add static files support and cookie expiration settings

2025-07-15 06:55:48 +00:00 · 2021-09-11 16:34:43 +03:00
parent f3fd0780fb
commit 5bb244cbe8
16 changed files with 35 additions and 16 deletions
--- a/src/ahriman/core/auth/auth.py
+++ b/src/ahriman/core/auth/auth.py
@ -36,8 +36,8 @@ class Auth:
    :cvar ALLOWED_PATHS_GROUPS: URI paths prefixes which can be accessed without authorization, predefined
    """

-    ALLOWED_PATHS = {"/", "/favicon.ico", "/index.html"}
-    ALLOWED_PATHS_GROUPS = {"/user-api"}
+    ALLOWED_PATHS = {"/", "/index.html"}
+    ALLOWED_PATHS_GROUPS = {"/static", "/user-api"}

    def __init__(self, configuration: Configuration, provider: AuthSettings = AuthSettings.Disabled) -> None:
        """
@ -51,6 +51,7 @@ class Auth:
        self.allowed_paths_groups = set(configuration.getlist("auth", "allowed_paths_groups"))
        self.allowed_paths_groups.update(self.ALLOWED_PATHS_GROUPS)
        self.enabled = provider.is_enabled
+        self.max_age = configuration.getint("auth", "max_age", fallback=7 * 24 * 3600)

    @classmethod
    def load(cls: Type[Auth], configuration: Configuration) -> Auth:
--- a/src/ahriman/web/middlewares/auth_handler.py
+++ b/src/ahriman/web/middlewares/auth_handler.py
@ -95,7 +95,7 @@ def setup_auth(application: web.Application, validator: Auth) -> web.Application
    """
    fernet_key = fernet.Fernet.generate_key()
    secret_key = base64.urlsafe_b64decode(fernet_key)
-    storage = EncryptedCookieStorage(secret_key, cookie_name='API_SESSION')
+    storage = EncryptedCookieStorage(secret_key, cookie_name="API_SESSION", max_age=validator.max_age)
    setup_session(application, storage)

    authorization_policy = AuthorizationPolicy(validator)
--- a/src/ahriman/web/routes.py
+++ b/src/ahriman/web/routes.py
@ -18,6 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from aiohttp.web import Application
+from pathlib import Path

 from ahriman.web.views.index import IndexView
 from ahriman.web.views.service.add import AddView
@ -31,7 +32,7 @@ from ahriman.web.views.user.login import LoginView
 from ahriman.web.views.user.logout import LogoutView


-def setup_routes(application: Application) -> None:
+def setup_routes(application: Application, static_path: Path) -> None:
    """
    setup all defined routes

@ -64,10 +65,13 @@ def setup_routes(application: Application) -> None:
        POST /user-api/v1/logout               logout from service

    :param application: web application instance
+    :param static_path: path to static files directory
    """
    application.router.add_get("/", IndexView, allow_head=True)
    application.router.add_get("/index.html", IndexView, allow_head=True)

+    application.router.add_static("/static", static_path, follow_symlinks=True)
+
    application.router.add_post("/service-api/v1/add", AddView)

    application.router.add_post("/service-api/v1/remove", RemoveView)
--- a/src/ahriman/web/web.py
+++ b/src/ahriman/web/web.py
@ -84,7 +84,7 @@ def setup_service(architecture: str, configuration: Configuration, spawner: Spaw
    application.middlewares.append(exception_handler(application.logger))

    application.logger.info("setup routes")
-    setup_routes(application)
+    setup_routes(application, configuration.getpath("web", "static_path"))

    application.logger.info("setup templates")
    aiohttp_jinja2.setup(application, loader=jinja2.FileSystemLoader(configuration.getpath("web", "templates")))