Skip to main content

Session management for hyperdiv

Project description

Hyperdiv Session

Adds the support for sessions to Hyperdiv. This is an essential plugin that enables Hyperdiv users to create authorization flows, data persistence across browser sessions and multiuser support.

Getting Started

  1. pip install hyperdiv-session
  2. Import this plugin from hyperdiv_session import session.
  3. Initialize this plugin and provide the secret string for cookie signing to work.
  4. Handle non-authenticated state, create new session after authentication, persist sessions if required.

Demo app

The example.py contains a basic Hyperdiv application that can handle authentication or log in, persist user across browser windows, persist user data to the filesystem and have log out feature.

import hyperdiv as hd
from hyperdiv_session import session

from _storage import connect, persist, load, delete


def main():
    # Create a session object with a secret key
    sid = session(secret_key="some very secret")

    # Create some view state to store a count
    counter = hd.state(count=0)

    with hd.box(padding=8, gap=2):
        if not sid.is_authenticated():
            hd.text("Not authenticated yet.")

            if hd.button("Authenticate").clicked:
                # create new session
                sid.create_new()
                sid.gdpr_flag = True  # GDPR consent

                # save session into storage
                persist(sid.session_id, counter.count)

        else:
            # load state for given session_id from storage
            counter.count = load(sid.session_id)

            hd.text("Session demo app.")
            hd.text(sid.session_id)
            hd.text(counter.count)

            if hd.button("Increment").clicked:
                counter.count += 1

                # update session state in storage
                persist(sid.session_id, counter.count)

            if hd.button("Log out").clicked:
                sid.clear()
                delete(sid.session_id)


connect()  # open connection to storage or create a new one

hd.run(main)

https://github.com/vladignatyev/hyperdiv-session/assets/513940/abdf89f6-9d38-48a3-89d2-2d9166bdfddc

Notes on implementation

The client-side persistence implemented using localStorage (see: MDN Web Docs). We use signed cookie as session token. The cookie signing mechanism is derived from Django. We use salted HMAC with SHA-256 hasher for timestamped cookies.

Warning

This is a work-in-progress software! It may lack required features, contain bugs or breaches. Please create new issue for feature request and bug report.

TODO

  • Test coverage
  • Make the XSS testing stage
  • Create documentation and samples
  • Implement GDPR compliance

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hyperdiv_session-0.1.1.tar.gz (7.7 kB view hashes)

Uploaded Source

Built Distribution

hyperdiv_session-0.1.1-py3-none-any.whl (9.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page