starred/whoogle-search
1
0
Fork 0
mirror of https://github.com/benbusby/whoogle-search.git synced 2026-04-25 04:05:57 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[PR #480] [MERGED] Improve public instance session management #888

New issue
Closed
opened 2026-02-25 20:37:01 +03:00 by kerem · 0 comments
kerem commented 2026-02-25 20:37:01 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/benbusby/whoogle-search/pull/480
Author: @benbusby
Created: 10/23/2021
Status: Merged
Merged: 11/18/2021
Merged by: @benbusby

Base: mainHead: feature/public-instance-sessions

📝 Commits (10+)

  • 30d929f Rewrite session behavior for public instances
  • 1aee389 Catch nonexistant session file, fix session type check
  • a8f178a Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions
  • 548dc41 Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions
  • 50d592b Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions
  • eddc981 Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions
  • b0733fd Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions
  • ba7409f Refactor app to use enum constants for endpoints
  • 74e9317 Override str for endpoint f-strings
  • eb51481 Merge home() and index() endpoints

📊 Changes

13 files changed (+173 additions, -91 deletions)

View changed files

📝 app/__init__.py (+1 -1)
📝 app/filter.py (+4 -2)
📝 app/models/config.py (+1 -1)
app/models/endpoint.py (+23 -0)
📝 app/routes.py (+105 -52)
📝 app/utils/results.py (+2 -1)
📝 app/utils/search.py (+5 -6)
📝 app/utils/session.py (+1 -4)
📝 requirements.txt (+1 -1)
📝 test/test_autocomplete.py (+6 -2)
📝 test/test_misc.py (+3 -2)
📝 test/test_results.py (+8 -7)
📝 test/test_routes.py (+13 -12)

📄 Description

This introduces a new approach to handling user sessions, which should
allow for users to set more reliable config settings on public instances.

Previously, when a user with cookies disabled would update their config,
this would modify the app's default config file, which would in turn
cause new users to inherit these settings when visiting the app for the
first time and cause users to inherit these settings when their current
session cookie expired (which was after 30 days by default I believe).
There was also some half-baked logic for determining on the backend
whether or not a user had cookies disabled, which lead to some issues
with out of control session file creation by Flask.

Now, when a user visits the site, their initial request is forwarded to
a session/<session id> endpoint, and during that subsequent request
their current session id is matched against the one found in the url. If
the ids match, the user has cookies enabled. If not, their original
request is modified with a 'cookies_disabled' query param that tells
Flask not to bother trying to set up a new session for that user, and
instead just use the app's fallback Fernet key for encryption and the
default config.

Since attempting to create a session for a user with cookies disabled
creates a new session file, there is now also a clean-up routine included
in the new session decorator, which will remove all sessions that don't
include a valid key in the dict. NOTE!!! This means that current user
sessions on public instances will be cleared once this update is merged
in. In the long run that's a good thing though, since this will allow session
mgmt to be a lot more reliable overall for users regardless of their cookie
preference.

Individual user sessions still use a unique Fernet key for encrypting queries,
but users with cookies disabled will use the default app key for encryption
and decryption.

Sessions are also now (semi)permanent and have a lifetime of 1 year.

Bugs during testing:

  • POST /config redirects to ?cookies-disabled incorrectly
  • Missing default theme

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/benbusby/whoogle-search/pull/480 **Author:** [@benbusby](https://github.com/benbusby) **Created:** 10/23/2021 **Status:** ✅ Merged **Merged:** 11/18/2021 **Merged by:** [@benbusby](https://github.com/benbusby) **Base:** `main` ← **Head:** `feature/public-instance-sessions` --- ### 📝 Commits (10+) - [`30d929f`](https://github.com/benbusby/whoogle-search/commit/30d929f36daacfa09eaa17df2b2b1f744d559c10) Rewrite session behavior for public instances - [`1aee389`](https://github.com/benbusby/whoogle-search/commit/1aee3893d29ac0d374e8704b314167d6501cab74) Catch nonexistant session file, fix session type check - [`a8f178a`](https://github.com/benbusby/whoogle-search/commit/a8f178a7b7249a3dc7ce609a984a7ee94b40e798) Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions - [`548dc41`](https://github.com/benbusby/whoogle-search/commit/548dc418bf9112482c6de1c39d96d392059adcd7) Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions - [`50d592b`](https://github.com/benbusby/whoogle-search/commit/50d592bcec76a7bbfc7a0566b515cdaada57a016) Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions - [`eddc981`](https://github.com/benbusby/whoogle-search/commit/eddc981b73f852fa29ee06237f4b9916cb40a5e2) Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions - [`b0733fd`](https://github.com/benbusby/whoogle-search/commit/b0733fd74a696fa67d2adef64dd41b60a5c03d44) Merge remote-tracking branch 'origin/main' into feature/public-instance-sessions - [`ba7409f`](https://github.com/benbusby/whoogle-search/commit/ba7409f230713198f680920890faef2d308eca7f) Refactor app to use enum constants for endpoints - [`74e9317`](https://github.com/benbusby/whoogle-search/commit/74e931705389636db0f8dd0266b7e2645c772e9c) Override __str__ for endpoint f-strings - [`eb51481`](https://github.com/benbusby/whoogle-search/commit/eb514817fbeea34adad47fe71c2c47c4de543593) Merge home() and index() endpoints ### 📊 Changes **13 files changed** (+173 additions, -91 deletions) <details> <summary>View changed files</summary> 📝 `app/__init__.py` (+1 -1) 📝 `app/filter.py` (+4 -2) 📝 `app/models/config.py` (+1 -1) ➕ `app/models/endpoint.py` (+23 -0) 📝 `app/routes.py` (+105 -52) 📝 `app/utils/results.py` (+2 -1) 📝 `app/utils/search.py` (+5 -6) 📝 `app/utils/session.py` (+1 -4) 📝 `requirements.txt` (+1 -1) 📝 `test/test_autocomplete.py` (+6 -2) 📝 `test/test_misc.py` (+3 -2) 📝 `test/test_results.py` (+8 -7) 📝 `test/test_routes.py` (+13 -12) </details> ### 📄 Description This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a `session/<session id>` endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a `valid` key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year. Bugs during testing: - [x] `POST /config` redirects to `?cookies-disabled` incorrectly - [x] Missing default theme --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-25 20:37:01 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/pip/python-dotenv-1.2.2
v1.2.4
v1.2.3
v1.2.2
v1.2.1-test
v1.1.2
v1.1.1-beta
v1.1.0
v1.1.0-beta
v1.0.0-beta
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.2
v0.3.1
v0.3.0
v0.2.1
0.2.0
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
Fixed (Pending PR Merge)

   
Stale

   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
keep-open

   
needs more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
theme

   
unfortunate
No labels
Fixed (Pending PR Merge)
Stale
bug
enhancement
enhancement
good first issue
help wanted
keep-open
needs more info
pull-request
question
theme
unfortunate
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whoogle-search#888
No description provided.