[DOP-21268] - add SessionSettings

maxim-lixakov · maxim-lixakov · commit 4748ad797e8d · 2024-11-14T14:51:18.000+03:00
diff --git a/.env.docker b/.env.docker
@@ -9,27 +9,28 @@ SYNCMASTER__LOGGING__SETUP=True
 SYNCMASTER__LOGGING__PRESET=colored
 SYNCMASTER__LOG_URL_TEMPLATE=https://grafana.example.com?correlation_id={{ correlation_id }}&run_id={{ run.id }}
 
+# Session
+SYNCMASTER__SERVER__SESSION__SECRET_KEY=session_secret_key
+
 # Encrypt / Decrypt credentials data
 SYNCMASTER__CRYPTO_KEY=UBgPTioFrtH2unlC4XFDiGf5sYfzbdSf_VgiUSaQc94=
 
 # Postgres
 SYNCMASTER__DATABASE__URL=postgresql+asyncpg://syncmaster:changeme@db:5432/syncmaster
 
+# TODO: add to KeycloakAuthProvider documentation about creating new realms, add users, etc.
 # KEYCLOAK Auth
 SYNCMASTER__AUTH__SERVER_URL=http://keycloak:8080/
-SYNCMASTER__AUTH__REALM_NAME=fastapi-realm
-SYNCMASTER__AUTH__CLIENT_ID=fastapi-client
-SYNCMASTER__AUTH__CLIENT_SECRET=VoLrqGz1HGjp6MiwzRaGWIu7z7imKIHb
+SYNCMASTER__AUTH__REALM_NAME=manually_created
+SYNCMASTER__AUTH__CLIENT_ID=manually_created
+SYNCMASTER__AUTH__CLIENT_SECRET=generated_by_keycloak
 SYNCMASTER__AUTH__REDIRECT_URI=http://localhost:8000/v1/auth/callback
-SYNCMASTER__AUTH__ADMIN_REDIRECT_URI=http://localhost:8000/v1/auth/callback
 SYNCMASTER__AUTH__SCOPE=email
-SYNCMASTER__AUTH__KEYCLOAK_INTROSPECTION_DELAY=60
 SYNCMASTER__AUTH__PROVIDER=syncmaster.backend.providers.auth.keycloak_provider.KeycloakAuthProvider
-SYNCMASTER__AUTH__KEYCLOAK_TOKEN_URL=http://keycloak:8080/realms/fastapi-realm/protocol/openid-connect/token
 
 # Dummy Auth
 SYNCMASTER__AUTH__PROVIDER=syncmaster.backend.providers.auth.dummy_provider.DummyAuthProvider
-SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=bae1thahr8Iyaisai0kohvoh1aeg5quu
+SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=secret
 
 # RabbitMQ
 SYNCMASTER__BROKER__URL=amqp://guest:guest@rabbitmq:5672/
diff --git a/.env.local b/.env.local
@@ -9,6 +9,9 @@ export SYNCMASTER__LOGGING__SETUP=True
 export SYNCMASTER__LOGGING__PRESET=colored
 export SYNCMASTER__LOG_URL_TEMPLATE="https://grafana.example.com?correlation_id={{ correlation_id }}&run_id={{ run.id }}"
 
+# Session
+export SYNCMASTER__SERVER__SESSION__SECRET_KEY=session_secret_key
+
 # Encrypt / Decrypt credentials data
 export SYNCMASTER__CRYPTO_KEY=UBgPTioFrtH2unlC4XFDiGf5sYfzbdSf_VgiUSaQc94=
 
@@ -17,7 +20,7 @@ export SYNCMASTER__DATABASE__URL=postgresql+asyncpg://syncmaster:changeme@localh
 
 # Auth
 export SYNCMASTER__AUTH__PROVIDER=syncmaster.backend.providers.auth.dummy_provider.DummyAuthProvider
-export SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=bae1thahr8Iyaisai0kohvoh1aeg5quu
+export SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=secret
 
 # RabbitMQ
 export SYNCMASTER__BROKER__URL=amqp://guest:guest@localhost:5672/
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
@@ -17,7 +17,7 @@ build:
       - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH python -m poetry install --no-root --all-extras --with docs --without dev,test
       - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH python -m poetry show -v
       - python -m pip list -v
-      - SYNCMASTER__DATABASE__URL=postgresql+psycopg://fake:fake@127.0.0.1:5432/fake SYNCMASTER__BROKER__URL=amqp://fake:faket@fake:5672/ SYNCMASTER__CRYPTO_KEY=crypto_key SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=fakepython python -m syncmaster.backend.export_openapi_schema docs/_static/openapi.json
+      - SYNCMASTER__DATABASE__URL=postgresql+psycopg://fake:fake@127.0.0.1:5432/fake SYNCMASTER__SERVER__SESSION__SECRET_KEY=session_secret_key SYNCMASTER__BROKER__URL=amqp://fake:faket@fake:5672/ SYNCMASTER__CRYPTO_KEY=crypto_key SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=fakepython python -m syncmaster.backend.export_openapi_schema docs/_static/openapi.json
 
 sphinx:
   configuration: docs/conf.py
diff --git a/docs/backend/configuration/cors.rst b/docs/backend/configuration/cors.rst
@@ -5,4 +5,4 @@ CORS settings
 
 These settings used to control `CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>`_ options.
 
-.. autopydantic_model:: syncmaster.settings.server.cors.CORSSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.cors.CORSSettings
diff --git a/docs/backend/configuration/index.rst b/docs/backend/configuration/index.rst
@@ -11,6 +11,7 @@ Configuration
     database
     broker
     logging
+    session
     cors
     debug
     monitoring
diff --git a/docs/backend/configuration/monitoring.rst b/docs/backend/configuration/monitoring.rst
@@ -13,4 +13,4 @@ REST API server provides the following endpoints with Prometheus compatible metr
 
 These endpoints are enabled and configured using settings below:
 
-.. autopydantic_model:: syncmaster.settings.server.monitoring.MonitoringSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.monitoring.MonitoringSettings
diff --git a/docs/backend/configuration/openapi.rst b/docs/backend/configuration/openapi.rst
@@ -5,8 +5,8 @@ OpenAPI settings
 
 These settings used to control exposing OpenAPI.json and SwaggerUI/ReDoc endpoints.
 
-.. autopydantic_model:: syncmaster.settings.server.openapi.OpenAPISettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.SwaggerSettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.RedocSettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.LogoSettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.FaviconSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.OpenAPISettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.SwaggerSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.RedocSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.LogoSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.FaviconSettings
diff --git a/docs/backend/configuration/session.rst b/docs/backend/configuration/session.rst
@@ -0,0 +1,8 @@
+.. _backend-configuration-server-session:
+
+Session settings
+================
+
+These settings used to control `Session <https://developer.mozilla.org/en-US/docs/Web/HTTP/Session>`_ options.
+
+.. autopydantic_model:: syncmaster.backend.settings.server.session.SessionSettings
diff --git a/docs/backend/configuration/static_files.rst b/docs/backend/configuration/static_files.rst
@@ -5,4 +5,4 @@ Serving static files
 
 These settings used to control serving static files by a server.
 
-.. autopydantic_model:: syncmaster.settings.server.static_files.StaticFilesSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.static_files.StaticFilesSettings
diff --git a/syncmaster/backend/middlewares/__init__.py b/syncmaster/backend/middlewares/__init__.py
@@ -29,6 +29,6 @@ def apply_middlewares(
     apply_request_id_middleware(application, settings.server.request_id)
     apply_openapi_middleware(application, settings.server.openapi)
     apply_static_files(application, settings.server.static_files)
-    apply_session_middleware(application)
+    apply_session_middleware(application, settings.server.session)
 
     return application
diff --git a/syncmaster/backend/middlewares/session.py b/syncmaster/backend/middlewares/session.py
@@ -1,13 +1,17 @@
 # SPDX-FileCopyrightText: 2023-2024 MTS PJSC
 # SPDX-License-Identifier: Apache-2.0
-import secrets
 
 from fastapi import FastAPI
 from starlette.middleware.sessions import SessionMiddleware
 
+from syncmaster.backend.settings.server.session import SessionSettings
 
-def apply_session_middleware(app: FastAPI) -> FastAPI:
+
+def apply_session_middleware(app: FastAPI, settings: SessionSettings) -> FastAPI:
     """Add SessionMiddleware middleware to the application."""
-    secret_key = secrets.token_urlsafe(32)
-    app.add_middleware(SessionMiddleware, secret_key=secret_key)
+
+    app.add_middleware(
+        SessionMiddleware,
+        **settings.dict(),
+    )
     return app
diff --git a/syncmaster/backend/settings/server/__init__.py b/syncmaster/backend/settings/server/__init__.py
@@ -9,6 +9,7 @@
 from syncmaster.backend.settings.server.monitoring import MonitoringSettings
 from syncmaster.backend.settings.server.openapi import OpenAPISettings
 from syncmaster.backend.settings.server.request_id import RequestIDSettings
+from syncmaster.backend.settings.server.session import SessionSettings
 from syncmaster.backend.settings.server.static_files import StaticFilesSettings
 
 
@@ -36,6 +37,10 @@ class ServerSettings(BaseModel):
     request_id: RequestIDSettings = Field(
         default_factory=RequestIDSettings,
     )
+    session: SessionSettings = Field(
+        default_factory=SessionSettings,  # type: ignore[arg-type]
+        description=":ref:`Session settings <backend-configuration-server-session>`",
+    )
     cors: CORSSettings = Field(
         default_factory=CORSSettings,
         description=":ref:`CORS settings <backend-configuration-server-cors>`",
diff --git a/syncmaster/backend/settings/server/session.py b/syncmaster/backend/settings/server/session.py
@@ -0,0 +1,56 @@
+# SPDX-FileCopyrightText: 2023-2024 MTS PJSC
+# SPDX-License-Identifier: Apache-2.0
+
+
+from pydantic import BaseModel, Field
+
+
+class SessionSettings(BaseModel):
+    """Session Middleware Settings.
+
+    See `SessionMiddleware <https://www.starlette.io/middleware/#sessionmiddleware>`_ documentation.
+
+    .. note::
+
+        You can pass here any extra option supported by ``SessionMiddleware``,
+        even if it is not mentioned in documentation.
+
+    Examples
+    --------
+
+    For development environment:
+
+    .. code-block:: bash
+
+        SYNCMASTER__SERVER__SESSION__SECRET_KEY=secret
+        SYNCMASTER__SERVER__SESSION__SESSION_COOKIE=custom_cookie_name
+        SYNCMASTER__SERVER__SESSION__MAX_AGE=None  # cookie will last as long as the browser session
+        SYNCMASTER__SERVER__SESSION__SAME_SITE=strict
+        SYNCMASTER__SERVER__SESSION__HTTPS_ONLY=True
+        SYNCMASTER__SERVER__SESSION__DOMAIN=example.com
+
+    For production environment:
+
+    .. code-block:: bash
+
+        SYNCMASTER__SERVER__SESSION__SECRET_KEY=secret
+        SYNCMASTER__SERVER__SESSION__HTTPS_ONLY=True
+
+    """
+
+    secret_key: str = Field(description="A random string for signing cookies.")
+    session_cookie: str | None = Field(default="session", description="Name of the session cookie.")
+    max_age: int | None = Field(default=1209600, description="Session expiry time in seconds. Defaults to 2 weeks.")
+    same_site: str | None = Field(
+        default="lax",
+        description="Prevents cookie from being sent with cross-site requests.",
+    )
+    path: str | None = Field(default="/", description="Path to restrict session cookie access.")
+    https_only: bool = Field(default=False, description="Secure flag for HTTPS-only access.")
+    domain: str | None = Field(
+        default=None,
+        description="Domain for sharing cookies between subdomains or cross-domains.",
+    )
+
+    class Config:
+        extra = "allow"

Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,4 @@ CORS settings`
`5`	`5`
`6`	`6`	These settings used to control `CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>`_ options.
`7`	`7`
`8`		`-.. autopydantic_model:: syncmaster.settings.server.cors.CORSSettings`
	`8`	`+.. autopydantic_model:: syncmaster.backend.settings.server.cors.CORSSettings`
Original file line number	Diff line number	Diff line change
`@@ -13,4 +13,4 @@ REST API server provides the following endpoints with Prometheus compatible metr`
`13`	`13`
`14`	`14`	`These endpoints are enabled and configured using settings below:`
`15`	`15`
`16`		`-.. autopydantic_model:: syncmaster.settings.server.monitoring.MonitoringSettings`
	`16`	`+.. autopydantic_model:: syncmaster.backend.settings.server.monitoring.MonitoringSettings`
Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,4 @@ Serving static files`
`5`	`5`
`6`	`6`	`These settings used to control serving static files by a server.`
`7`	`7`
`8`		`-.. autopydantic_model:: syncmaster.settings.server.static_files.StaticFilesSettings`
	`8`	`+.. autopydantic_model:: syncmaster.backend.settings.server.static_files.StaticFilesSettings`