[DOP-26758] Disable session middleware by default

dolfinus · dolfinus · commit add5c72865e2 · 2025-11-13T21:37:27.000+03:00
diff --git a/config.docker.yml b/config.docker.yml
@@ -37,6 +37,7 @@ server:
   debug: true # !!! NEVER USE ON PRODUCTION !!!
 
   session:
+    enabled: true
     secret_key: generate_some_random_string
     max_age: 86400
 
diff --git a/config.yml b/config.yml
@@ -37,6 +37,7 @@ server:
   debug: true # !!! NEVER USE ON PRODUCTION !!!
 
   session:
+    enabled: true
     secret_key: generate_some_random_string
     max_age: 86400
 
diff --git a/docs/reference/scheduler/index.rst b/docs/reference/scheduler/index.rst
@@ -34,7 +34,7 @@ With docker
   .. dropdown:: ``config.yml``
 
     .. literalinclude:: ../../../config.yml
-        :emphasize-lines: 1-5,53-54
+        :emphasize-lines: 1-5,54-55
 
 Without docker
 ^^^^^^^^^^^^^^
diff --git a/docs/reference/server/auth/keycloak/index.rst b/docs/reference/server/auth/keycloak/index.rst
@@ -83,7 +83,8 @@ Basic configuration
 
 
 OAuth2 Gateway Provider
------------
+-----------------------
+
 In case of using an OAuth2 Gateway, all API requests will come with an Authorization: Bearer header. For this scenario, Syncmaster provides an alternative authentication provider called OAuth2GatewayProvider. This provider works as follows:
 
 - It extracts the access token from the Authorization header.
@@ -103,4 +104,4 @@ OAuth2GatewayProvider uses the same configuration models as KeycloakAuthProvider
     :caption: Keycloak
     :hidden:
 
-    local_installation
+    local_installation
diff --git a/docs/reference/server/auth/keycloak/local_installation.rst b/docs/reference/server/auth/keycloak/local_installation.rst
@@ -85,7 +85,7 @@ Set URI to redirect from Keycloak login page for exchanging the code for an acce
 
     auth:
         keycloak:
-            # set here SyncMaster hostname/domain
+            # Set here URL of SyncMaster UI page handling callback redirects
             redirect_uri: http://localhost:3000/auth/callback
             # ...
 
@@ -108,6 +108,29 @@ Now go to **Credentials** tab and generate a client secret:
 
 Now you can use create users in this realm, check `Keycloak documentation <https://www.keycloak.org/docs/latest/server_admin/#assembly-managing-users_server_administration_guide>`_ on how to manage users creation.
 
+Enable session middleware
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Enable :ref:`server-configuration-session <SesionMiddleware>`, and generate random string to use as secret key for cookie encryption.
+
+.. code-block:: yaml
+    :caption: config.yml
+
+    server:
+        session:
+            enabled: true
+            secret_key: secret_key_for_session_cookie
+
+Replace login page with Keycloak redirect button
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: yaml
+    :caption: config.yml
+
+    ui:
+        # required by KeycloakAuthProvider
+        auth_provider: keycloakAuth
+
 Final configuration
 ~~~~~~~~~~~~~~~~~~~
 
@@ -121,15 +144,22 @@ After this you can use ``KeycloakAuthProvider`` in your application:
         keycloak:
             # Keycloak URL accessible from both SyncMaster server and from browser
             server_url: http://keycloak:8080
-            # set here SyncMaster hostname/domain
+            # Set here URL of SyncMaster UI page handling callback redirects
             redirect_uri: http://localhost:3000/auth/callback
             realm_name: fastapi_realm
             client_id: fastapi_client
             client_secret: 6x6gn8uJdWSBmP8FqbNRSoGdvaoaFeez
             scope: email
             verify_ssl: false
 
+    server:
+        session:
+            # required by KeycloakAuthProvider
+            enabled: true
+            secret_key: secret_key_for_session_cookie
+
     ui:
+        # required by KeycloakAuthProvider
         auth_provider: keycloakAuth
-        # set here SyncMaster hostname/domain
+        # SyncMaster API URL, accessible from browser
         api_browser_url: http://localhost:8000
diff --git a/docs/reference/server/index.rst b/docs/reference/server/index.rst
@@ -33,7 +33,7 @@ With docker
   .. dropdown:: ``config.yml``
 
     .. literalinclude:: ../../../config.yml
-        :emphasize-lines: 7-27, 36-49, 70-71
+        :emphasize-lines: 7-27, 36-50, 71-72
 
 * After server is started and ready, open http://localhost:8000/docs.
 
diff --git a/docs/reference/worker/index.rst b/docs/reference/worker/index.rst
@@ -43,7 +43,7 @@ With docker
   .. dropdown:: ``config.yml``
 
     .. literalinclude:: ../../../config.yml
-        :emphasize-lines: 1-10,57-67
+        :emphasize-lines: 1-10,58-68
 
 Without docker
 ^^^^^^^^^^^^^^
diff --git a/syncmaster/server/settings/server/session.py b/syncmaster/server/settings/server/session.py
@@ -62,7 +62,7 @@ class SessionSettings(BaseModel):
     """
 
     enabled: bool = Field(
-        default=True,
+        default=False,
         description="Set to ``True`` to enable SessionMiddleware",
     )
     secret_key: SecretStr | None = Field(

Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ class SessionSettings(BaseModel):`
`62`	`62`	`"""`
`63`	`63`
`64`	`64`	`enabled: bool = Field(`
`65`		`- default=True,`
	`65`	`+ default=False,`
`66`	`66`	description="Set to ``True`` to enable SessionMiddleware",
`67`	`67`	`)`
`68`	`68`	`secret_key: SecretStr \| None = Field(`