[DOP-26758] Allow disabling SessionMiddleware

dolfinus · dolfinus · commit 8df3c622d944 · 2025-11-13T14:00:23.000+03:00
diff --git a/docs/changelog/next_release/+.feature.rst b/docs/changelog/next_release/+.feature.rst
@@ -0,0 +1 @@
+Allow disabling ``SessionMiddleware``, as it only required by ``KeycloakAuthProvider``.
diff --git a/syncmaster/server/middlewares/session.py b/syncmaster/server/middlewares/session.py
@@ -9,9 +9,11 @@
 
 def apply_session_middleware(app: FastAPI, settings: SessionSettings) -> FastAPI:
     """Add SessionMiddleware middleware to the application."""
+    if not settings.enabled:
+        return app
 
-    settings_dict = settings.model_dump(exclude={"secret_key"})
-    settings_dict["secret_key"] = settings.secret_key.get_secret_value()
+    settings_dict = settings.model_dump(exclude={"secret_key", "enabled"})
+    settings_dict["secret_key"] = settings.secret_key.get_secret_value()  # type: ignore[union-attr]
 
     app.add_middleware(SessionMiddleware, **settings_dict)
     return app
diff --git a/syncmaster/server/services/get_user.py b/syncmaster/server/services/get_user.py
@@ -42,8 +42,8 @@ async def wrapper(
         elif oauth_token:
             # DummyAuth stores token in "Authorization" header
             access_token = oauth_token
-        elif "access_token" in request.session:
-            # KeyaockAuth patches session and store access_token in cookie
+        elif "session" in request.scope and "access_token" in request.session:
+            # KeycloakAuth patches session and store access_token in cookie
             access_token = request.session["access_token"]
 
         user = await auth_provider.get_current_user(
diff --git a/syncmaster/server/settings/server/session.py b/syncmaster/server/settings/server/session.py
@@ -4,12 +4,21 @@
 
 import textwrap
 
-from pydantic import BaseModel, ConfigDict, Field, SecretStr
+from pydantic import (
+    BaseModel,
+    ConfigDict,
+    Field,
+    SecretStr,
+    ValidationInfo,
+    field_validator,
+)
 
 
 class SessionSettings(BaseModel):
     """Session Middleware Settings.
 
+    Required for :ref:`keycloak-auth-provider`.
+
     See `SessionMiddleware <https://www.starlette.io/middleware/#sessionmiddleware>`_ documentation.
 
     .. note::
@@ -27,6 +36,7 @@ class SessionSettings(BaseModel):
 
         server:
             session:
+                enabled: true
                 secret_key: cookie_secret
                 session_cookie: custom_cookie_name
                 max_age: null
@@ -41,6 +51,7 @@ class SessionSettings(BaseModel):
 
         server:
             session:
+                enabled: true
                 secret_key: cookie_secret
                 session_cookie: custom_cookie_name
                 max_age: 3600
@@ -50,7 +61,12 @@ class SessionSettings(BaseModel):
 
     """
 
-    secret_key: SecretStr = Field(
+    enabled: bool = Field(
+        default=True,
+        description="Set to ``True`` to enable SessionMiddleware",
+    )
+    secret_key: SecretStr | None = Field(
+        default=None,
         description=textwrap.dedent(
             """
             Secret key for encrypting cookies.
@@ -83,3 +99,9 @@ class SessionSettings(BaseModel):
     )
 
     model_config = ConfigDict(extra="allow")
+
+    @field_validator("secret_key")
+    def _validate_secret_key(cls, value: SecretStr | None, info: ValidationInfo) -> SecretStr | None:
+        if not value and info.data.get("enabled"):
+            raise ValueError("secret_key is required")
+        return value

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Allow disabling ``SessionMiddleware``, as it only required by ``KeycloakAuthProvider``.