MCPcopy Create free account
hub / github.com/tiny-pilot/tinypilot / monitor_auth

Function monitor_auth

app/socket_api.py:31–66  ·  view source on GitHub ↗

Decorator that monitors the session’s auth state of the socket. When socket events come in, it checks whether the session still satisfies the auth requirement by making calls to `session.is_auth_valid()`. If the session’s auth state has become invalid, it disconnects the client. It

(handler)

Source from the content-addressed store, hash-verified

29
30
31def monitor_auth(handler):
32 """Decorator that monitors the session’s auth state of the socket.
33
34 When socket events come in, it checks whether the session still satisfies
35 the auth requirement by making calls to `session.is_auth_valid()`. If the
36 session’s auth state has become invalid, it disconnects the client.
37
38 It doesn’t carry out the check for every incoming socket event, but it
39 caches the result for a short amount of time, before triggering a fresh
40 check. The reason is that a call to `session.is_auth_valid()` might take
41 several milliseconds, and we don’t want to add that latency on every single
42 incoming socket event. So the periodic caching behaviour is a tradeoff
43 between security and performance.
44
45 Example of usage:
46 @monitor_auth
47 def on_socket_event():
48 ...
49 """
50 cache_ttl_seconds = 10
51
52 @functools.wraps(handler)
53 def handler_with_auth_check(*args, **kwargs):
54 next_check_due = _auth_expiry_timestamps.get(flask.request.sid, None)
55
56 if (not next_check_due) or (utc.now() > next_check_due):
57 if not session.is_auth_valid(satisfies_role=auth.Role.OPERATOR):
58 flask_socketio.disconnect()
59 return None
60
61 _auth_expiry_timestamps[flask.request.sid] = utc.now(
62 ) + datetime.timedelta(seconds=cache_ttl_seconds)
63
64 return handler(*args, **kwargs)
65
66 return handler_with_auth_check
67
68
69@socketio.on('keystroke')

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected