Changed app for proxy and https++

2026-01-22 16:42:55 +01:00
parent e4fed12143
commit c3efa127d9
1 changed files with 17 additions and 5 deletions
--- a/app.py
+++ b/app.py
@@ -1,6 +1,7 @@
 from flask import Flask, render_template, request, jsonify, redirect, url_for, session
 from functools import wraps
 from werkzeug.middleware.proxy_fix import ProxyFix
+from datetime import timedelta
 import malias_wrapper as malias_w
 import os
 import argparse
@@ -23,12 +24,22 @@ app.wsgi_app = ProxyFix(
 malias_w.init_database()

 # Session configuration for reverse proxy
-# Allow session cookies to work properly behind HTTPS proxy
+# Critical: Session cookies must work through proxy (Authelia, Zoraxy, etc.)
 app.config.update(
-    SESSION_COOKIE_SECURE=False,      # Set to True if using HTTPS only
-    SESSION_COOKIE_HTTPONLY=True,     # Prevent JavaScript access to session cookie
-    SESSION_COOKIE_SAMESITE='Lax',    # CSRF protection
-    PREFERRED_URL_SCHEME='https'      # Generate HTTPS URLs when behind proxy
+    # Session cookie settings
+    SESSION_COOKIE_NAME='malias_session',      # Custom name to avoid conflicts
+    SESSION_COOKIE_SECURE=False,                # Must be False - backend connection is HTTP
+    SESSION_COOKIE_HTTPONLY=True,              # Security: prevent JavaScript access
+    SESSION_COOKIE_SAMESITE='Lax',             # Allow same-site requests (needed for redirects)
+    SESSION_COOKIE_PATH='/',                   # Available for entire application
+    
+    # Permanent session (survives browser restarts)
+    PERMANENT_SESSION_LIFETIME=86400,          # 24 hours in seconds
+    SESSION_REFRESH_EACH_REQUEST=True,         # Extend session on each request
+    
+    # URL generation
+    PREFERRED_URL_SCHEME='https',              # Generate HTTPS URLs when behind proxy
+    APPLICATION_ROOT='/',                       # Application root path
 )

 def login_required(f):
@@ -46,6 +57,7 @@ def login():
    if request.method == 'POST':
        password = request.json.get('password', '')
        if malias_w.verify_password(password):
+            session.permanent = True  # Make session persistent
            session['logged_in'] = True
            return jsonify({'status': 'success', 'message': 'Login successful'})
        else: