session.py - Session Management
The main thing in this file is to create the auth manager and to provide a user_loader
The auth manager uses the user_loader
on every route that requires authentication
The way we do protected routes in FastAPI is to include a parameter on the endpoint
user=Depends(auth_manager)
This will cause the JWT token (provided in a cookie)
OR in a header to be validated. If the token is valid then the user will be looked
up in the database using the load_user
function in this file.
see auth.py - Validation and Authentication for more detail.
Imports
These are listed in the order prescribed by PEP 8.
Standard library
Third-party imports
Local application imports
from .config import settings
from .crud import fetch_instructor_courses, fetch_user
from .applogger import rslogger
from .models import AuthUserValidator
auth_manager = LoginManager(settings.jwt_secret, "/auth/validate", use_cookie=True)
auth_manager.cookie_name = "access_token"
@auth_manager.user_loader() # type: ignore
async def _load_user(user_id: str) -> AuthUserValidator:
fetch a user object from the database. This is designed to work with the original web2py auth_user schema but make it easier to migrate to a new database by simply returning a user object.
The user_loader
decorator doesn’t propagate type hints. Fix this manually.