[FastAPI] Refactor db modifications

For SQLAlchemy to automatically understand updates from the external world, it must use an `autocommit=True` in its session. This change breaks how we were using commit previously, as `autocommit=True` causes SQLAlchemy to commit when a SessionTransaction context hits __exit__. So, a refactoring was required of our tests: All usage of any `db.{create,delete}` must be called **within** a SessionTransaction context, created via new `db.begin()`. From this point forward, we're going to require: ``` with db.begin(): db.create(...) db.delete(...) db.session.delete(object) ``` With this, we now get external DB modifications automatically without reloading or restarting the FastAPI server, which we absolutely need for production. Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2021-09-02 16:26:48 -07:00 · 2021-09-02 16:26:48 -07:00 · a5943bf2ad
commit a5943bf2ad
parent b52059d437
37 changed files with 998 additions and 902 deletions
--- a/aurweb/models/user.py
+++ b/aurweb/models/user.py
@ -102,7 +102,7 @@ class User(Base):
    def login(self, request: Request, password: str, session_time=0):
        """ Login and authenticate a request. """

-        from aurweb.db import session
+        from aurweb import db
        from aurweb.models.session import Session, generate_unique_sid

        if not self._login_approved(request):
@ -112,10 +112,7 @@ class User(Base):
        if not self.authenticated:
            return None

-        self.LastLogin = now_ts = datetime.utcnow().timestamp()
-        self.LastLoginIPAddress = request.client.host
-        session.commit()
-
+        now_ts = datetime.utcnow().timestamp()
        session_ts = now_ts + (
            session_time if session_time
            else aurweb.config.getint("options", "login_timeout")
@ -123,22 +120,23 @@ class User(Base):

        sid = None

-        if not self.session:
-            sid = generate_unique_sid()
-            self.session = Session(UsersID=self.ID, SessionID=sid,
-                                   LastUpdateTS=session_ts)
-            session.add(self.session)
-        else:
-            last_updated = self.session.LastUpdateTS
-            if last_updated and last_updated < now_ts:
-                self.session.SessionID = sid = generate_unique_sid()
+        with db.begin():
+            self.LastLogin = now_ts
+            self.LastLoginIPAddress = request.client.host
+            if not self.session:
+                sid = generate_unique_sid()
+                self.session = Session(UsersID=self.ID, SessionID=sid,
+                                       LastUpdateTS=session_ts)
+                db.add(self.session)
            else:
-                # Session is still valid; retrieve the current SID.
-                sid = self.session.SessionID
+                last_updated = self.session.LastUpdateTS
+                if last_updated and last_updated < now_ts:
+                    self.session.SessionID = sid = generate_unique_sid()
+                else:
+                    # Session is still valid; retrieve the current SID.
+                    sid = self.session.SessionID

-            self.session.LastUpdateTS = session_ts
-
-        session.commit()
+                self.session.LastUpdateTS = session_ts

        request.cookies["AURSID"] = self.session.SessionID
        return self.session.SessionID
@ -149,13 +147,11 @@ class User(Base):
        return aurweb.auth.has_credential(self, cred, approved)

    def logout(self, request):
-        from aurweb.db import session
-
        del request.cookies["AURSID"]
        self.authenticated = False
        if self.session:
-            session.delete(self.session)
-            session.commit()
+            with db.begin():
+                db.session.delete(self.session)

    def is_trusted_user(self):
        return self.AccountType.ID in {