ahmed-bakr1988/SaaS-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Enhance task access control and session management

Browse Source 
- Implemented API and web task access assertions in the task status polling endpoint.
- Added functions to remember and check task access in user sessions.
- Updated task status tests to validate access control based on session data.
- Enhanced download route tests to ensure proper access checks.
- Improved SEO metadata handling with dynamic social preview images.
- Updated sitemap generation to include blog posts and new tools.
- Added a social preview SVG for better sharing on social media platforms.
This commit is contained in:
Your Name
2026-03-17 21:19:23 +02:00
parent ff5bd19335
commit 3f24a7ea3e
17 changed files with 384 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
backend/app/utils/auth.py
View File

@@ -1,6 +1,9 @@
"""Session helpers for authenticated routes."""
from flask import session
TASK_ACCESS_SESSION_KEY = "task_access_ids"
MAX_TRACKED_TASK_IDS = 200
def get_current_user_id() -> int | None:
"""Return the authenticated user id from session storage."""
@@ -8,11 +11,31 @@ def get_current_user_id() -> int | None:
return user_id if isinstance(user_id, int) else None
def remember_task_access(task_id: str):
"""Persist one web task id in the active browser session."""
tracked = session.get(TASK_ACCESS_SESSION_KEY, [])
if not isinstance(tracked, list):
tracked = []
normalized = [value for value in tracked if isinstance(value, str) and value != task_id]
normalized.append(task_id)
session[TASK_ACCESS_SESSION_KEY] = normalized[-MAX_TRACKED_TASK_IDS:]
def has_session_task_access(task_id: str) -> bool:
"""Return whether the active browser session owns one web task id."""
tracked = session.get(TASK_ACCESS_SESSION_KEY, [])
return isinstance(tracked, list) and task_id in tracked
def login_user_session(user_id: int):
"""Persist the authenticated user in the Flask session."""
tracked_task_ids = session.get(TASK_ACCESS_SESSION_KEY, [])
session.clear()
session.permanent = True
session["user_id"] = user_id
if isinstance(tracked_task_ids, list) and tracked_task_ids:
session[TASK_ACCESS_SESSION_KEY] = tracked_task_ids[-MAX_TRACKED_TASK_IDS:]
def logout_user_session():