deploy at 2024-08-25 18:23:28.592643

main.py

@@ -151,6 +151,7 @@ with open("main.py") as f:
 
 # Sesskey
 sess_key_path = "session/.sesskey"
+SESSION_KEY = "session_"
 # Make sure session directory exists
 os.makedirs("session", exist_ok=True)
 
@@ -205,7 +206,9 @@ app, rt = fast_app(
     hdrs=headers,
     #middleware=middlewares,
     key_fname=sess_key_path,
-    samesite="none"
+    samesite="none",
+    secure=True,  # Add this line
+    httponly=True,  # Add this line
 )
 
 # Add this function for debugging
@@ -443,7 +446,7 @@ async def login(sess, request: Request):
     password = form.get("pwd")
     
     if username == ADMIN_NAME and compare_digest(ADMIN_PWD.encode("utf-8"), password.encode("utf-8")):
-        sess['auth'] = True
+        sess[SESSION_KEY] = {'auth': True}
         return RedirectResponse("/admin", status_code=303)
     
     return RedirectResponse("/login?error=True", status_code=303)
@@ -451,7 +454,8 @@ async def login(sess, request: Request):
 
 @app.route("/logout")
 async def logout(sess):
-    sess.clear()
+    if SESSION_KEY in sess:
+        del sess[SESSION_KEY]
     return RedirectResponse("/")
 
 
@@ -649,8 +653,8 @@ def download_csv(request: Request):
 
 
 @app.route("/admin")
-async def admin(sess):
-    auth = sess.get('auth', False)
+async def admin(request, sess):
+    auth = sess.get(SESSION_KEY, {}).get('auth', False)
     if not auth:
         print(f"Not authenticated: {auth}")
         return RedirectResponse("/login", status_code=303)