Closed easybe closed 2 months ago
The solution to this is a static SECRET value. If that's set then it can be validated across all workers, as the session is just a JWT.
OK, yes that seems to work, thanks.
Still, I wonder: Isn't there some third-party library that could replace goosebit/auth/__init__.py
?
Another option may be to generate and store the secret in the database on startup if one doesn't exist and use whatever is in the database if it does exist.
Another option may be to generate and store the secret in the database on startup if one doesn't exist and use whatever is in the database if it does exist.
I think the idea is to make it user configurable in the config, but I like this idea otherwise.
I think the idea is to make it user configurable in the config, but I like this idea otherwise.
Maybe use the database if not explicitly configured in settings?
I agree. It is not uncommon to have such a secret in the config. Even though I like the DB solution, it feels like unnecessary complexity. So, I would say, keep it simple (for now).
Ok, so I think we have secret be an option in the config, if it doesn't exist we generate one (temporarily, works for testing). This allows it to be passed as an env variable as well in the case of gunicorn, so you can generate it directly into the env variable when running if you want to randomize it.
Still, I wonder: Isn't there some third-party library that could replace
goosebit/auth/__init__.py
?
Maybe fastapi-users?
Still, I wonder: Isn't there some third-party library that could replace
goosebit/auth/__init__.py
?Maybe fastapi-users?
This seems distinctly worse, no support for tortoise-orm, and just as complex to set up.
This seems distinctly worse, no support for tortoise-orm, and just as complex to set up.
Yeah, def a bit more complex, was just thinking might have some useful features, think it used to support tortoise-orm but that integration seems to be unmaintained.
This can be seen when running e.g. with:
I assume the session data needs to be stored in the DB.