[DOP-21268] - add SessionSettings

.env.docker

@@ -9,6 +9,9 @@ SYNCMASTER__LOGGING__SETUP=True
 SYNCMASTER__LOGGING__PRESET=colored
 SYNCMASTER__LOG_URL_TEMPLATE=https://grafana.example.com?correlation_id={{ correlation_id }}&run_id={{ run.id }}
 
+# Session
+SYNCMASTER__SERVER__SESSION__SECRET_KEY=session_secret_key
+
 # Encrypt / Decrypt credentials data
 SYNCMASTER__CRYPTO_KEY=UBgPTioFrtH2unlC4XFDiGf5sYfzbdSf_VgiUSaQc94=
 
@@ -30,6 +33,7 @@ SYNCMASTER__AUTH__KEYCLOAK_TOKEN_URL=http://keycloak:8080/realms/fastapi-realm/p
 # Dummy Auth
 SYNCMASTER__AUTH__PROVIDER=syncmaster.backend.providers.auth.dummy_provider.DummyAuthProvider
 SYNCMASTER__AUTH__ACCESS_TOKEN__SECRET_KEY=bae1thahr8Iyaisai0kohvoh1aeg5quu
+SYNCMASTER__AUTH__PROVIDER=syncmaster.backend.providers.auth.keycloak_provider.KeycloakAuthProvider
 
 # RabbitMQ
 SYNCMASTER__BROKER__URL=amqp://guest:guest@rabbitmq:5672/

.env.local

@@ -9,6 +9,9 @@ export SYNCMASTER__LOGGING__SETUP=True
 export SYNCMASTER__LOGGING__PRESET=colored
 export SYNCMASTER__LOG_URL_TEMPLATE="https://grafana.example.com?correlation_id={{ correlation_id }}&run_id={{ run.id }}"
 
+# Session
+export SYNCMASTER__SERVER__SESSION__SECRET_KEY=session_secret_key
+
 # Encrypt / Decrypt credentials data
 export SYNCMASTER__CRYPTO_KEY=UBgPTioFrtH2unlC4XFDiGf5sYfzbdSf_VgiUSaQc94=
 

docs/backend/configuration/cors.rst

@@ -5,4 +5,4 @@ CORS settings
 
 These settings used to control `CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>`_ options.
 
-.. autopydantic_model:: syncmaster.settings.server.cors.CORSSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.cors.CORSSettings

docs/backend/configuration/index.rst

@@ -11,6 +11,7 @@ Configuration
     database
     broker
     logging
+    session
     cors
     debug
     monitoring

docs/backend/configuration/monitoring.rst

@@ -13,4 +13,4 @@ REST API server provides the following endpoints with Prometheus compatible metr
 
 These endpoints are enabled and configured using settings below:
 
-.. autopydantic_model:: syncmaster.settings.server.monitoring.MonitoringSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.monitoring.MonitoringSettings

docs/backend/configuration/openapi.rst

@@ -5,8 +5,8 @@ OpenAPI settings
 
 These settings used to control exposing OpenAPI.json and SwaggerUI/ReDoc endpoints.
 
-.. autopydantic_model:: syncmaster.settings.server.openapi.OpenAPISettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.SwaggerSettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.RedocSettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.LogoSettings
-.. autopydantic_model:: syncmaster.settings.server.openapi.FaviconSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.OpenAPISettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.SwaggerSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.RedocSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.LogoSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.openapi.FaviconSettings

docs/backend/configuration/session.rst

@@ -0,0 +1,8 @@
+.. _backend-configuration-server-session:
+
+Session settings
+================
+
+These settings used to control `Session <https://developer.mozilla.org/en-US/docs/Web/HTTP/Session>`_ options.
+
+.. autopydantic_model:: syncmaster.backend.settings.server.session.SessionSettings

docs/backend/configuration/static_files.rst

@@ -5,4 +5,4 @@ Serving static files
 
 These settings used to control serving static files by a server.
 
-.. autopydantic_model:: syncmaster.settings.server.static_files.StaticFilesSettings
+.. autopydantic_model:: syncmaster.backend.settings.server.static_files.StaticFilesSettings

syncmaster/backend/middlewares/__init__.py

@@ -29,6 +29,6 @@ def apply_middlewares(
     apply_request_id_middleware(application, settings.server.request_id)
     apply_openapi_middleware(application, settings.server.openapi)
     apply_static_files(application, settings.server.static_files)
-    apply_session_middleware(application)
+    apply_session_middleware(application, settings.server.session)
 
     return application

syncmaster/backend/middlewares/session.py

@@ -1,13 +1,17 @@
 # SPDX-FileCopyrightText: 2023-2024 MTS PJSC
 # SPDX-License-Identifier: Apache-2.0
-import secrets
 
 from fastapi import FastAPI
 from starlette.middleware.sessions import SessionMiddleware
 
+from syncmaster.backend.settings.server.session import SessionSettings
 
-def apply_session_middleware(app: FastAPI) -> FastAPI:
+
+def apply_session_middleware(app: FastAPI, settings: SessionSettings) -> FastAPI:
     """Add SessionMiddleware middleware to the application."""
-    secret_key = secrets.token_urlsafe(32)
-    app.add_middleware(SessionMiddleware, secret_key=secret_key)
+
+    app.add_middleware(
+        SessionMiddleware,
+        **settings.dict(),
+    )
     return app

syncmaster/backend/settings/server/__init__.py

@@ -9,6 +9,7 @@
 from syncmaster.backend.settings.server.monitoring import MonitoringSettings
 from syncmaster.backend.settings.server.openapi import OpenAPISettings
 from syncmaster.backend.settings.server.request_id import RequestIDSettings
+from syncmaster.backend.settings.server.session import SessionSettings
 from syncmaster.backend.settings.server.static_files import StaticFilesSettings
 
 
@@ -36,6 +37,10 @@ class ServerSettings(BaseModel):
     request_id: RequestIDSettings = Field(
         default_factory=RequestIDSettings,
     )
+    session: SessionSettings = Field(
+        default_factory=SessionSettings,  # type: ignore[arg-type]
+        description=":ref:`Session settings <backend-configuration-server-session>`",
+    )
     cors: CORSSettings = Field(
         default_factory=CORSSettings,
         description=":ref:`CORS settings <backend-configuration-server-cors>`",

syncmaster/backend/settings/server/session.py

@@ -0,0 +1,56 @@
+# SPDX-FileCopyrightText: 2023-2024 MTS PJSC
+# SPDX-License-Identifier: Apache-2.0
+
+
+from pydantic import BaseModel, Field
+
+
+class SessionSettings(BaseModel):
+    """Session Middleware Settings.
+
+    See `SessionMiddleware <https://www.starlette.io/middleware/#sessionmiddleware>`_ documentation.
+
+    .. note::
+
+        You can pass here any extra option supported by ``SessionMiddleware``,
+        even if it is not mentioned in documentation.
+
+    Examples
+    --------
+
+    For development environment:
+
+    .. code-block:: bash
+
+        SYNCMASTER__SERVER__SESSION__SECRET_KEY=secret
+        SYNCMASTER__SERVER__SESSION__SESSION_COOKIE=custom_cookie_name
+        SYNCMASTER__SERVER__SESSION__MAX_AGE=None  # cookie will last as long as the browser session
+        SYNCMASTER__SERVER__SESSION__SAME_SITE=strict
+        SYNCMASTER__SERVER__SESSION__HTTPS_ONLY=True
+        SYNCMASTER__SERVER__SESSION__DOMAIN=example.com
+
+    For production environment:
+
+    .. code-block:: bash
+
+        SYNCMASTER__SERVER__SESSION__SECRET_KEY=secret
+        SYNCMASTER__SERVER__SESSION__HTTPS_ONLY=True
+
+    """
+
+    secret_key: str = Field(description="A random string for signing cookies.")
+    session_cookie: str | None = Field(default="session", description="Name of the session cookie.")
+    max_age: int | None = Field(default=1209600, description="Session expiry time in seconds. Defaults to 2 weeks.")
+    same_site: str | None = Field(
+        default="lax",
+        description="Prevents cookie from being sent with cross-site requests.",
+    )
+    path: str | None = Field(default="/", description="Path to restrict session cookie access.")
+    https_only: bool = Field(default=False, description="Secure flag for HTTPS-only access.")
+    domain: str | None = Field(
+        default=None,
+        description="Domain for sharing cookies between subdomains or cross-domains.",
+    )
+
+    class Config:
+        extra = "allow"