From 341ca36b4bb76097ff5edf32f88736ee51e03006 Mon Sep 17 00:00:00 2001
From: Valerij Maljulin <vmaljuli@redhat.com>
Date: Thu, 16 Nov 2023 11:55:46 +0100
Subject: [PATCH] Add flask-session

---
 poetry.lock        | 28 +++++++++++++++++++++++++++-
 pyproject.toml     |  1 +
 waiverdb/app.py    | 24 ++++++++++++++++++++----
 waiverdb/config.py |  7 +++++++
 4 files changed, 55 insertions(+), 5 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index f29bae7b..5617c875 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -135,6 +135,17 @@ files = [
     {file = "blinker-1.7.0.tar.gz", hash = "sha256:e6820ff6fa4e4d1d8e2747c2283749c3f547e4fee112b98555cdcdae32996182"},
 ]
 
+[[package]]
+name = "cachelib"
+version = "0.10.2"
+description = "A collection of cache libraries in the same API interface."
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "cachelib-0.10.2-py3-none-any.whl", hash = "sha256:42d49f2fad9310dd946d7be73d46776bcd4d5fde4f49ad210cfdd447fbdfc346"},
+    {file = "cachelib-0.10.2.tar.gz", hash = "sha256:593faeee62a7c037d50fc835617a01b887503f972fb52b188ae7e50e9cb69740"},
+]
+
 [[package]]
 name = "cachetools"
 version = "5.3.2"
@@ -745,6 +756,21 @@ dev = ["Faker (==2.0.0)", "black", "blinker", "invoke (==2.0.0)", "mock (==3.0.5
 doc = ["Sphinx (==5.3.0)", "alabaster (==0.7.12)", "sphinx-issues (==3.0.1)"]
 test = ["Faker (==2.0.0)", "blinker", "invoke (==2.0.0)", "mock (==3.0.5)", "pytest (==7.0.1)", "pytest-benchmark (==3.4.1)", "pytest-cov (==4.0.0)", "pytest-flask (==1.2.0)", "pytest-mock (==3.6.1)", "pytest-profiling (==1.7.0)", "twine (==3.8.0)", "tzlocal"]
 
+[[package]]
+name = "flask-session"
+version = "0.5.0"
+description = "Server-side session support for Flask"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "Flask-Session-0.5.0.tar.gz", hash = "sha256:190875e6aebf2953c6803d42379ef3b934bc209ef8ef006f97aecb08f5aaeb86"},
+    {file = "flask_session-0.5.0-py3-none-any.whl", hash = "sha256:1619bcbc16f04f64e90f8e0b17145ba5c9700090bb1294e889956c1282d58631"},
+]
+
+[package.dependencies]
+cachelib = "*"
+flask = ">=2.2"
+
 [[package]]
 name = "flask-sqlalchemy"
 version = "3.1.1"
@@ -2636,4 +2662,4 @@ test = ["flake8", "mock", "pytest", "pytest-cov"]
 [metadata]
 lock-version = "2.0"
 python-versions = ">=3.8,<3.12"
-content-hash = "14bc1a291f2e1fac62ad88ba8afe596f25b4d17725b3d7ac0789103fe8bfb52f"
+content-hash = "81eb8a0ea1afd1bab8e4db013e4e6f22db32a146366674f77d5bae777edee00b"
diff --git a/pyproject.toml b/pyproject.toml
index 6ddf9cb9..e863356d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,6 +43,7 @@ flask-oidc = "^2.1.1"
 Flask-SQLAlchemy = "^3.1.1"
 Flask-Cors = "^4.0.0"
 Flask-Migrate = "^4.0.5"
+Flask-Session = "^0.5.0"
 itsdangerous = {version = "==2.0.1", optional = true}
 # causes a problem with OIDC callback (returns 500)
 Werkzeug = "^3.0.1"
diff --git a/waiverdb/app.py b/waiverdb/app.py
index 59e99682..75aa3feb 100644
--- a/waiverdb/app.py
+++ b/waiverdb/app.py
@@ -10,6 +10,7 @@
 from flask import Flask, current_app, send_from_directory
 from flask_cors import CORS
 from flask_migrate import Migrate
+from flask_session import Session
 from sqlalchemy import event, text
 from sqlalchemy.exc import ProgrammingError
 import requests
@@ -85,7 +86,7 @@ def populate_db_config(app):
 
 
 # applicaiton factory http://flask.pocoo.org/docs/0.12/patterns/appfactories/
-def create_app(config_obj=None):
+def create_app(config_obj=None) -> Flask:
     app = Flask(__name__)
 
     if config_obj:
@@ -102,15 +103,17 @@ def create_app(config_obj=None):
     app.register_error_handler(requests.Timeout, json_error)
 
     populate_db_config(app)
-    if 'OIDC' in auth_methods(app):
-        oidc.init_app(app)
-        app.oidc = oidc
     # initialize logging
     init_logging(app)
     # initialize tracing
     init_tracing(app)
     # initialize db
     db.init_app(app)
+    init_session(app)
+    if 'OIDC' in auth_methods(app):
+        oidc.init_app(app)
+        app.oidc = oidc
+
     # initialize db migrations
     migrations_dir = os.path.join(os.path.abspath(os.path.dirname(__file__)),
                                   'migrations')
@@ -131,6 +134,19 @@ def create_app(config_obj=None):
     return app
 
 
+def init_session(app: Flask) -> None:
+    app.config["SESSION_SQLALCHEMY"] = db
+    app.server_session = Session(app)
+    if app.config["SESSION_TYPE"] == "sqlalchemy":
+        import sqlalchemy
+
+        with app.app_context():
+            inspect = sqlalchemy.inspect(db.engine)
+            table = app.config["SESSION_SQLALCHEMY_TABLE"]
+            if not inspect.has_table(table):
+                db.create_all()
+
+
 def healthcheck():
     """
     Request handler for performing an application-level health check. This is
diff --git a/waiverdb/config.py b/waiverdb/config.py
index af6137fc..1ba99080 100644
--- a/waiverdb/config.py
+++ b/waiverdb/config.py
@@ -38,6 +38,13 @@ class Config(object):
     OTEL_EXPORTER_OTLP_METRICS_ENDPOINT = None
     OTEL_EXPORTER_SERVICE_NAME = "waiverdb"
 
+    SESSION_TYPE = "sqlalchemy"
+    SESSION_SQLALCHEMY_TABLE = "sessions"
+    SESSION_PERMANENT = True
+    SESSION_USE_SIGNER = True
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_SAMESITE = "Lax"
+
 
 class ProductionConfig(Config):
     DEBUG = False