aiohttp-session
aiohttp-session copied to clipboard
aio-libs
Solution for EncryptedCookieStorage 32 bytes limit length!!!
update cookie_storage.py
from hashlib import sha512
from itsdangerous import BadSignature, URLSafeTimedSerializer
from json import loads, dumps
from typing import Any, Callable, Optional
from aiohttp.web import Request, StreamResponse
from . import AbstractStorage, Session
from .log import log
class EncryptedCookieStorage(AbstractStorage):
def __init__(
self,
secret_key: "",
*,
cookie_name: str = "AIOHTTP_SESSION",
domain: Optional[str] = None,
max_age: Optional[int] = None,
path: str = "/",
secure: Optional[bool] = None,
httponly: bool = True,
samesite: Optional[str] = None,
encoder: Callable[[object], str] = dumps,
decoder: Callable[[str], Any] = loads
) -> None:
super().__init__(
cookie_name=cookie_name,
domain=domain,
max_age=max_age,
path=path,
secure=secure,
httponly=httponly,
samesite=samesite,
encoder=encoder,
decoder=decoder,
)
self._serializer = URLSafeTimedSerializer(secret_key, signer_kwargs={"digest_method": sha512})
async def load_session(self, request: Request) -> Session:
cookie = self.load_cookie(request)
if cookie is None:
return Session(None, data=None, new=True, max_age=self.max_age)
else:
try:
data = self._decoder(self._serializer.loads(cookie, max_age=self.max_age))
return Session(None, data=data, new=False, max_age=self.max_age)
except BadSignature:
log.warning("Cannot decrypt cookie value, " "create a new fresh session")
return Session(None, data=None, new=True, max_age=self.max_age)
async def save_session(self, request: Request, response: StreamResponse, session: Session) -> None:
if session.empty:
return self.save_cookie(response, "", max_age=session.max_age)
cookie_data = self._encoder(self._get_session_data(session))
self.save_cookie(response, self._serializer.dumps(cookie_data), max_age=session.max_age)
