ds_author cookie can now expire, closes #829

Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076
2025-12-10 16:51:24 +01:00 · 2020-06-10 12:39:54 -07:00 · 2020-06-10 12:39:54 -07:00 · 57e812d5de
commit 57e812d5de
parent d828abadde
9 changed files with 99 additions and 21 deletions
--- a/datasette/actor_auth_cookie.py
+++ b/datasette/actor_auth_cookie.py
@ -1,5 +1,7 @@
 from datasette import hookimpl
 from itsdangerous import BadSignature
+import baseconv
+import time


@hookimpl
@ -7,6 +9,15 @@ def actor_from_request(datasette, request):
    if "ds_actor" not in request.cookies:
        return None
    try:
-        return datasette.unsign(request.cookies["ds_actor"], "actor")
+        decoded = datasette.unsign(request.cookies["ds_actor"], "actor")
+        # If it has "e" and "a" keys process the "e" expiry
+        if not isinstance(decoded, dict) or "a" not in decoded:
+            return None
+        expires_at = decoded.get("e")
+        if expires_at:
+            timestamp = int(baseconv.base62.decode(expires_at))
+            if time.time() > timestamp:
+                return None
+        return decoded["a"]
    except BadSignature:
        return None
--- a/datasette/views/special.py
+++ b/datasette/views/special.py
@ -62,7 +62,9 @@ class AuthTokenView(BaseView):
        if secrets.compare_digest(token, self.ds._root_token):
            self.ds._root_token = None
            response = Response.redirect("/")
-            response.set_cookie("ds_actor", self.ds.sign({"id": "root"}, "actor"))
+            response.set_cookie(
+                "ds_actor", self.ds.sign({"a": {"id": "root"}}, "actor")
+            )
            return response
        else:
            return Response("Invalid token", status=403)