[0.9.28] - OAuth/Auth with httpOnly cookie

2025-09-28 12:22:37 +03:00
parent 6451ba7de5
commit fb98a1c6c8
27 changed files with 1449 additions and 2147 deletions
--- a/auth/init.py
+++ b/auth/init.py
@@ -50,7 +50,7 @@ async def logout(request: Request) -> Response:
        key=SESSION_COOKIE_NAME,
        secure=SESSION_COOKIE_SECURE,
        httponly=SESSION_COOKIE_HTTPONLY,
-        samesite=SESSION_COOKIE_SAMESITE,
+        samesite=SESSION_COOKIE_SAMESITE if SESSION_COOKIE_SAMESITE in ["strict", "lax", "none"] else "none",
    )
    logger.info("[auth] logout: Cookie успешно удалена")

@@ -117,7 +117,7 @@ async def refresh_token(request: Request) -> JSONResponse:
                value=new_token,
                httponly=SESSION_COOKIE_HTTPONLY,
                secure=SESSION_COOKIE_SECURE,
-                samesite=SESSION_COOKIE_SAMESITE,
+                samesite=SESSION_COOKIE_SAMESITE if SESSION_COOKIE_SAMESITE in ["strict", "lax", "none"] else "none",
                max_age=SESSION_COOKIE_MAX_AGE,
            )