Home Explore Help
Register Sign In
OpenSource
/
open-webui
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

refac: cookie

Timothy J. Baek 10 months ago
parent
f342f8adc7
commit
f1de635988
2 changed files with 18 additions and 4 deletions
Split View Show Diff Stats
  1. 16 4
      backend/apps/webui/routers/auths.py
  2. 2 0
      src/lib/apis/auths/index.ts

+ 16 - 4
backend/apps/webui/routers/auths.py
View File 

@@ -61,8 +61,6 @@ async def get_session_user(
 
         key="token",
 
         value=token,
 
         httponly=True,  # Ensures the cookie is not accessible via JavaScript
 
-        secure=True,  # Ensures the cookie is sent over https
 
-        samesite="lax",
 
     )
 
 
     return {
 
@@ -125,7 +123,7 @@ async def update_password(
 
 
 
 @router.post("/signin", response_model=SigninResponse)
 
-async def signin(request: Request, form_data: SigninForm):
 
+async def signin(request: Request, response: Response, form_data: SigninForm):
 
     if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
 
         if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
 
             raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
 
@@ -169,6 +167,13 @@ async def signin(request: Request, form_data: SigninForm):
 
             expires_delta=parse_duration(request.app.state.config.JWT_EXPIRES_IN),
 
         )
 
 
+        # Set the cookie token
 
+        response.set_cookie(
 
+            key="token",
 
+            value=token,
 
+            httponly=True,  # Ensures the cookie is not accessible via JavaScript
 
+        )
 
+
 
         return {
 
             "token": token,
 
             "token_type": "Bearer",
 
@@ -188,7 +193,7 @@ async def signin(request: Request, form_data: SigninForm):
 
 
 
 @router.post("/signup", response_model=SigninResponse)
 
-async def signup(request: Request, form_data: SignupForm):
 
+async def signup(request: Request, response: Response, form_data: SignupForm):
 
     if not request.app.state.config.ENABLE_SIGNUP and WEBUI_AUTH:
 
         raise HTTPException(
 
             status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED
 
@@ -224,6 +229,13 @@ async def signup(request: Request, form_data: SignupForm):
 
             )
 
             # response.set_cookie(key='token', value=token, httponly=True)
 
 
+            # Set the cookie token
 
+            response.set_cookie(
 
+                key="token",
 
+                value=token,
 
+                httponly=True,  # Ensures the cookie is not accessible via JavaScript
 
+            )
 
+
 
             if request.app.state.config.WEBHOOK_URL:
 
                 post_webhook(
 
                     request.app.state.config.WEBHOOK_URL,

+ 2 - 0
src/lib/apis/auths/index.ts
View File 

@@ -118,6 +118,7 @@ export const userSignIn = async (email: string, password: string) => {
 
 		headers: {
 
 			'Content-Type': 'application/json'
 
 		},
 
+		credentials: 'include',
 
 		body: JSON.stringify({
 
 			email: email,
 
 			password: password
 
@@ -154,6 +155,7 @@ export const userSignUp = async (
 
 		headers: {
 
 			'Content-Type': 'application/json'
 
 		},
 
+		credentials: 'include',
 
 		body: JSON.stringify({
 
 			name: name,
 
 			email: email,