580f551700
Redis: per-app DB index (0-5) with shared auth DB 15 for SSO keys; flushdb replaces flushall so deploys don't wipe cross-app auth state. Postgres: drop 13 cross-domain FK constraints (migration v2t0p8q9r0), remove dead ORM relationships, add explicit joins for 4 live ones. Multi-engine sessions (account + federation) ready for per-domain DBs via DATABASE_URL_ACCOUNT / DATABASE_URL_FEDERATION env vars. All URLs initially point to the same appdb — zero behaviour change until split-databases.sh is run to migrate data to per-domain DBs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
38 lines
1.0 KiB
Python
38 lines
1.0 KiB
Python
"""Shared auth Redis connection (DB 15).
|
|
|
|
All cross-app auth keys live here so that per-app FLUSHDB on deploy
|
|
doesn't wipe SSO state:
|
|
- did_auth:{device_id} — login signal timestamp
|
|
- grant:{grant_token} — grant validity cache (ok/revoked)
|
|
- prompt:{app}:{device_id} — prompt=none cooldown
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
|
|
from redis import asyncio as aioredis
|
|
|
|
_AUTH_REDIS_URL = os.getenv("REDIS_AUTH_URL", "redis://redis:6379/15")
|
|
|
|
_auth_redis: aioredis.Redis | None = None
|
|
|
|
|
|
async def get_auth_redis() -> aioredis.Redis:
|
|
"""Return the shared auth Redis connection (lazy init)."""
|
|
global _auth_redis
|
|
if _auth_redis is None:
|
|
_auth_redis = aioredis.Redis.from_url(
|
|
_AUTH_REDIS_URL,
|
|
encoding="utf-8",
|
|
decode_responses=False,
|
|
)
|
|
return _auth_redis
|
|
|
|
|
|
async def close_auth_redis() -> None:
|
|
"""Close the auth Redis connection (call on app shutdown)."""
|
|
global _auth_redis
|
|
if _auth_redis is not None:
|
|
await _auth_redis.close()
|
|
_auth_redis = None
|