Merge pull request #18 from simcax/dependabot/pip/werkzeug-3.0.6

simcax · web-flow · commit bf0ed2ec8ac3 · 2025-03-23T01:20:59.000+01:00
Bump werkzeug from 2.3.8 to 3.0.6
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -41,4 +41,5 @@ jobs:
       - uses: superfly/flyctl-actions/setup-flyctl@master
       - run: flyctl deploy --remote-only
         env:
-          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+          SESSION_COOKIE_DOMAIN: lf-web.fly.dev
diff --git a/.github/workflows/fly-review.yml b/.github/workflows/fly-review.yml
@@ -44,8 +44,19 @@ jobs:
       - name: Update fly.toml with version
         run: |
           uv run python utils/update_fly_toml.py
+      - name: Modify URL
+        id: modify-url
+        run: |
+          url=${{ steps.deploy.outputs.url }}
+          modified_url=${url#https://}
+          echo "::set-output name=url::$modified_url"
       - name: Deploy PR app to Fly.io
         id: deploy
         uses: superfly/fly-pr-review-apps@1.2.1
         with:
-            secrets: API_USERNAME=${{ secrets.API_USERNAME }} API_PASSWORD=${{ secrets.API_PASSWORD }} ENVIRONMENT_NAME=${{ secrets.ENVIRONMENT_NAME }} REDIS_HOST=${{ secrets.REDIS_HOST }} 
+            secrets: |
+              API_USERNAME=${{ secrets.API_USERNAME }}
+              API_PASSWORD=${{ secrets.API_PASSWORD }}
+              ENVIRONMENT_NAME=${{ secrets.ENVIRONMENT_NAME }}
+              REDIS_HOST=${{ secrets.REDIS_HOST }}
+              SESSION_COOKIE_DOMAIN=${{ steps.modify-url.outputs.url }}
diff --git a/fly.toml b/fly.toml
@@ -11,7 +11,6 @@ dockerfile = "docker/Dockerfile"
 
 [env]
   PORT = "8080"
-  SESSION_COOKIE_DOMAIN = "lf-web.fly.dev"
   SESSION_COOKIE_NAME = "lfweb"
   API_BASE_URL = "https://foreninglet.dk/api/"
   API_VERSION = "version=1"
diff --git a/lfweb/__init__.py b/lfweb/__init__.py
@@ -1,5 +1,6 @@
 """Lejre Fitness Website - Flask App"""
 
+from datetime import timedelta
 from os import environ, urandom
 
 import redis
@@ -50,6 +51,8 @@ def create_app(test_config=None):
         SESSION_COOKIE_SAMESITE="Strict",
         SESSION_COOKIE_DOMAIN=str(environ.get("SESSION_COOKIE_DOMAIN", "127.0.0.1")),
         SESSION_COOKIE_NAME=str(environ.get("SESSION_COOKIE_NAME", site_short_name)),
+        SESSION_COOKIE_HTTPONLY=True,  # Prevents JavaScript access to cookies
+        PERMANENT_SESSION_LIFETIME=timedelta(days=14),  # Controls session expiration
     )
 
     print(secret_key)
diff --git a/pyproject.toml b/pyproject.toml
@@ -7,13 +7,13 @@ requires-python = "~=3.11"
 readme = "README.md"
 
 dependencies = [
-    "Flask==2.3.3",
-    "Flask-Session>=0.5.0,<0.6",
+    "flask>=3.1.0",
+    "flask-session>0.6.0",
     "gunicorn>=23.0.0,<24",
     "Jinja2>=3.1.3,<4",
     "redis>=5.0.1,<6",
     "loguru>=0.7.2,<0.8",
-    "werkzeug==2.3.8",
+    "werkzeug>=3.1.0",
     "foreninglet-data>=0.3.3",
     "markdown>=3.5.2,<4",
     "markupsafe>=2.1.5,<3",
diff --git a/uv.lock b/uv.lock
