603466164219281420 #support-questions

Thanks a lot 🙂 Also, is there a way to get the client IP? I believe in normal starlette Request object you can get it via print(request.client.host) but in SuperTokens' FastApiRequest object there is no client attribute

kakashi_44

11/23/2021, 10:16 AM

hey @User , try the following sample code snippet

kakashi_44

11/23/2021, 10:17 AM

python
from supertokens_python.recipe.session.asyncio import revoke_all_sessions_for_user
from supertokens_python import init
from supertokens_python.recipe import session
from typing import TYPE_CHECKING
if TYPE_CHECKING:
    from supertokens_python.framework.fastapi.fastapi_request import FastApiRequest
    from typing import Union


def override_session_functions(original_implementation):
    original_create_new_session = original_implementation.create_new_session

    async def create_new_session(request: FastApiRequest, user_id: str, jwt_payload: Union[dict, None] = None, session_data: Union[dict, None] = None):
        await revoke_all_sessions_for_user(user_id)
        # to access original request object, just do:
        original_request = request.original
        return await original_create_new_session(request, user_id, jwt_payload, session_data)
    original_implementation.create_new_session = create_new_session
    return original_implementation

init({
    'app_info': {...},
    'supertokens': {...},
    'framework': '...',
    'recipe_list': [
        session.init({
            'override': {
                'functions': override_session_functions
            }
        })
    ]
})

kakashi_44

11/23/2021, 10:18 AM

You can get the original fastapi request doing

original_request = request.original

as shown in the above code snippet

Jim Gambit

11/23/2021, 10:18 AM

Thanks! 🙂 I will try this out

kakashi_44

11/23/2021, 10:19 AM

Cool 👍 🙂

11/23/2021, 10:52 AM

@User , maybe you missed this: > One point to be aware is that unless you enable access token blacklisting, the existing logged in device will not get logged out until it refreshes its session - which will happen depending on the configured access token's lifetime (which is 1 hour by default) Would this be OK?

Jim Gambit

11/23/2021, 11:32 AM

Yes, I did this as well and ran a couple of scenarios in our code base. The code snippet is working for us and it seems like the easiest and simplest solution for our use case. Thanks a ton for the help 🙂

Jim Gambit

11/23/2021, 11:38 AM

Just confirming, access token blacklisting can be enabled through docker environment variable, right?

11/23/2021, 12:46 PM

@User yes. It can be enabled that way. However, the downside to this is that it will cause a db lookup for every session verificaiton request which might affect performance.

11/23/2021, 12:46 PM

You may want to add your own solution of blacklisting by using a cache instead.

11/23/2021, 12:47 PM

but, try and it out and see how it goes - maybe it would be fine for you 🙂

jj_

11/24/2021, 3:49 AM

Is there a way to customize errors on sign in or signup page.

11/24/2021, 4:45 AM

Hey @User , which recipe are you using?

jj_

11/24/2021, 4:52 AM

email-password

11/24/2021, 4:53 AM

And the error is a validation error for a specific field in the form? Or a more generic error?

jj_

11/24/2021, 4:56 AM

specify as in if the user session already exists on another device then , we need a custom error to be displayed .

11/24/2021, 5:30 AM

@User , give us sometime, I will reply to you ASAP.

11/24/2021, 5:37 AM

@User you need to do the following: - In your override function, you can throw a custom error which get's propogated to your app's error handler. - In your app's error handler, you should detect that custom error and send a JSON, 200 reply to the frontend with the following structure:

{status: "GENERAL_ERROR", message: "some custom error message"}

Then in the UI, you will see "some custom error message"

11/24/2021, 5:37 AM

Are you using node?

11/24/2021, 5:40 AM

If you are, here is an example code snippet: First we throw a custom error in the overrided function:

js
Session.init({
        override: {
            functions: (oI) => {
                return {
                    ...oI,
                    createNewSession: async function (_) {
                        // for example purposes, we are always throwing an error...
                        throw new Error("create session failed");
                    }
                }
            }
        }
    })

Then we can catch that in the app's error handler like this:

js
app.use((err, req, res, next) => {
    if (err.message === "create session failed") {
        res.setHeader('Content-Type', 'application/json');
        res.end(JSON.stringify({
            status: "GENERAL_ERROR",
            message: "Unable to make new session" // this message will get displayed to the user.
        }));
        return;
    }
    res.status(500).send("Internal error: " + err.message);
});

ZeferiniX

11/24/2021, 6:25 PM

I'm trying to migrate

supertokens-node

from v7 to v8 and just found out

getSessionData

has been deprecated. Would probably be helpful if that's logged somehow. That aside, I'm trying to migrate to the recommended function which is

getSessionInformation

and the type reference from the docs doesn't match what's usable in the code.

ZeferiniX

11/24/2021, 6:25 PM

from the docs

ZeferiniX

11/24/2021, 6:26 PM

inspected the codebase and seems like as the code says

11/24/2021, 6:27 PM

these are the contents of SessionInformation

ZeferiniX

11/24/2021, 6:27 PM

now my question is, where does

sessionData

actually go?

11/24/2021, 6:27 PM

So sessionData is stored in the db against the sessionhandle