Ensure all entry points get sessions.

Somewhat speculative, but the change in f62a9769fd, while fixing certain errors where logged-out users sometimes didn't have sessions come calc_users, also opened the possibility of certain request sequences that wouldn't give a user a session. In the interest of conservatism, we create a session if not exists in both the new location in calc_users and the previous spot in before_request.
2022-11-22 18:37:55 -05:00 · 2022-11-22 18:37:55 -05:00 · af7df7f62d
parent 2d513e862e
commit af7df7f62d
2 changed files with 10 additions and 4 deletions
--- a/files/routes/allroutes.py
+++ b/files/routes/allroutes.py
@ -43,6 +43,9 @@ def before_request():
 	request.full_path = request.full_path.rstrip('?').rstrip('/')
 	if not request.full_path: request.full_path = '/'

+	session_init()
+
+
@app.after_request
 def after_request(response):
 	if response.status_code < 400:
@ -56,6 +59,7 @@ def after_request(response):
 			del g.db
 	return response

+
@app.teardown_appcontext
 def teardown_request(error):
 	if getattr(g, 'db', None):
--- a/files/routes/wrappers.py
+++ b/files/routes/wrappers.py
@ -12,15 +12,17 @@ from files.helpers.settings import get_setting
 from files.routes.routehelpers import validate_formkey
 from files.__main__ import app, cache, db_session, limiter

+def session_init():
+	if not session.get("session_id"):
+		session.permanent = True
+		session["session_id"] = secrets.token_hex(49)
+
 def calc_users(v):
 	loggedin = cache.get(f'{SITE}_loggedin') or {}
 	loggedout = cache.get(f'{SITE}_loggedout') or {}
 	timestamp = int(time.time())

-	if not session.get("session_id"):
-		session.permanent = True
-		session["session_id"] = secrets.token_hex(49)
-
+	session_init()
 	if v:
 		if session["session_id"] in loggedout: del loggedout[session["session_id"]]
 		loggedin[v.id] = timestamp