def save_session(self, app, session, response):
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
if not session:
self.redis.delete(self.prefix + str(session.sid))
if session.modified:
response.delete_cookie(app.session_cookie_name,
domain=domain,
path=path)
return
if not self.should_set_cookie(app, session):
return
redis_exp = self.get_redis_expiration_time(app, session)
httponly = self.get_cookie_httponly(app)
secure = self.get_cookie_secure(app)
expires = self.get_expiration_time(app, session)
val = self.serializer.dumps(dict(session))
cookie_val = self.get_signing_serializer(app).dumps(session.sid)
self.redis.setex(self.prefix + str(session.sid), val,
int(total_seconds(redis_exp)))
response.set_cookie(app.session_cookie_name,
cookie_val,
expires=expires,
httponly=httponly,
domain=domain,
path=path,
secure=secure)
def open_session(self, app, request):
s = self.get_signing_serializer(app)
if s is None:
return None
val = request.cookies.get(app.session_cookie_name)
header_cookie = request.headers.get("X-COOKIE-%s" %
app.session_cookie_name.upper())
if not val and not header_cookie:
return self.session_class()
max_age = total_seconds(app.permanent_session_lifetime)
session_data = dict()
if val is not None:
try:
data = s.loads(val, max_age=max_age)
session_data.update(data)
except BadSignature:
return self.session_class()
if header_cookie is not None:
try:
data2 = s.loads(header_cookie, max_age=max_age)
session_data.update(data2)
except BadSignature:
pass
sc = self.session_class(session_data)
return sc
def save_session(self, app, session, response):
if self.cookie_domain is not None:
domain = self.cookie_domain if self.cookie_domain else self.get_cookie_domain(
app)
else:
domain = self.get_cookie_domain(app)
path = self.cookie_path or self.get_cookie_path(app)
store_id = self.key_prefix + session.get_sid(self.cookie_name)
if PY2 and isinstance(store_id, unicode):
store_id = store_id.encode('utf-8')
if not session:
if session.modified:
try:
self.client.delete(store_id)
except Exception as e:
log.error(
f'Error while deleting session (session id: {store_id}): {e}'
)
response.delete_cookie(self.cookie_name,
domain=domain,
path=path)
return
httponly = self.cookie_httponly or self.get_cookie_httponly(app)
secure = self.cookie_secure or self.get_cookie_secure(app)
expires = self.get_expiration_time(app, session)
if session.modified:
# The session was modified
data = {'_permanent': session.is_permanent(self.cookie_name)}
data.update(dict(session))
val = self.serializer.dumps(data)
try:
log.debug('Setting document to db')
self.client.set(
store_id, val,
self._get_memcache_timeout(total_seconds(expires)))
except Exception as e:
log.error(
f'Error while updating session (session id: {store_id}): {e}'
)
if self.use_signer:
session_id = self._get_signer(app).sign(
want_bytes(session.get_sid(self.cookie_name)))
else:
session_id = session.get_sid(self.cookie_name)
cookie_expires = self.get_cookie_expiration_time(app, session)
response.set_cookie(self.cookie_name,
session_id,
expires=cookie_expires,
httponly=httponly,
domain=domain,
path=path,
secure=secure)
def open_session(self, app, request):
s = self.get_signing_serializer(app)
if s is None:
return None
val = request.cookies.get(app.session_cookie_name)
if not val:
return self.session_class()
max_age = total_seconds(app.permanent_session_lifetime)
try:
data = s.loads(val, max_age=max_age)
return self.session_class(data)
except BadSignature:
return self.session_class()
def open_session(self, app, request):
s = self.get_signing_serializer(app)
if s is None:
return None
val = request.cookies.get(app.session_cookie_name)
if not val:
return self.session_class()
max_age = total_seconds(app.permanent_session_lifetime)
try:
data = s.loads(val, max_age=max_age)
return self.session_class(data)
except BadSignature:
return self.session_class()
def save_session(self, app, session, response):
if self.cookie_domain is not None:
domain = self.cookie_domain if self.cookie_domain else self.get_cookie_domain(
app)
else:
domain = self.get_cookie_domain(app)
path = self.cookie_path or self.get_cookie_path(app)
if not session:
if session.modified:
self._delete_session_from_store(
self.key_prefix + session.get_sid(self.cookie_name))
response.delete_cookie(self.cookie_name,
domain=domain,
path=path)
return
httponly = self.cookie_httponly or self.get_cookie_httponly(app)
secure = self.cookie_secure or self.get_cookie_secure(app)
expires = self.get_expiration_time(app, session)
if session.modified:
# The session was modified
store_id = self.key_prefix + session.get_sid(self.cookie_name)
data = {'_permanent': session.is_permanent(self.cookie_name)}
data.update(dict(session))
val = self.serializer.dumps(data)
try:
self.client.setex(name=store_id,
value=val,
time=total_seconds(expires))
except Exception as e:
log.error(
'Error while updating session (session id: {}): {}'.format(
store_id, str(e)))
if self.use_signer:
session_id = self._get_signer(app).sign(
want_bytes(session.get_sid(self.cookie_name)))
else:
session_id = session.get_sid(self.cookie_name)
cookie_expires = self.get_cookie_expiration_time(app, session)
response.set_cookie(self.cookie_name,
session_id,
expires=cookie_expires,
httponly=httponly,
domain=domain,
path=path,
secure=secure)
def load_request(request):
user = None
header_name = current_app.config.get('AUTH_HEADER_NAME', AUTH_HEADER_NAME)
if header_name in request.headers:
token = request.headers.get(header_name)
header, payload = token.split(" ", 1)
if header != "flasky_token":
return None
max_age = total_seconds(current_app.permanent_session_lifetime)
session_interface = current_app.session_interface
data = session_interface.get_signing_serializer(current_app).loads(
payload, max_age=max_age)
_logger.debug("token is: {token}, data is {data}".format(token=token,
data=data))
has_user_id = 'user_id' in data
if has_user_id:
return user_service.get_user(data.get('user_id'))
return user
def open_session(self, app, request):
db = BlogModel.get_db()
sid = request.cookies.get(app.session_cookie_name)
if not sid:
return self.session_class({'sid': self.gen_sid(app)})
if sid == app.secret_key:
# admin
return self.session_class({
'sid': self.gen_sid(app),
'uid': 0,
'username': '******'
})
max_age = total_seconds(app.permanent_session_lifetime)
data = db.load_session(sid, max_age)
if data is None:
return self.session_class({'sid': self.gen_sid(app)})
return self.session_class(data)
def open_session(self, app, request):
# 获取 session 的签名算法 没有 sk 会返回 None
# get_signing_serializer 负责 cookie 到 session 的转化问题
s = self.get_signing_serializer(app)
if s is None:
return None
# 从cookie 中获取 session 的变量值
val = request.cookies.get(app.session_cookie_name)
# 如果 cookie 中没有,那么可能是一个新用户
if not val:
return self.session_class()
# 验证 cookie 中的数据是否被篡改 如果被修改了 会创建一个新Session
max_age = total_seconds(app.permanent_session_lifetime)
try:
data = s.loads(val, max_age=max_age)
return self.session_class(data)
except BadSignature:
return self.session_class()
def open_session(self, app, request):
s = self.get_signing_serializer(app)
if s is None:
return None
cookie_val = request.cookies.get(app.session_cookie_name)
if cookie_val:
max_age = total_seconds(app.permanent_session_lifetime)
try:
sid = s.loads(cookie_val, max_age=max_age)
val = self.redis.get(self.prefix + str(sid))
if val is not None:
data = self.serializer.loads(val)
return self.session_class(data, sid=sid)
else:
sid = self.generate_sid()
except BadSignature:
sid = self.generate_sid()
else:
sid = self.generate_sid()
return self.session_class(sid=sid, new=True)
def init_app(self, app):
"""Initalizes the application with the extension."""
self._session_interface = SecureCookieSessionInterface()
self._signing_serializer = self._session_interface.get_signing_serializer(app)
self._timestamp_signer = TimestampSigner(
app.secret_key, key_derivation="hmac", salt="cookie-session"
)
self._max_age = total_seconds(app.permanent_session_lifetime)
cookie_cli = AppGroup(
"cookie", help="Tools to inspect the Flask session cookie."
)
app.cli.add_command(cookie_cli)
@cookie_cli.command("decode")
@click.argument("cookie")
def decode(cookie):
"""Decode a flask session cookie"""
decoded_cookie = self.decode_cookie(cookie)
click.echo(decoded_cookie)
app.extensions["flask_cookie_decode"] = self
def __init__(self, root, cache_timeout=0):
self.root = root
self.cache_timeout = total_seconds(
app.config["SEND_FILE_MAX_AGE_DEFAULT"])
