async def _get_record_resonse( dataframe: pd.DataFrame, accept: Optional[str], ) -> Response: if accept == "application/x-numpy": from numpy.lib.format import write_array stream = io.BytesIO() write_array(stream, np.array(dataframe.values.tolist())) return Response( content=stream.getvalue(), media_type=accept, ) if accept == "text/csv": return Response( content=dataframe.to_csv().encode(), media_type=accept, ) if accept == "application/x-parquet": stream = io.BytesIO() dataframe.to_parquet(stream) return Response( content=stream.getvalue(), media_type=accept, ) else: if dataframe.values.shape[0] == 1: content = dataframe.values[0].tolist() else: content = dataframe.values.tolist() return Response( content=json.dumps(content), media_type="application/json", )
def show_detailed(loan_id: int, authorization: str = Header(None)): request_cost = 5 headers = {'x-request-cost': str(request_cost)} with LazyItgs() as itgs: user_id, _, perms = users.helper.get_permissions_from_header( itgs, authorization, (helper.DELETED_LOANS_PERM, helper.VIEW_ADMIN_EVENT_AUTHORS_PERM, *ratelimit_helper.RATELIMIT_PERMISSIONS)) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers=headers) basic = helper.get_basic_loan_info(itgs, loan_id, perms) if basic is None: return Response(status_code=404, headers=headers) events = helper.get_loan_events(itgs, loan_id, perms) etag = helper.calculate_etag(itgs, loan_id) headers['etag'] = etag headers['Cache-Control'] = 'public, max-age=604800' return JSONResponse(status_code=200, content=models.DetailedLoanResponse( events=events, basic=basic).dict(), headers=headers)
def ratelimit(authorization: str = Header(None)): """This function returns the current state of the logged in users ratelimit. Note that the ratelimit status can and will change as requests come in. """ if authorization is None: return Response(status_code=401) with LazyItgs() as itgs: _, user_id = users.helper.check_permissions_from_header( itgs, authorization, []) if user_id is None: return Response(status_code=403) user_specific_settings = lbshared.user_settings.get_settings( itgs, user_id) default_settings = ratelimit_helper.USER_RATELIMITS settings = lbshared.ratelimits.Settings( collection_name=default_settings.collection_name, max_tokens=user_specific_settings.ratelimit_max_tokens or default_settings.max_tokens, refill_amount=(user_specific_settings.ratelimit_refill_amount or default_settings.refill_amount), refill_time_ms=(user_specific_settings.ratelimit_refill_time_ms or default_settings.refill_time_ms), strict=(default_settings.strict if user_specific_settings.ratelimit_strict is None else user_specific_settings.ratelimit_strict)) return _ratelimit_from_key_and_settings(itgs, str(user_id), settings)
async def register(response: Response, email: str = Form(...), password: str = Form(...), confirmPassword: str = Form(...), gender: str = Form(...), phoneNo: str = Form(...), firstname: str = Form(...), lastname: str = Form(...)): async with AsyncClient() as client: data = await client.post(f"{API_WEBSITE_URL}/register", json={ "firstname": firstname, "lastname": lastname, "email": email, "phoneNo": phoneNo, "gender": gender, "confirmPassword": confirmPassword, "password": password, "email_verify_url": WEBSITE_URL }) if data.status_code == 201: response = RedirectResponse("/login", status_code=302) response.set_cookie(key="message", value=data.text, max_age=1) return response response = RedirectResponse("/register", status_code=302) response.set_cookie(key="error", value=data.text, max_age=1) return response
async def get_ensemble_record( *, res: LibresFacade = Depends(get_res), name: str, ensemble_id: UUID, accept: str = Header("application/json"), realization_index: Optional[int] = None, label: Optional[str] = None, ) -> Any: ensemble_name = get_name("ensemble", ensemble_id) dataframe = data_for_key(ensemble_name, name, realization_index) if realization_index is not None: # dataframe.loc returns a Series, and when we reconstruct a DataFrame from a Series, it defaults to be # oriented the wrong way, so we must transpose it dataframe = pd.DataFrame(dataframe.loc[realization_index]).T if accept == "application/x-parquet": dataframe.columns = [str(s) for s in dataframe.columns] stream = io.BytesIO() dataframe.to_parquet(stream) return Response( content=stream.getvalue(), media_type=accept, ) else: return Response( content=dataframe.to_csv().encode(), media_type="text/csv", )
def show_user_history_event(req_user_id: int, event_id: int, authorization=Header(None)): if authorization is None: return Response(status_code=401) request_cost = 1 headers = {'x-request-cost': str(request_cost)} with LazyItgs() as itgs: user_id, _, perms = helper.get_permissions_from_header( itgs, authorization, (settings_helper.VIEW_OTHERS_SETTINGS_PERMISSION, settings_helper.VIEW_SETTING_CHANGE_AUTHORS_PERMISSION, *ratelimit_helper.RATELIMIT_PERMISSIONS)) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers=headers) if user_id is None: return Response(status_code=404, headers=headers) can_see_others_settings = settings_helper.VIEW_OTHERS_SETTINGS_PERMISSION in perms can_see_change_authors = settings_helper.VIEW_SETTING_CHANGE_AUTHORS_PERMISSION in perms changer_users = Table('users').as_('changer_users') events = Table('user_settings_events') query = (Query.from_(events).join(changer_users).on( changer_users.id == events.changer_user_id).select( events.user_id, events.changer_user_id, changer_users.username, events.property_name, events.old_value, events.new_value, events.created_at).where(events.id == Parameter('%s'))) args = [event_id] if not can_see_others_settings: query = query.where(events.user_id == Parameter('%s')) args.append(user_id) itgs.read_cursor.execute(query.get_sql(), args) row = itgs.read_cursor.fetchone() if row is None: return Response(status_code=404, headers=headers) (event_user_id, event_changer_user_id, event_changer_username, event_property_name, event_old_value, event_new_value, event_created_at) = row event = settings_models.UserSettingsEvent( name=event_property_name, old_value=json.loads(event_old_value), new_value=json.loads(event_new_value), username=(event_changer_username if (event_changer_user_id == user_id or can_see_change_authors) else None), occurred_at=event_created_at.timestamp()) headers['Cache-Control'] = 'private, max-age=604800, immutable' return JSONResponse(status_code=200, content=event.dict(), headers=headers)
def index_permissions(id: int, authorization=Header(None)): if authorization is None: return Response(status_code=401) request_cost = 50 with LazyItgs() as itgs: user_id, _, perms = users.helper.get_permissions_from_header( itgs, authorization, (helper.VIEW_OTHERS_AUTHENTICATION_METHODS_PERM, helper.CAN_VIEW_DELETED_AUTHENTICATION_METHODS_PERM, *ratelimit_helper.RATELIMIT_PERMISSIONS)) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers={'x-request-cost': str(request_cost)}) if user_id is None: return Response(status_code=403, headers={'x-request-cost': str(request_cost)}) can_view_others_auth_methods = helper.VIEW_OTHERS_AUTHENTICATION_METHODS_PERM in perms can_view_deleted_auth_methods = helper.CAN_VIEW_DELETED_AUTHENTICATION_METHODS_PERM in perms auth_methods = Table('password_authentications') auth_perms = Table('password_auth_permissions') permissions = Table('permissions') query = (Query.from_(auth_methods).select( permissions.name).join(auth_perms).on( auth_perms.password_authentication_id == auth_methods.id).join( permissions).on( permissions.id == auth_perms.permission_id).where( auth_methods.deleted.eq(False)).where( auth_methods.id == Parameter('%s'))) args = [id] if not can_view_others_auth_methods: query = query.where(auth_methods.user_id == Parameter('%s')) args.append(user_id) if not can_view_deleted_auth_methods: query = query.where(auth_methods.deleted.eq(False)) itgs.read_cursor.execute(query.get_sql(), args) result = [] row = itgs.read_cursor.fetchone() while row is not None: result.append(row[0]) row = itgs.read_cursor.fetchone() return JSONResponse( status_code=200, headers={ 'x-request-cost': str(request_cost), 'Cache-Control': 'private, max-age=60, stale-while-revalidate=540' }, content=models.AuthMethodPermissions(granted=result).dict())
def token_endpoint(request: Request, response: Response): message = json.loads(request.body) grant_type = message.get("grant_type") if not grant_type or grant_type != "authorization_code": response.status_code = status.HTTP_400_BAD_REQUEST return response session_id = message.get("code") if not session_id: response.status_code = status.HTTP_400_BAD_REQUEST return response session = get_object_or_404(AuthSession, id=session_id) if not session.presentation_request_satisfied: response.status_code = status.HTTP_400_BAD_REQUEST return response try: token = create_id_token(session) session.delete() except Exception as e: LOGGER.warning(f"Error creating token for {session_id}: {e}") response.status_code = status.HTTP_503_SERVICE_UNAVAILABLE return response # Add CorsOrigin with cors_allow_any? data = { "access_token": "invalid", "id_token": token, "token_type": "Bearer" } return JSONResponse(data)
def document_download( document_id: str, patient_record: PatientRecord = Depends(_get_patientrecord), audit: Auditer = Depends(get_auditer), ): """Retreive a specific patient's document file""" document: Optional[Document] = patient_record.documents.filter( Document.id == document_id).first() if not document: raise HTTPException(404, detail="Document not found") audit.add_event( Resource.DOCUMENT, document_id, RecordOperation.READ, parent=audit.add_event(Resource.PATIENT_RECORD, patient_record.pid, RecordOperation.READ), ) media_type: str stream: bytes filename: str if not document.filetype: media_type = "text/csv" stream = (document.notetext or "").encode() filename = f"{document.documentname}.txt" else: media_type = document.filetype stream = document.stream or b"" filename = document.filename or document.documentname or "NoFileName" response = Response(content=stream, media_type=media_type) response.headers[ "Content-Disposition"] = f"attachment; filename={filename}" return response
def index(authorization=Header(None)): request_cost = 25 with LazyItgs() as itgs: user_id, provided, perms = users.helper.get_permissions_from_header( itgs, authorization, ratelimit_helper.RATELIMIT_PERMISSIONS) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers={'x-request-cost': str(request_cost)}) if provided and user_id is None: return Response(status_code=403, headers={'x-request-cost': str(request_cost)}) permissions = Table('permissions') itgs.read_cursor.execute( Query.from_(permissions).select(permissions.name).get_sql(), []) result = [] row = itgs.read_cursor.fetchone() while row is not None: result.append(row[0]) row = itgs.read_cursor.fetchone() return JSONResponse( status_code=200, content=models.PermissionsList(permissions=result).dict(), headers={ 'x-request-cost': str(request_cost), 'cache-control': 'public, max-age=604800, stale-while-revalidate=604800' })
def show(id: int, authorization=Header(None)): if authorization is None: return Response(status_code=401) request_cost = 1 with LazyItgs() as itgs: user_id, _, perms = users.helper.get_permissions_from_header( itgs, authorization, (helper.VIEW_OTHERS_AUTHENTICATION_METHODS_PERM, helper.CAN_VIEW_DELETED_AUTHENTICATION_METHODS_PERM, *ratelimit_helper.RATELIMIT_PERMISSIONS)) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers={'x-request-cost': str(request_cost)}) if user_id is None: return Response(status_code=403, headers={'x-request-cost': str(request_cost)}) can_view_others_auth_methods = helper.VIEW_OTHERS_AUTHENTICATION_METHODS_PERM in perms can_view_deleted_auth_methods = helper.CAN_VIEW_DELETED_AUTHENTICATION_METHODS_PERM in perms auth_methods = Table('password_authentications') query = (Query.from_(auth_methods).select( auth_methods.human, auth_methods.deleted).where(auth_methods.id == Parameter('%s'))) args = [id] if not can_view_others_auth_methods: query = query.where(auth_methods.user_id == Parameter('%s')) args.append(user_id) if not can_view_deleted_auth_methods: query = query.where(auth_methods.deleted.eq(False)) itgs.read_cursor.execute(query.get_sql(), args) row = itgs.read_cursor.fetchone() if row is None: return Response(status_code=404, headers={'x-request-cost': str(request_cost)}) (main, deleted) = row authtokens = Table('authtokens') itgs.read_cursor.execute( Query.from_(authtokens).select(Count( Star())).where(authtokens.expires_at < Now()).where( authtokens.source_type == Parameter('%s')).where( authtokens.source_id == Parameter('%s')).get_sql(), ('password_authentication', id)) (active_grants, ) = itgs.read_cursor.fetchone() return JSONResponse(status_code=200, content=models.AuthMethod( main=main, deleted=deleted, active_grants=active_grants).dict(), headers={'x-request-cost': str(request_cost)})
async def trivia_end(key: str = None): if key != web_api_key: return Response(status_code=403) print("Trivia ended") await send_command_to_bot("trivia", ["end"]) return Response(status_code=204)
def me(user_id: int, authorization: str = Header(None)): """Get an extremely small amount of information about the user specified in the token. This endpoint is expected to be used for the client verifying tokens and will indicate so in the cache-control.""" authtoken = helper.get_authtoken_from_header(authorization) if authtoken is None: return Response(status_code=403) with LazyItgs() as itgs: info = helper.get_auth_info_from_token_auth( itgs, models.TokenAuthentication(token=authtoken), require_user_id=user_id) if info is None: return Response(status_code=403) auth_id, authed_user_id, expires_at = info[:3] users = Table('users') itgs.read_cursor.execute( Query.from_(users).select( users.username).where(users.id == Parameter('%s')).get_sql(), (authed_user_id, )) (username, ) = itgs.read_cursor.fetchone() return JSONResponse( status_code=200, content=models.UserShowSelfResponse(username=username).dict(), headers={ 'Cache-Control': helper.cache_control_for_expires_at(expires_at, try_refresh_every=60) })
async def get_media(path: str, request: Request): path = Path('/media').joinpath(path) if not path.exists(): return Response(status_code=HTTPStatus.NOT_FOUND) if range_header := request.headers.get('Range'): size = path.stat().st_size try: start, end = range_header.strip('bytes=').split('-') start = int(start) end = size - 1 if end == '' else int(end) chunk_size = end - start + 1 if chunk_size <= 0: raise ValueError except ValueError: return Response(status_code=HTTPStatus.REQUESTED_RANGE_NOT_SATISFIABLE) async with aiofiles.open(path, mode='rb') as file: await file.seek(start) chunk = await file.read(chunk_size) return Response(chunk, status_code=HTTPStatus.PARTIAL_CONTENT, headers={ 'Accept-Ranges': 'bytes', 'Content-Range': f'bytes {start}-{end}/{size}', 'Content-Length': str(chunk_size), })
async def discovery_response( version: str, xds_type: discovery.DiscoveryTypes, discovery_request: DiscoveryRequest = Body(...), host: str = Header("no_host_provided"), ) -> Response: discovery_request.desired_controlplane = host response = await perform_discovery(discovery_request, version, xds_type, skip_auth=False) logs.queue_log_fields( XDS_RESOURCES=discovery_request.resource_names, XDS_ENVOY_VERSION=discovery_request.envoy_version, XDS_CLIENT_VERSION=discovery_request.version_info, XDS_SERVER_VERSION=response.version, ) headers = response_headers(discovery_request, response, xds_type) if response.version == discovery_request.version_info: return not_modified(headers) elif getattr(response, "resources", None) == []: return Response(status_code=404, headers=headers) elif response.version != discovery_request.version_info: return Response(response.rendered, headers=headers, media_type="application/json") return Response(content="Resources could not be determined", status_code=500)
async def add_user( user: UserIn_Pydantic, response: Response, ): user = await models.User.create(**user.dict()) response.set_cookie(settings.USER_COOKIES_NAME, user.id) return await User_Pydantic.from_tortoise_orm(user)
def test_amqp(): with LazyItgs() as itgs: itgs.channel.queue_declare(queue='hello') pub_body = secrets.token_urlsafe(16) itgs.channel.basic_publish(exchange='', routing_key='hello', body=pub_body.encode('utf-8'), mandatory=True) for mf, props, body_bytes in itgs.channel.consume( 'hello', inactivity_timeout=1): if mf is None: itgs.logger.print(Level.WARN, 'test_amqp reached inactivity timeout') itgs.channel.cancel() return Response( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR) itgs.channel.basic_ack(mf.delivery_tag) con_body = body_bytes.decode('utf-8') if con_body != pub_body: itgs.logger.print(Level.WARN, 'test_amqp expected response {} but got {}', pub_body, con_body) continue itgs.channel.cancel() return Response(status_code=status.HTTP_200_OK)
def show(permission: str, authorization=Header(None)): request_cost = 1 with LazyItgs() as itgs: user_id, provided, perms = users.helper.get_permissions_from_header( itgs, authorization, ratelimit_helper.RATELIMIT_PERMISSIONS) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers={'x-request-cost': str(request_cost)}) if provided and user_id is None: return Response(status_code=403, headers={'x-request-cost': str(request_cost)}) permissions = Table('permissions') itgs.read_cursor.execute( Query.from_(permissions).select(permissions.description).where( permissions.name == Parameter('%s')).get_sql(), (permission, )) row = itgs.read_cursor.fetchone() if row is None: return Response(status_code=400, headers={'x-request-cost': str(request_cost)}) return JSONResponse( status_code=200, headers={ 'x-request-cost': str(request_cost), 'cache-control': 'public, max-age=604800, stale-while-revalidate=604800' }, content=models.Permission(description=row[0]).dict())
async def set_cookie(response: Response, key, value, expires, path, domain, secure, http_only, same_site): response.delete_cookie(key) # Delete earlier cookies if CookieConfig.get_instance().cookie_domain is not None: domain = CookieConfig.get_instance().cookie_domain if CookieConfig.get_instance().cookie_secure is not None: secure = CookieConfig.get_instance().cookie_secure if CookieConfig.get_instance().cookie_same_site is not None: same_site = CookieConfig.get_instance().cookie_same_site handshake_info = await HandshakeInfo.get_instance() if path in { handshake_info.refresh_token_path, handshake_info.access_token_path }: if path == handshake_info.access_token_path and CookieConfig.get_instance( ).access_token_path is not None: path = CookieConfig.get_instance().access_token_path elif path == handshake_info.refresh_token_path and CookieConfig.get_instance( ).refresh_token_path is not None: path = CookieConfig.get_instance().refresh_token_path response.set_cookie(key=key, value=quote(value, encoding='utf-8'), expires=((expires - get_timestamp_ms()) // 1000), path=path, domain=domain, secure=secure, httponly=http_only, samesite=same_site)
def lookup(q: str, authorization=Header(None)): """Allows looking up a user id by a username. q is the username to lookup""" request_cost = 1 headers = {'x-request-cost': str(request_cost)} with LazyItgs() as itgs: user_id, _, perms = helper.get_permissions_from_header( itgs, authorization, ratelimit_helper.RATELIMIT_PERMISSIONS) if not ratelimit_helper.check_ratelimit(itgs, user_id, perms, request_cost): return Response(status_code=429, headers=headers) users = Table('users') itgs.read_cursor.execute( Query.from_(users).select( users.id).where(users.username == Parameter('%s')).get_sql(), (q.lower(), )) row = itgs.read_cursor.fetchone() if row is None: return Response(status_code=404, headers=headers) headers['Cache-Control'] = 'public, max-age=604800, immutable' return JSONResponse( status_code=200, content=models.UserLookupResponse(id=row[0]).dict(), headers=headers)
def logout(response: Response, session_token: str = Cookie(None)): if session_token not in app.session_tokens: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) response.status_code = 302 response.headers["Location"] = '/' app.session_tokens.remove(session_token) return response
def show(name: str, authorization: str = Header(None)): with LazyItgs() as itgs: if not users_helper.check_permissions_from_header( itgs, authorization, 'responses')[0]: return Response(status_code=403) responses = Table('responses') itgs.read_cursor.execute( Query.from_(responses).select( responses.id, responses.name, responses.response_body, responses.description, responses.created_at, responses.updated_at).where( responses.name == Parameter('%s')).get_sql(), (name, )) row = itgs.read_cursor.fetchone() if row is None: return Response(status_code=404) return JSONResponse(status_code=200, content=models.ResponseShow( id=row[0], name=row[1], body=row[2], desc=row[3], created_at=int(row[4].timestamp()), updated_at=int(row[5].timestamp())).dict(), headers={ 'Cache-Control': 'public, max-age=86400, stale-if-error=2629746' })
def login_page(username: str = Form(...), password: str = Form(...)): user = users.get(username) if not user or user['password'] != password: return Response("Я вас не знаю!", media_type="text/html") else: return Response( f"Привееет, {user['name']}!<br>Баланс: {user['balance']}", media_type="text/html")
def update_response(name: str, change: models.ResponseEditArgs, authorization: str = Header(None)): if len(change.edit_reason) < 5: return JSONResponse(status_code=422, content={ 'detail': { 'loc': ['body', 'edit_reason'] }, 'msg': 'minimum 5 characters', 'type': 'too_short' }) with LazyItgs(no_read_only=True) as itgs: authed, user_id = users_helper.check_permissions_from_header( itgs, authorization, 'responses') if not authed: return Response(status_code=403) users = Table('users') itgs.write_cursor.execute( Query.from_(users).select( users.id).where(users.id == Parameter('%s')).get_sql() + ' FOR SHARE', (user_id, )) row = itgs.write_cursor.fetchone() if row is None: itgs.write_conn.rollback() return Response(status_code=403) responses = Table('responses') itgs.write_cursor.execute( Query.from_(responses).select( responses.id, responses.response_body, responses.description).where( responses.name == Parameter('%s')).get_sql() + ' FOR UPDATE', (name, )) row = itgs.write_cursor.fetchone() if row is None: itgs.write_conn.rollback() return Response(status_code=404) (resp_id, old_body, old_desc) = row resp_hists = Table('response_histories') itgs.write_cursor.execute( Query.into(resp_hists).columns( resp_hists.response_id, resp_hists.user_id, resp_hists.old_raw, resp_hists.new_raw, resp_hists.reason, resp_hists.old_desc, resp_hists.new_desc).insert( *[Parameter('%s') for _ in range(7)]).get_sql(), (resp_id, user_id, old_body, change.body, change.edit_reason, old_desc, change.desc)) itgs.write_cursor.execute( Query.update(responses).set( responses.response_body, Parameter('%s')).set( responses.description, Parameter('%s')).set( responses.updated_at, ppfns.Now()).where( responses.id == Parameter('%s')).get_sql(), (change.body, change.desc, resp_id)) itgs.write_conn.commit() return Response(status_code=200)
async def preflight_handler(request: Request, rest_of_path: str) -> Response: """ Handles CORS preflight requests. """ response = Response() response.headers["Access-Control-Allow-Origin"] = "*" response.headers["Access-Control-Allow-Methods"] = "POST, GET, DELETE, PATCH, OPTIONS" response.headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type" return response
def show_patient(id: int, response: Response, session_token: str = Cookie(None)): if session_token not in app.session_tokens: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) response.set_cookie(key="session_token", value=session_token) if id in app.patients.keys(): return app.patients[id] return status.HTTP_204_NO_CONTENT
async def dispatch(self, request: Request, call_next: RequestResponseEndpoint): response = Response("Internal server error", status_code=500) token = _request_id_ctx_var.set(str(uuid4())) try: response: Response = await call_next(request) finally: response.headers['X-Request-ID'] = get_request_id() _request_id_ctx_var.reset(token) return response
async def verify_email(userId: str, response: Response): async with AsyncClient() as client: data = await client.post(f"{API_WEBSITE_URL}/user/{userId}/activate") if data.status_code == 200: response = RedirectResponse("/login", status_code=302) response.set_cookie(key="message", value=data.text, max_age=1) return response response = RedirectResponse("/login", status_code=302) response.set_cookie(key="error", value=data.text, max_age=1) return response
def set_auth(response: Response, user_id: int): val = serializer.dumps(user_id) response.set_cookie( AUTH_COOKIE_NAME, val, secure=False, expires=ACCESS_TOKEN_EXPIRE_MINUTES * 60, httponly=True, samesite="Lax", )
def add_patient(response: Response, patient: Patient, session_token: str = Cookie(None)): if session_token not in app.session_tokens: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) id = counter() app.patients[id] = patient.dict() response.set_cookie(key="session_token", value=session_token) response.status_code = 302 response.headers["Location"] = f'/patient/{id}'