mirror of
https://github.com/open-webui/open-webui
synced 2025-06-09 16:07:54 +00:00
refac: cookie
This commit is contained in:
parent
f342f8adc7
commit
f1de635988
@ -61,8 +61,6 @@ async def get_session_user(
|
|||||||
key="token",
|
key="token",
|
||||||
value=token,
|
value=token,
|
||||||
httponly=True, # Ensures the cookie is not accessible via JavaScript
|
httponly=True, # Ensures the cookie is not accessible via JavaScript
|
||||||
secure=True, # Ensures the cookie is sent over https
|
|
||||||
samesite="lax",
|
|
||||||
)
|
)
|
||||||
|
|
||||||
return {
|
return {
|
||||||
@ -125,7 +123,7 @@ async def update_password(
|
|||||||
|
|
||||||
|
|
||||||
@router.post("/signin", response_model=SigninResponse)
|
@router.post("/signin", response_model=SigninResponse)
|
||||||
async def signin(request: Request, form_data: SigninForm):
|
async def signin(request: Request, response: Response, form_data: SigninForm):
|
||||||
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
|
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
|
||||||
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
|
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
|
||||||
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
|
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
|
||||||
@ -169,6 +167,13 @@ async def signin(request: Request, form_data: SigninForm):
|
|||||||
expires_delta=parse_duration(request.app.state.config.JWT_EXPIRES_IN),
|
expires_delta=parse_duration(request.app.state.config.JWT_EXPIRES_IN),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Set the cookie token
|
||||||
|
response.set_cookie(
|
||||||
|
key="token",
|
||||||
|
value=token,
|
||||||
|
httponly=True, # Ensures the cookie is not accessible via JavaScript
|
||||||
|
)
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"token": token,
|
"token": token,
|
||||||
"token_type": "Bearer",
|
"token_type": "Bearer",
|
||||||
@ -188,7 +193,7 @@ async def signin(request: Request, form_data: SigninForm):
|
|||||||
|
|
||||||
|
|
||||||
@router.post("/signup", response_model=SigninResponse)
|
@router.post("/signup", response_model=SigninResponse)
|
||||||
async def signup(request: Request, form_data: SignupForm):
|
async def signup(request: Request, response: Response, form_data: SignupForm):
|
||||||
if not request.app.state.config.ENABLE_SIGNUP and WEBUI_AUTH:
|
if not request.app.state.config.ENABLE_SIGNUP and WEBUI_AUTH:
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED
|
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED
|
||||||
@ -224,6 +229,13 @@ async def signup(request: Request, form_data: SignupForm):
|
|||||||
)
|
)
|
||||||
# response.set_cookie(key='token', value=token, httponly=True)
|
# response.set_cookie(key='token', value=token, httponly=True)
|
||||||
|
|
||||||
|
# Set the cookie token
|
||||||
|
response.set_cookie(
|
||||||
|
key="token",
|
||||||
|
value=token,
|
||||||
|
httponly=True, # Ensures the cookie is not accessible via JavaScript
|
||||||
|
)
|
||||||
|
|
||||||
if request.app.state.config.WEBHOOK_URL:
|
if request.app.state.config.WEBHOOK_URL:
|
||||||
post_webhook(
|
post_webhook(
|
||||||
request.app.state.config.WEBHOOK_URL,
|
request.app.state.config.WEBHOOK_URL,
|
||||||
|
@ -118,6 +118,7 @@ export const userSignIn = async (email: string, password: string) => {
|
|||||||
headers: {
|
headers: {
|
||||||
'Content-Type': 'application/json'
|
'Content-Type': 'application/json'
|
||||||
},
|
},
|
||||||
|
credentials: 'include',
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
email: email,
|
email: email,
|
||||||
password: password
|
password: password
|
||||||
@ -154,6 +155,7 @@ export const userSignUp = async (
|
|||||||
headers: {
|
headers: {
|
||||||
'Content-Type': 'application/json'
|
'Content-Type': 'application/json'
|
||||||
},
|
},
|
||||||
|
credentials: 'include',
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
name: name,
|
name: name,
|
||||||
email: email,
|
email: email,
|
||||||
|
Loading…
Reference in New Issue
Block a user