Create a session for the user based on the access token and set the session cookie in the response.
(response: Response, access_token: str)
| 294 | |
| 295 | |
| 296 | def _create_session_for_response(response: Response, access_token: str) -> Response: |
| 297 | """ |
| 298 | Create a session for the user based on the access token and set the session cookie in the response. |
| 299 | """ |
| 300 | user_data: SupabaseUserData = _decode_supabase_jwt(access_token) |
| 301 | user_id = uuid.UUID(user_data.sub) |
| 302 | |
| 303 | session = Session.create(user_id) |
| 304 | |
| 305 | cookie_value = _encode_session_cookie(session) |
| 306 | |
| 307 | cookie_domain = _get_api_domain() |
| 308 | cookie_secure = 'https' in API_URL |
| 309 | |
| 310 | response.set_cookie( |
| 311 | key=AUTH_COOKIE_NAME, |
| 312 | value=cookie_value, |
| 313 | httponly=True, # not accessible to JavaScript |
| 314 | secure=cookie_secure, # only send over https in production |
| 315 | domain=cookie_domain, # set cookie for the api domain |
| 316 | max_age=AUTH_COOKIE_EXPIRY, |
| 317 | samesite="strict", |
| 318 | path="/", # valid across all paths |
| 319 | ) |
| 320 | |
| 321 | return response |
| 322 | |
| 323 | |
| 324 | @public_route |
no test coverage detected
searching dependent graphs…