jyapayne/langflow
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Add expiration time for access and refresh token cookies

Browse source
This commit is contained in:
anovazzi1 2024-03-08 13:01:14 -03:00
commit b23d879760
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/backend/langflow/api/v1/login.py
View file

@ -40,6 +40,7 @@ async def login_to_get_access_token(
httponly=auth_settings.REFRESH_HTTPONLY,
samesite=auth_settings.REFRESH_SAME_SITE,
secure=auth_settings.REFRESH_SECURE,
expires=auth_settings.EXPIRES_REFRESH,
)
response.set_cookie(
"access_token_lf",
@ -47,6 +48,7 @@ async def login_to_get_access_token(
httponly=auth_settings.ACCESS_HTTPONLY,
samesite=auth_settings.ACCESS_SAME_SITE,
secure=auth_settings.ACCESS_SECURE,
expires=auth_settings.EXPIRES_ACCESS,
)
return tokens
else:
@ -72,6 +74,7 @@ async def auto_login(
httponly=auth_settings.ACCESS_HTTPONLY,
samesite=auth_settings.ACCESS_SAME_SITE,
secure=auth_settings.ACCESS_SECURE,
expires=auth_settings.EXPIRES_ACCESS,
)
return tokens
@ -98,6 +101,7 @@ async def refresh_token(request: Request, response: Response, settings_service=D
httponly=auth_settings.REFRESH_TOKEN_HTTPONLY,
samesite=auth_settings.REFRESH_SAME_SITE,
secure=auth_settings.REFRESH_SECURE,
expires=auth_settings.EXPIRES_REFRESH,
)
response.set_cookie(
"access_token_lf",
@ -105,6 +109,7 @@ async def refresh_token(request: Request, response: Response, settings_service=D
httponly=auth_settings.ACCESS_HTTPONLY,
samesite=auth_settings.ACCESS_SAME_SITE,
secure=auth_settings.ACCESS_SECURE,
expires=auth_settings.EXPIRES_ACCESS,
)
return tokens
else:

7
src/backend/langflow/services/settings/auth.py
View file

@ -1,3 +1,4 @@
import datetime
import secrets
from pathlib import Path
from typing import Optional
@ -36,7 +37,11 @@ class AuthSettings(BaseSettings):
NEW_USER_IS_ACTIVE: bool = False
SUPERUSER: str = DEFAULT_SUPERUSER
SUPERUSER_PASSWORD: str = DEFAULT_SUPERUSER_PASSWORD
EXPIRES_ACCESS:datetime = 60*60
"""The expiration time of the access token cookie."""
EXPIRES_REFRESH:datetime = 60*60*12
"""The expiration time of the refresh token cookie."""
REFRESH_SAME_SITE: str = "none"
"""The SameSite attribute of the refresh token cookie."""
REFRESH_SECURE: bool = True