fastapi-clean-example/src/app/inbound/http/auth_cookie_middleware.py at 60300879332c157c2f714040b222f43b5966a87b · ivan-borovets/fastapi-clean-example · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
from typing import ClassVar, Literal, cast

from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoint
from starlette.requests import Request
from starlette.responses import Response
from starlette.types import ASGIApp

from app.outbound.auth_ctx.cookie_manager import STAGED_COOKIE


class AuthCookieMiddleware(BaseHTTPMiddleware):
    MISSING: ClassVar[object] = object()

    def __init__(
        self,
        app: ASGIApp,
        *,
        cookie_name: str,
        cookie_path: str,
        cookie_httponly: bool,
        cookie_secure: bool,
        cookie_samesite: Literal["lax", "strict", "none"],
    ) -> None:
        super().__init__(app)
        self._cookie_name = cookie_name
        self._cookie_path = cookie_path
        self._cookie_httponly = cookie_httponly
        self._cookie_secure = cookie_secure
        self._cookie_samesite = cookie_samesite

    async def dispatch(
        self,
        request: Request,
        call_next: RequestResponseEndpoint,
    ) -> Response:
        response = await call_next(request)

        staged = getattr(request.state, STAGED_COOKIE, self.MISSING)
        if staged is self.MISSING:
            return response

        value = cast(str | None, staged)
        if value is None:
            response.delete_cookie(
                key=self._cookie_name,
                path=self._cookie_path,
            )
            return response

        response.set_cookie(
            key=self._cookie_name,
            value=value,
            path=self._cookie_path,
            httponly=self._cookie_httponly,
            secure=self._cookie_secure,
            samesite=self._cookie_samesite,
        )
        return response