diff --git a/k8s/welearn-api/values.dev.yaml b/k8s/welearn-api/values.dev.yaml index 336ad7a..52b5697 100644 --- a/k8s/welearn-api/values.dev.yaml +++ b/k8s/welearn-api/values.dev.yaml @@ -6,6 +6,7 @@ config: PG_HOST: dev-lab-projects-backend.postgres.database.azure.com TIKA_URL_BASE: https://tika.k8s.lp-i.dev/ DATA_COLLECTION_ORIGIN_PREFIX: welearn + SESSION_COOKIE_DOMAIN: .lp-i.dev ENV: development allowedHostsRegexes: mainUrl: |- diff --git a/k8s/welearn-api/values.prod.yaml b/k8s/welearn-api/values.prod.yaml index cefda86..52fc247 100644 --- a/k8s/welearn-api/values.prod.yaml +++ b/k8s/welearn-api/values.prod.yaml @@ -7,6 +7,7 @@ config: TIKA_URL_BASE: https://tika.k8s.lp-i.org/ DATA_COLLECTION_ORIGIN_PREFIX: workshop ENV: production + SESSION_COOKIE_DOMAIN: learningplanetinstitute.org allowedHostsRegexes: alphaUrls: |- https://[a-zA-Z0-9-]*\.alpha-welearn\.lp-i\.org diff --git a/k8s/welearn-api/values.staging.yaml b/k8s/welearn-api/values.staging.yaml index 8da3d01..4ce8636 100644 --- a/k8s/welearn-api/values.staging.yaml +++ b/k8s/welearn-api/values.staging.yaml @@ -8,6 +8,7 @@ config: PG_DATABASE: welearn_datastack_staging TIKA_URL_BASE: https://tika.k8s.lp-i.dev/ DATA_COLLECTION_ORIGIN_PREFIX: welearn + SESSION_COOKIE_DOMAIN: .lp-i.xyz ENV: staging allowedHostsRegexes: mainUrl: |- diff --git a/pytest.ini b/pytest.ini index 4104147..e283958 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,6 +1,7 @@ [pytest] env = AZURE_API_BASE=https://azureapi.example.com + SESSION_COOKIE_DOMAIN=test.example.com AZURE_API_KEY=your_azure_api_key AZURE_API_VERSION=2023-05-15 AZURE_APIM_API_BASE=https://apim.azure.example.com diff --git a/src/app/core/config.py b/src/app/core/config.py index 5a80b57..b6dda35 100644 --- a/src/app/core/config.py +++ b/src/app/core/config.py @@ -21,6 +21,7 @@ class Settings(BaseSettings): BACKEND_CORS_ORIGINS_REGEX: str = CLIENT_ORIGINS_REGEX DATA_COLLECTION_ORIGIN_PREFIX: str + SESSION_COOKIE_DOMAIN: str def get_api_version(self) -> dict: return { diff --git a/src/app/search/api/router.py b/src/app/search/api/router.py index 3615b43..e54e0a0 100644 --- a/src/app/search/api/router.py +++ b/src/app/search/api/router.py @@ -79,6 +79,7 @@ async def get_corpus(): "is_active": is_active, } for source_name, is_active, category_name in collections + if is_active ] diff --git a/src/app/shared/utils/requests.py b/src/app/shared/utils/requests.py index 998d26d..886c47b 100644 --- a/src/app/shared/utils/requests.py +++ b/src/app/shared/utils/requests.py @@ -12,7 +12,11 @@ def extract_session_cookie(request: Request) -> Optional[UUID]: cookie_value = request.cookies.get(SESSION_COOKIE_NAME) if not cookie_value: - return None + cookie_value = request.headers.get("X-Session-Id", None) + + if not cookie_value: + logger.debug("No session cookie found in request") + return None try: return UUID(cookie_value) diff --git a/src/app/user/api/router.py b/src/app/user/api/router.py index 5425c15..aef4202 100644 --- a/src/app/user/api/router.py +++ b/src/app/user/api/router.py @@ -52,11 +52,12 @@ async def handle_user_and_session( value=str(session_uuid), max_age=SESSION_TTL_SECONDS, httponly=True, - samesite="lax", - secure=settings.ENV == "production", + samesite=None, + secure=True, + domain=settings.SESSION_COOKIE_DOMAIN, ) - return {"message": "session created"} + return {"message": "session created", "session_id": session_uuid} @router.post("/user", summary="Create new user", response_model=dict)