Merge branch 'flask-session' into 'main'

azmeuk · azmeuk · commit 2d104c228fb6 · 2025-11-16T20:17:32.000Z
Server-side sessions support

See merge request yaal/canaille!309
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -4,6 +4,7 @@
 Added
 ^^^^^
 - OIDC ``amr`` claim support. :issue:`302`
+- Server-side sessions.
 
 [0.1.0] - 2025-11-13
 --------------------
diff --git a/canaille/app/configuration.py b/canaille/app/configuration.py
@@ -5,6 +5,7 @@
 from dataclasses import dataclass
 from typing import Annotated
 from typing import Any
+from typing import Literal
 
 from pydantic import AmqpDsn
 from pydantic import BaseModel as PydanticBaseModel
@@ -212,6 +213,36 @@ def guess_broker(cls, v, info):
     - ``P1DT12H`` for 1 day and 12 hours
     """
 
+    SESSION_TYPE: (
+        Literal[
+            "redis",
+            "memcached",
+            "filesystem",
+            "sqlalchemy",
+            "mongodb",
+            "cachelib",
+            "dynamodb",
+        ]
+        | None
+    ) = None
+    """The Flask-Session backend type.
+
+    If ``None`` (default), Flask's default session implementation is used (client-side signed cookies).
+    When set, sessions are stored server-side using the specified backend.
+
+    Available backends:
+
+    - ``redis``: Store sessions in Redis (connects to localhost:6379 by default)
+    - ``memcached``: Store sessions in Memcached (connects to localhost:11211 by default)
+    - ``filesystem``: Store sessions in local files (uses /tmp/flask-session by default)
+    - ``sqlalchemy``: Store sessions in a SQL database
+    - ``mongodb``: Store sessions in MongoDB
+    - ``cachelib``: Store sessions using a cachelib backend
+    - ``dynamodb``: Store sessions in DynamoDB
+
+    See the :doc:`Flask-Session documentation <flask-session:index>` for backend-specific details.
+    """
+
 
 def settings_factory(
     config=None,
diff --git a/canaille/app/flask.py b/canaille/app/flask.py
@@ -15,6 +15,7 @@
 from flask import url_for
 from flask_caching import Cache
 from flask_dramatiq import Dramatiq
+from flask_session import Session
 from flask_wtf.csrf import CSRFProtect
 from werkzeug.exceptions import HTTPException
 from werkzeug.routing import BaseConverter
@@ -26,6 +27,7 @@
 
 csrf = CSRFProtect()
 cache = Cache()
+session_store = Session()
 dramatiq = Dramatiq(
     config_prefix="BROKER",
     middleware=[
@@ -198,6 +200,8 @@ def setup_flask(app) -> None:
 
     csrf.init_app(app)
     cache.init_app(app)
+    if app.config.get("SESSION_TYPE"):
+        session_store.init_app(app)
 
     # dirty warning silencing for the testsuite
     dramatiq.app = None
diff --git a/doc/conf.py b/doc/conf.py
@@ -80,6 +80,7 @@ def __getattr__(cls, name):
     "flask-dramatiq": ("https://flask-dramatiq.readthedocs.io/en/latest", None),
     "flask-babel": ("https://python-babel.github.io/flask-babel", None),
     "flask-caching": ("https://flask-caching.readthedocs.io/en/latest/", None),
+    "flask-session": ("https://flask-session.readthedocs.io/en/latest", None),
     "flask-wtf": ("https://flask-wtf.readthedocs.io", None),
     "hypercorn": ("https://hypercorn.readthedocs.io/en/latest", None),
     "jinja": ("https://jinja.palletsprojects.com", None),
diff --git a/pyproject.toml b/pyproject.toml
@@ -34,14 +34,13 @@ dependencies = [
     "click>=8.2.0",
     "flask >= 3.0.0",
     "flask-caching>=2.3.0",
+    "flask-session>=0.8.0",
     "flask-wtf >= 1.2.1",
-    "pydantic-settings >= 2.8.0",
     "httpx>=0.28.1",
     "wtforms >= 3.1.1",
     "flask-dramatiq>=0.6.0",
     "dramatiq>=1.18.0",
     "dramatiq-eager-broker>=0.1.0",
-    "pika>=1.3.2",
 ]
 
 [project.optional-dependencies]
@@ -63,10 +62,10 @@ oidc = [
 ]
 
 scim = [
-    "httpx>=0.28.1",
-    "scim2-models>=0.4.0",
     "authlib >= 1.5.1",
+    "httpx>=0.28.1",
     "scim2-client>=0.5.1",
+    "scim2-models>=0.4.0",
 ]
 
 ldap = [
diff --git a/uv.lock b/uv.lock
