hjess/tink-demo
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity

fix: move api_log to server-side store — prevents session cookie overflow on step 4+
All checks were successful
Build and Deploy / deploy (push) Successful in 55s
Details

Browse Source
This commit is contained in:
Henrik Jess Nielsen
2026-05-23 01:25:02 +02:00
parent 1471d0f67f
commit 7dd58256aa
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/routes/demo.py
View File

@@ -72,16 +72,24 @@ def _ctx(request: Request, extra: dict) -> dict:
def _logger(sess: dict):
"""Returns a callback that appends log entries to sess['api_log']."""
"""Returns a callback that appends log entries to server-side store (not cookie)."""
def cb(entry: dict):
log = sess.setdefault("api_log", [])
sid = sess.get("sid", "")
if not sid:
return
store = _token_store.setdefault(sid, {})
log = store.setdefault("api_log", [])
log.append(entry)
# keep last 50 entries
if len(log) > 50:
sess["api_log"] = log[-50:]
store["api_log"] = log[-50:]
return cb
def _get_api_log(sess: dict) -> list:
sid = sess.get("sid", "")
return _token_store.get(sid, {}).get("api_log", [])
# ---------------------------------------------------------------------------
# Landing
# ---------------------------------------------------------------------------
@@ -111,7 +119,7 @@ async def debug_session(request: Request):
for k, v in sess.items()
if k != "api_log"
}
safe["api_log_count"] = len(sess.get("api_log", []))
safe["api_log_count"] = len(_get_api_log(sess))
safe["cookie_size_bytes"] = len(str(request.session))
return safe
@@ -627,7 +635,7 @@ async def step6(request: Request):
@router.get("/demo/log", response_class=HTMLResponse)
async def api_log(request: Request):
sess = _session(request)
log = sess.get("api_log", [])
log = _get_api_log(sess)
return templates.TemplateResponse("log.html", _ctx(request, {
"log": list(reversed(log)), # newest first
"log_count": len(log),
@@ -637,7 +645,9 @@ async def api_log(request: Request):
@router.post("/demo/log/clear")
async def clear_log(request: Request):
sess = _session(request)
sess["api_log"] = []
sid = sess.get("sid", "")
if sid and sid in _token_store:
_token_store[sid].pop("api_log", None)
return RedirectResponse("/demo/log", status_code=303)