Hugging Face's logo

Spaces:
KBaba7
/
DocsBot
Sleeping

App Files Community
BabaK07 commited on
Commit
9006e65
·
1 Parent(s): fdac8e9

fix: secure cookie for HTTPS/HF Spaces deployment

Browse files
Files changed (2) hide show
  1. app/config.py +1 -0
  2. app/main.py +8 -6
app/config.py CHANGED
@@ -31,6 +31,7 @@ class Settings(BaseSettings):
31
  groq_api_key: str | None = None
32
  web_search_provider: str = "tavily"
33
  tavily_api_key: str | None = None
 
34
 
35
  @property
36
  def upload_path(self) -> Path:
 
31
  groq_api_key: str | None = None
32
  web_search_provider: str = "tavily"
33
  tavily_api_key: str | None = None
34
+ cookie_secure: bool = False
35
 
36
  @property
37
  def upload_path(self) -> Path:
app/main.py CHANGED
@@ -13,6 +13,7 @@ from sqlalchemy.exc import OperationalError
13
  from sqlalchemy import select
14
  from sqlalchemy.orm import Session
15
 
 
16
  from app.database import get_db, init_db
17
  from app.models import Document, User, UserDocument
18
  from app.schemas import AskRequest, AskResponse, UserCreate, UserLogin
@@ -33,6 +34,11 @@ storage_service = StorageService()
33
  MAX_UPLOAD_FILES = 5
34
  MAX_PDF_PAGES = 10
35
 
 
 
 
 
 
36
 
37
  def _message_content_to_text(content: Any) -> str:
38
  if isinstance(content, str):
@@ -241,11 +247,7 @@ def register(email: str = Form(...), password: str = Form(...), db: Session = De
241
  status_code=status.HTTP_201_CREATED,
242
  content={"message": "Registered successfully", "email": user.email},
243
  )
244
- response.set_cookie("access_token", token, httponly=True, samesite="lax", path="/")
245
- return response
246
-
247
-
248
- @app.post("/login")
249
  def login(email: str = Form(...), password: str = Form(...), db: Session = Depends(get_db)):
250
  payload = UserLogin(email=email, password=password)
251
  user = db.scalar(select(User).where(User.email == payload.email))
@@ -253,7 +255,7 @@ def login(email: str = Form(...), password: str = Form(...), db: Session = Depen
253
  raise HTTPException(status_code=400, detail="Invalid credentials")
254
  token = create_access_token(str(user.id))
255
  response = JSONResponse(content={"message": "Login successful", "email": user.email})
256
- response.set_cookie("access_token", token, httponly=True, samesite="lax", path="/")
257
  return response
258
 
259
 
 
13
  from sqlalchemy import select
14
  from sqlalchemy.orm import Session
15
 
16
+ from app.config import get_settings
17
  from app.database import get_db, init_db
18
  from app.models import Document, User, UserDocument
19
  from app.schemas import AskRequest, AskResponse, UserCreate, UserLogin
 
34
  MAX_UPLOAD_FILES = 5
35
  MAX_PDF_PAGES = 10
36
 
37
+ _settings = get_settings()
38
+ # On HuggingFace Spaces (and any HTTPS deployment) cookies must be Secure.
39
+ # We detect this via an env var; locally it stays False so http:// still works.
40
+ _COOKIE_SECURE: bool = _settings.cookie_secure
41
+
42
 
43
  def _message_content_to_text(content: Any) -> str:
44
  if isinstance(content, str):
 
247
  status_code=status.HTTP_201_CREATED,
248
  content={"message": "Registered successfully", "email": user.email},
249
  )
250
+ response.set_cookie("access_token", token, httponly=True, samesite="lax", secure=_COOKIE_SECURE, path="/")
 
 
 
 
251
  def login(email: str = Form(...), password: str = Form(...), db: Session = Depends(get_db)):
252
  payload = UserLogin(email=email, password=password)
253
  user = db.scalar(select(User).where(User.email == payload.email))
 
255
  raise HTTPException(status_code=400, detail="Invalid credentials")
256
  token = create_access_token(str(user.id))
257
  response = JSONResponse(content={"message": "Login successful", "email": user.email})
258
+ response.set_cookie("access_token", token, httponly=True, samesite="lax", secure=_COOKIE_SECURE, path="/")
259
  return response
260
 
261