = self.signer.unsign(data, max_age=self.max_age)

  43.                 scope["session"] = json.loads(b64decode(data))

  44.                 initial_session_was_empty = False

  45.             except BadSignature:

  46.                 scope["session"] = {}

  47.         else:

  48.             scope["session"] = {}

  49. 

  50.         async def send_wrapper(message: Message) -> None:

  51.             if message["type"] == "http.response.start":

  52.                 path = scope.get("root_path", "") or "/"

  53.                 if scope["session"]:

  54.                     # We have session data to persist.

  55.                     data = b64encode(json.dumps(scope["session"]).encode("utf-8"))

  56.                     data = self.signer.sign(data)

  57.                     headers = MutableHeaders(scope=message)

  58.                     header_value = "%s=%s; path=%s; Max-Age=%d; %s" % (

  59.                         self.session_cookie,

  60.                         data.decode("utf-8"),

  61.                         path,

  62.                         self.max_age,

  63.                         self.security_flags,

  64.                     )

  65.                     headers.append("Set-Cookie", header_value)

  66.                 elif not initial_session_was_empty:

  67.                     # The session has been cleared.

  68.                     headers = MutableHeaders(scope=message)

  69.                     header_value = "{}={}; {}".format(

  70.                         self.session_cookie,

  71.                         f"null; path={path}; expires=Thu, 01 Jan 1970 00:00:00 GMT;",

  72.                         self.security_flags,

  73.                     )

  74.                     headers.append("Set-Cookie", header_value)

  75.             await send(message)

  76. 

  77.         await self.app(scope, receive, send_wrapper)