՟f8HddlZddlZddlmZmZddlmZ ddlZddl Z ddl m Z ddlmZmZmZddlZddlmZmZmZddlmZddlmZdd lmZmZmZdd lm Z d d l!m"Z"d d l#m$Z$Gdde eZ%GddeZ&Gdde&Z'GddeeZ(y#e $rddlZYwxYw)N)ABCabstractmethod)suppress) timedelta)AnyDictOptional)FlaskRequestResponse)SessionInterface) SessionMixin) BadSignatureSigner want_bytes) CallbackDict) retry_query)DefaultsceZdZdZdefdZ ddeeee fdeedeefdZ dede ffd Z dded e de ffd Z dded e de ffd Z dfd ZxZS)ServerSideSessionaBaseclass for server-side based sessions. This can be accessed through ``flask.session``. .. attribute:: sid Session id, internally we use :func:`secrets.token_urlsafe` to generate one session id. .. attribute:: modified When data is changed, this is set to ``True``. Only the session dictionary itself is tracked; if the session contains mutable data (for example a nested dict) then this must be set to ``True`` manually when modifying that data. The session cookie will only be written to the response if this is ``True``. .. attribute:: accessed When data is read (or attempted read) or written, this is set to ``True``. Used by :class:`.ServerSideSessionInterface` to add a ``Vary: Cookie`` header, which allows caching proxies to cache different pages for different users. Default is ``False``. .. attribute:: permanent This sets and reflects the ``'_permanent'`` key in the dict. Default is ``False``. returncVtt|xr|jdhk7S)N _permanent)booldictkeysselfs M/var/www/cvtools/html/venv/lib/python3.12/site-packages/flask_session/base.py__bool__zServerSideSession.__bool__:s#DJADIIKL>$AAinitialsid permanentcvdd}tj|||||_|r||_d|_d|_y)Nc d|_d|_yNT)modifiedaccessedrs r on_updatez-ServerSideSession.__init__..on_updateCs DM DMr"FrN)r__init__r$r%r)r*)rr#r$r%r+s r r-zServerSideSession.__init__=s:  ! dGY7 &DN  r"keyc0d|_t| |Sr()r*super __getitem__)rr. __class__s r r1zServerSideSession.__getitem__Ns w"3''r"defaultc2d|_t| ||Sr()r*r0getrr.r3r2s r r5zServerSideSession.getRs w{3((r"c2d|_t| ||Sr()r*r0 setdefaultr6s r r8zServerSideSession.setdefaultVs w!#w//r"cP|jdd}t| ||d<y)z2Clear the session except for the '_permanent' key.rFN)r5r0clear)rr%r2s r r:zServerSideSession.clearZs&HH\51   &\r")NNNNr,)__name__ __module__ __qualname____doc__rr!r rstrrr-r1r5r8r: __classcell__)r2s@r rrs>B$B -1!$( $sCx.)c]D> "(s(s()s)S)C)0c0C030''r"rcDeZdZdZededefdZededefdZ y) Serializerz$Baseclass for session serialization.serialized_datarct)Deserialize the session data.NotImplementedErrorrrDs r decodezSerializer.decoded "##r"sessionct)Serialize the session data.rG)rrLs r encodezSerializer.encodeirKr"N) r<r=r>r?rbytesrrJrrOr"r rCrCasH.$e$$$$/$E$$r"rCc<eZdZdedefdZdedefdZdede fdZ y ) MsgSpecSerializerappformatc||_||||dk(rjtjj|_tjj |_tjj |_y|dk(rjtjj|_tjj |_tjj |_ytd|)Nmsgpackjsonz"Unsupported serialization format: ) rTmsgspecrWEncoderencoderDecoderdecoderrXalternate_decoder ValueError)rrTrUs r r-zMsgSpecSerializer.__init__ps   Y "??224DL"??224DL%,\\%9%9%;D " v "<<//1DL"<<//1DL%,__%<%<%>D "A&JK Kr"rLrc |jjt|S#t$r.}|jj j d|d}~wwxYw)rNz"Failed to serialize session data: N)r[rOr ExceptionrTloggererror)rrLes r rOzMsgSpecSerializer.encodesQ <<&&tG}5 5  HHOO ! !$Fqc"J K  s#& A)AArDc*ttj5|jj |cdddS#1swYnxYwttj5|j j |cdddS#1swYnxYwtt j5t j|cdddS#1swYnxYw|jjjddt jd)rFNz"Failed to deserialize session dataT)exc_info) rrY DecodeErrorr]rJr^pickleUnpicklingErrorloadsrTrbrcrIs r rJzMsgSpecSerializer.decodesg)) * 8<<&&7 8 8 8 g)) * B))00A B B B f,, - 1<<0 1 1 1 BTR$$%IJJs!?A$B  B.C  CN) r<r=r>r r@r-rrPrOrrJrQr"r rSrSosBLEL3L"/E Ke K Kr"rSc.eZdZdZeZdZdZejejejejejejfdededededed ed eefd Zd ed efdZded efdZded efdZded efdZded efdZdeded efdZdZd#dZded dfdZdededed dfdZ dede!d efdZ"e#e$ded ee%fdZ&e#e$ded dfdZ'e#e$d e(deded dfd!Z)e$d#d"Z*y)$ServerSideSessionInterfacezKUsed to open a :class:`flask.sessions.ServerSideSessionInterface` instance.NTrT key_prefix use_signerr% sid_lengthserialization_formatcleanup_n_requestsc|||_||_||_|rtjdt d||_||_t|d|_ ||_ t|dddurB|jr&|jj|jn|jt|||_y)NzThe 'use_signer' option is deprecated and will be removed in the next minor release. Please update your configuration accordingly or open an issue.r) stacklevelget_cookie_samesitettlF)rUrT)rTrmrnwarningswarnDeprecationWarningr%rohasattrhas_same_site_capabilityrqgetattrbefore_request_cleanup_n_requests_register_cleanup_app_commandrS serializer)rrTrmrnr%rorprqs r r-z#ServerSideSessionInterface.__init__s$$  MMQ"   #$(/6K(L%"4 4 % .&&''(@(@A224,3GSQr"session_id_lengthrc,tj|S)zGenerate a random session id.)secrets token_urlsafe)rrs r _generate_sidz(ServerSideSessionInterface._generate_sids$$%677r"cxt|dr |js tdt|jddS)N secret_keyz3SECRET_KEY must be set when SESSION_USE_SIGNER=Truez flask-sessionhmac)saltkey_derivation)ryrKeyErrorr)rrTs r _get_signerz&ServerSideSessionInterface._get_signers1sL)PQ Qcnn?6RRr"r$cj|j|}|j|}|j}|Sr;)runsignrJrrTr$signer sid_as_bytess r _unsignz"ServerSideSessionInterface._unsigns3!!#&}}S) !!# r"cz|j|}t|}|j|jdS)Nzutf-8)rrsignrJrs r _signz ServerSideSessionInterface._signs5!!#&!# {{<(//88r"c |j|zSr;)rm)rr$s r _get_store_idz(ServerSideSessionInterface._get_store_ids$$r"rLc<|jxs|jdS)aUsed by session backends to determine if session in storage should be set for this session cookie for this response. If the session has been modified, the session is set to storage. If the ``SESSION_REFRESH_EACH_REQUEST`` config is true, the session is always set to storage. In the second case, this means refreshing the storage expiry even if the session has not been modified. .. versionadded:: 0.7.0 SESSION_REFRESH_EACH_REQUEST)r)config)rrTrLs r should_set_storagez-ServerSideSessionInterface.should_set_storagesM3::.L#MMr"c`jjjdfd}y)z Register a custom Flask CLI command for cleaning up expired sessions. Run the command with `flask session_cleanup`. Run with a cron job or scheduler such as Heroku Scheduler to automatically clean up expired sessions. session_cleanupcjj5jdddy#1swYyxYwr;)rT app_context_delete_expired_sessionsrsr rzQServerSideSessionInterface._register_cleanup_app_command..session_cleanups4%%' 0--/ 0 0 0s6?N)rTclicommand)rrs` r r~z8ServerSideSessionInterface._register_cleanup_app_commands+   / 0 0 1 0r"c|jr5tjd|jdk(r|jyyy)z Delete expired sessions on average every N requests. This is less desirable than using the scheduled app command cleanup as it may slow down some requests but may be useful for rapid development. rN)rqrandomrandintrrs r r}z.ServerSideSessionInterface._cleanup_n_requestss;  " "v~~a9P9P'QUV'V  ) ) +(W "r"c|rT|j|j|j|j|j}||_d|_yy)zqRegenerate the session id for the given session. Can be used by calling ``flask.session_interface.regenerate()``.TN)_delete_sessionrr$rror))rrLnew_sids r regeneratez%ServerSideSessionInterface.regeneratesJ   !3!3GKK!@ A((9G!GK#G  r"responsec |j|}|j|}|j|}|j|j}|j r|j jd|sM|jr@|j||j||||j jdy|j||sy|j|j|||j||sy|jr|j!||jn |j}|j#||} |j%|} |j'|} |j(r|j+|nd} |j-||| | ||| | |j jdy)NCookie)r.domainpath)r.valueexpireshttponlyrrsecuresamesite)get_cookie_domainget_cookie_pathget_cookie_namerr$r*varyaddr)r delete_cookier_upsert_sessionpermanent_session_lifetimeshould_set_cookiernrget_expiration_timeget_cookie_httponlyget_cookie_securerzrt set_cookie) rrTrLrrrnamestore_idrrrrrs r save_sessionz'ServerSideSessionInterface.save_sessions '',##C(##C(%%gkk2    MM  h '$$X.&&4T&J !!(+ &&sG4  S;;WhO%%c73 15 3 ,W[[**38++C0'',-1-J-JD $ $S )PT      (#r"requestcp|jj|jd}|s8|j|j}|j ||j S|jr |j||}|j|}|j|}||j ||S|j|j}|j ||j S#t$r;|j|j}|j ||j cYSwxYw)NSESSION_COOKIE_NAME)r$r%)r$) cookiesr5rrro session_classr%rnrrr_retrieve_session_data)rrTrr$rsaved_session_datas r open_sessionz'ServerSideSessionInterface.open_sessionLs#oo!!#**-B"CD$$T__5C%%#%H H ?? Mll3, %%c*!88B  )%%&8c%B B  1!!cT^^!DD  M((9))cT^^)LL Ms0C11AD54D5rct)z/Get the saved session from the session storage.rGrrs r rz1ServerSideSessionInterface._retrieve_session_dataj "##r"ct)z(Delete session from the session storage.rGrs r rz*ServerSideSessionInterface._delete_sessionprr"session_lifetimect)z=Update existing or create new session in the session storage.rG)rrrLrs r rz*ServerSideSessionInterface._upsert_sessionvs "##r"cy)zVDelete expired sessions from the session storage. Only required for non-TTL databases.NrQrs r rz3ServerSideSessionInterface._delete_expired_sessions~s r"r,)+r<r=r>r?rrrrurSESSION_KEY_PREFIXSESSION_USE_SIGNERSESSION_PERMANENTSESSION_ID_LENGTHSESSION_SERIALIZATION_FORMATSESSION_CLEANUP_N_REQUESTSr r@rintr r-rrrrrrrr~r}rr rr rrrrrr TimeDeltarrrQr"r rlrls6U%MJ C #55#66"44"44$,$I$I,4,O,O!R !R!R !R  !R  !R"!R%SM!RJ8s8s8 SuSS 9c9c9 %%% Ne N6G ND N 0, $"3 $ $8$8$#48$@H8$ 8$tEEErs#+&&**D'990D' lD'N $ $%K %KPj !6j _sB B! B!