fastapi-htmx-google-oauth's People
Forkers
solvereturfastapi-htmx-google-oauth's Issues
Authorize button in the swagger interface can not override existing "Cookie: session_id" .
- If there is no existing "Cookie: session_id", the swagger authorize button can perfectly set and remove cookies.
- It seems the Swagger UI's authorize button has no control over cookies set via "Set-cookie" header from the server.
Ref: Swagger UI implementation
export const authorize = (oriAction, system) => (payload) => {
oriAction(payload)
const configs = system.getConfigs()
if (!configs.persistAuthorization) return
// create cookie
try {
const [{ schema, value }] = Object.values(payload)
const isApiKeyAuth = schema.get("type") === "apiKey"
const isInCookie = schema.get("in") === "cookie"
const isApiKeyInCookie = isApiKeyAuth && isInCookie
if (isApiKeyInCookie) {
document.cookie = `${schema.get("name")}=${value}; SameSite=None; Secure`
}
} catch (error) {
console.error(
"Error persisting cookie based apiKey in document.cookie.",
error
)
}
}
export const logout = (oriAction, system) => (payload) => {
const configs = system.getConfigs()
const authorized = system.authSelectors.authorized()
// deleting cookie
try {
if (configs.persistAuthorization && Array.isArray(payload)) {
payload.forEach((authorizedName) => {
const auth = authorized.get(authorizedName, {})
const isApiKeyAuth = auth.getIn(["schema", "type"]) === "apiKey"
const isInCookie = auth.getIn(["schema", "in"]) === "cookie"
const isApiKeyInCookie = isApiKeyAuth && isInCookie
if (isApiKeyInCookie) {
const cookieName = auth.getIn(["schema", "name"])
document.cookie = `${cookieName}=; Max-Age=-99999999`
}
})
}
} catch (error) {
console.error(
"Error deleting cookie based apiKey from document.cookie.",
error
)
}
oriAction(payload)
}
Popover on the menu button stops working after sign-in/sign-out.
- It works after initial page load or pull page reload.
- It stops working after sign-in/sign-out.
Sessions are abandoned permanently in DB
Unless users hit the logout button, i.e., access the /auth/logout endpoint, sessions remain in the database permanently.
We need to implement session clean up function and probably run it ocassionaly.
Current session record lacks creation date, expiration date etc..
Ref.
Swagger UI needs dependency on oauth2_scheme.
The dummy dependency like the following prohibits access to the protected pages even for an authenticated user.
async def is_authenticated(session_id: Annotated[str | None, Cookie()] = None, ds: Session = Depends(get_db), cs: Session = Depends(get_cache), dummy: str = Depends(oauth2_scheme)):
I really need to understand how dependency work in this case.
Secret Page is still shown after logout
On the protected page, logout/sign-out should trigger redirect or trigger hx-get to top page.
After session has expired, any action on the restricted page should kick out the user
- We can use FastAPI's Middleware to check if there is session_id in the cookie.
- We should somehow trigger the front end to fire hx-get Navbar and "Session expired" page.
- We might be able to set HX-Trigger in the header, somewhere in the flow.
- Every restricted page should have re-loader that will fire hx-get upon receiving designated HX-Trigger parameter.
- Further consideration is needed as to how to efficiently implement this mechanism.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.