feat: integrate Redis for session management

atyrode · atyrode · commit d83a40920ce9 · 2025-05-01T03:01:45.000Z
- Added Redis service to docker-compose for session storage.
- Implemented Redis connection in config.py and updated session management functions.
- Refactored dependencies to utilize Redis for session retrieval and deletion.
- Updated requirements.txt to include Redis library.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -12,6 +12,17 @@ services:
       - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
     network_mode: host
+    
+  redis:
+    image: redis:alpine
+    container_name: redis
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    restart: unless-stopped
+    command: redis-server --save 60 1 --loglevel warning
+    network_mode: host
 
   keycloak:
     image: quay.io/keycloak/keycloak:25.0
@@ -73,6 +84,8 @@ services:
       - POSTGRES_DB=${POSTGRES_DB}
       - POSTGRES_HOST=localhost
       - POSTGRES_PORT=${POSTGRES_PORT}
+      - REDIS_HOST=localhost
+      - REDIS_PORT=6379
       - CODER_API_KEY=${CODER_API_KEY}
       - CODER_URL=http://localhost:${CODER_PORT}
       - CODER_TEMPLATE_ID=${CODER_TEMPLATE_ID}
@@ -81,3 +94,4 @@ services:
 
 volumes:
   postgres_data:
+  redis_data:
diff --git a/src/backend/config.py b/src/backend/config.py
@@ -1,4 +1,7 @@
 import os
+import json
+import redis
+from typing import Optional, Dict, Any
 from dotenv import load_dotenv
 
 load_dotenv()
@@ -14,7 +17,34 @@
     'redirect_uri': os.getenv('REDIRECT_URI')
 }
 
-sessions = {}
+# Redis connection
+redis_client = redis.Redis(
+    host=os.getenv('REDIS_HOST', 'localhost'),
+    port=int(os.getenv('REDIS_PORT', 6379)),
+    db=0,
+    decode_responses=True
+)
+
+# Session management functions
+def get_session(session_id: str) -> Optional[Dict[str, Any]]:
+    """Get session data from Redis"""
+    session_data = redis_client.get(f"session:{session_id}")
+    if session_data:
+        return json.loads(session_data)
+    return None
+
+def set_session(session_id: str, data: Dict[str, Any], expiry: int = 86400) -> None:
+    """Store session data in Redis with expiry in seconds (default 24 hours)"""
+    redis_client.setex(
+        f"session:{session_id}", 
+        expiry,
+        json.dumps(data)
+    )
+
+def delete_session(session_id: str) -> None:
+    """Delete session data from Redis"""
+    redis_client.delete(f"session:{session_id}")
+
 provisioning_times = {}
 
 def get_auth_url() -> str:
diff --git a/src/backend/dependencies.py b/src/backend/dependencies.py
@@ -1,7 +1,7 @@
 from typing import Optional
 from fastapi import Request, HTTPException, Depends
 
-from config import sessions
+from config import get_session
 
 class SessionData:
     def __init__(self, access_token: str, token_data: dict):
@@ -15,7 +15,7 @@ def __init__(self, auto_error: bool = True):
     async def __call__(self, request: Request) -> Optional[SessionData]:
         session_id = request.cookies.get('session_id')
         
-        if not session_id or session_id not in sessions:
+        if not session_id:
             if self.auto_error:
                 raise HTTPException(
                     status_code=401,
@@ -24,7 +24,15 @@ async def __call__(self, request: Request) -> Optional[SessionData]:
                 )
             return None
             
-        session = sessions[session_id]
+        session = get_session(session_id)
+        if not session:
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=401,
+                    detail="Not authenticated",
+                    headers={"WWW-Authenticate": "Bearer"},
+                )
+            return None
         return SessionData(
             access_token=session.get('access_token'),
             token_data=session
diff --git a/src/backend/requirements.txt b/src/backend/requirements.txt
@@ -8,3 +8,4 @@ PyJWT
 requests
 sqlalchemy
 posthog
+redis
diff --git a/src/backend/routers/auth.py b/src/backend/routers/auth.py
@@ -5,7 +5,7 @@
 from fastapi.responses import RedirectResponse, FileResponse
 import os
 
-from config import get_auth_url, get_token_url, OIDC_CONFIG, sessions, STATIC_DIR
+from config import get_auth_url, get_token_url, OIDC_CONFIG, set_session, delete_session, STATIC_DIR
 from dependencies import SessionData, require_auth
 from coder import CoderAPI
 
@@ -48,8 +48,9 @@ async def callback(request: Request, code: str, state: str = "default"):
         if token_response.status_code != 200:
             raise HTTPException(status_code=400, detail="Auth failed")
         
-        sessions[session_id] = token_response.json()
-        access_token = token_response.json()['access_token']
+        token_data = token_response.json()
+        set_session(session_id, token_data)
+        access_token = token_data['access_token']
         user_info = jwt.decode(access_token, options={"verify_signature": False})
         
         try:
@@ -69,8 +70,8 @@ async def callback(request: Request, code: str, state: str = "default"):
 @auth_router.get("/logout")
 async def logout(request: Request):
     session_id = request.cookies.get('session_id')
-    if session_id in sessions:
-        del sessions[session_id]
+    if session_id:
+        delete_session(session_id)
     
     # Create a response that doesn't redirect but still clears the cookie
     from fastapi.responses import JSONResponse
