Skip to content

v0.9.0: HTTP cookie support

Choose a tag to compare

View all tags
@rustyconover rustyconover released this 21 Apr 15:28
· 18 commits to main since this release
v0.9.0
6faea73

HTTP cookie support for unary RPC methods

RPC methods served over the HTTP transport can now read incoming cookies and set/delete cookies on the response via CallContext.

API additions (vgi_rpc.rpc.CallContext)

  • ctx.cookies — read-only Mapping[str, str] of incoming request cookies. Empty on non-HTTP transports.
  • ctx.set_cookie(name, value, *, expires=None, max_age=None, domain=None, path=None, secure=None, http_only=True, same_site=None, partitioned=False) — queue a Set-Cookie on the HTTP response. Unary HTTP methods only.
  • ctx.delete_cookie(name, *, path=None, domain=None) — queue an unset-cookie. Unary HTTP methods only.

Behavior

  • Cookies queued before an exception are still emitted on the 4xx/5xx response.
  • Calling set_cookie/delete_cookie from a streaming method or non-HTTP transport raises RuntimeError (surfaced to clients as RpcError).
  • _AuthMiddleware now installs unconditionally, so transport_metadata (remote_addr, user_agent, cookies) is available even on services without an authenticate callback.

Example

class Session(Protocol):
    def login(self, user: str, password: str) -> str: ...
    def whoami(self) -> str: ...

class SessionImpl:
    def login(self, user: str, password: str, ctx: CallContext) -> str:
        ctx.set_cookie("sid", generate_token(user), max_age=3600, http_only=True, secure=True, same_site="Lax")
        return user

    def whoami(self, ctx: CallContext) -> str:
        return lookup_user(ctx.cookies.get("sid", ""))
Assets 2
Loading