forked from cartsnitch/cartsnitch
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 25edd8d5e3 | |||
| bd3cb3b9ab | |||
| 3bedc651c6 | |||
| 138033be9b | |||
| 8ddefe82e4 | |||
| def921f115 | |||
| 43ee1c3531 | |||
| f03d7a33c8 |
+2
-1
@@ -31,6 +31,7 @@ def run_migrations_offline() -> None:
|
|||||||
target_metadata=target_metadata,
|
target_metadata=target_metadata,
|
||||||
literal_binds=True,
|
literal_binds=True,
|
||||||
dialect_opts={"paramstyle": "named"},
|
dialect_opts={"paramstyle": "named"},
|
||||||
|
version_table_column_width=128,
|
||||||
)
|
)
|
||||||
with context.begin_transaction():
|
with context.begin_transaction():
|
||||||
context.run_migrations()
|
context.run_migrations()
|
||||||
@@ -44,7 +45,7 @@ def run_migrations_online() -> None:
|
|||||||
poolclass=pool.NullPool,
|
poolclass=pool.NullPool,
|
||||||
)
|
)
|
||||||
with connectable.connect() as connection:
|
with connectable.connect() as connection:
|
||||||
context.configure(connection=connection, target_metadata=target_metadata)
|
context.configure(connection=connection, target_metadata=target_metadata, version_table_column_width=128)
|
||||||
with context.begin_transaction():
|
with context.begin_transaction():
|
||||||
context.run_migrations()
|
context.run_migrations()
|
||||||
# Create any tables defined in models but not yet created by migrations.
|
# Create any tables defined in models but not yet created by migrations.
|
||||||
|
|||||||
@@ -19,12 +19,15 @@ bearer_scheme = HTTPBearer(auto_error=False)
|
|||||||
|
|
||||||
# Better-Auth session cookie name
|
# Better-Auth session cookie name
|
||||||
SESSION_COOKIE_NAME = "better-auth.session_token"
|
SESSION_COOKIE_NAME = "better-auth.session_token"
|
||||||
|
# Secure prefix used by better-auth on HTTPS deployments
|
||||||
|
SECURE_SESSION_COOKIE_NAME = "__Secure-better-auth.session_token"
|
||||||
|
|
||||||
|
|
||||||
async def _validate_session_token(token: str, db: AsyncSession) -> str:
|
async def _validate_session_token(token: str, db: AsyncSession) -> str:
|
||||||
"""Validate a Better-Auth session token against the sessions table.
|
"""Validate a Better-Auth session token against the sessions table.
|
||||||
|
|
||||||
Returns the user_id (as str) if the session is valid and not expired.
|
Better-Auth stores the raw token in the DB. The cookie/Bearer header
|
||||||
|
carries the same raw token, so we compare directly.
|
||||||
"""
|
"""
|
||||||
result = await db.execute(
|
result = await db.execute(
|
||||||
text("SELECT user_id, expires_at FROM sessions WHERE token = :token"),
|
text("SELECT user_id, expires_at FROM sessions WHERE token = :token"),
|
||||||
@@ -65,8 +68,8 @@ async def get_current_user(
|
|||||||
"""
|
"""
|
||||||
token: str | None = None
|
token: str | None = None
|
||||||
|
|
||||||
# 1. Check session cookie
|
# 1. Check session cookie — prefer __Secure- variant (HTTPS) over plain (HTTP dev)
|
||||||
cookie_token = request.cookies.get(SESSION_COOKIE_NAME)
|
cookie_token = request.cookies.get(SECURE_SESSION_COOKIE_NAME) or request.cookies.get(SESSION_COOKIE_NAME)
|
||||||
if cookie_token:
|
if cookie_token:
|
||||||
token = cookie_token
|
token = cookie_token
|
||||||
|
|
||||||
|
|||||||
@@ -136,7 +136,8 @@ async def client(db_engine):
|
|||||||
async def _create_test_user_and_session(client: AsyncClient, db_engine, **user_overrides) -> tuple[dict, str]:
|
async def _create_test_user_and_session(client: AsyncClient, db_engine, **user_overrides) -> tuple[dict, str]:
|
||||||
"""Create a test user and a valid session directly in the DB.
|
"""Create a test user and a valid session directly in the DB.
|
||||||
|
|
||||||
Returns (user_dict, session_token).
|
Returns (user_dict, session_token). Better-Auth stores the raw token
|
||||||
|
in the DB, so we insert it as-is.
|
||||||
"""
|
"""
|
||||||
user_id = str(uuid.uuid4())
|
user_id = str(uuid.uuid4())
|
||||||
email = user_overrides.get("email", "test@example.com")
|
email = user_overrides.get("email", "test@example.com")
|
||||||
|
|||||||
Reference in New Issue
Block a user