Cookies

Setting up cookies is also something that usually happens within the scope of almost any application.

Let's assume you need to setup a cookie in your application. There are a few ways.

Cookie as a param

In your API you need a cookie to be passed onto the call to make you run some extra security validations, like CSRF.

from pydantic import BaseModel, EmailStr

from ravyn import Cookie, Ravyn, Gateway, JSONResponse, post


class User(BaseModel):
    name: str
    email: EmailStr


@post(path="/create")
async def create_user(
    data: User,
    cookie: str = Cookie(value="csrftoken"),
) -> JSONResponse:
    """
    Run validations with the token header
    """
    ...


app = Ravyn(routes=Gateway(handler=create_user))

The cookie is nothing more nothing less than pydantic FieldInfo with some extra things specific for the cookie that extends the Param.

from ravyn import Param

# or

from ravyn.params import Param

The same result can be achieved by using directly the Param field.

from pydantic import BaseModel, EmailStr

from ravyn import Ravyn, Gateway, JSONResponse, Param, post


class User(BaseModel):
    name: str
    email: EmailStr


@post(path="/create")
async def create_user(
    data: User,
    cookie: str = Param(cookie="csrftoken"),
) -> JSONResponse:
    """
    Run validations with the token header
    """
    ...


app = Ravyn(routes=Gateway(handler=create_user))

Since the Param is the base for the Ravyn parameters, you can use it directly with a key difference.

the Cookie expects a value field whereas the Param expects a cookie value.

If a cookie is defined and not sent properly when the call is made it will raise a 400 BadRequest.

Response cookies

This is something else entirely and it is used when you want to send a cookie with the response. Very easy to use as well.

The response_headers is a simple python list.

from pydantic import BaseModel, EmailStr

from ravyn import Ravyn, Gateway, Response, post
from ravyn.core.datastructures import Cookie


class User(BaseModel):
    name: str
    email: EmailStr


@post(
    path="/create",
    response_cookies=[
        Cookie(
            key="csrf",
            value="CIwNZNlR4XbisJF39I8yWnWX9wX4WFoz",
            max_age=3000,
            httponly=True,
        )
    ],
)
async def create_user(data: User) -> Response:
    """
    Run validations with the token header
    """
    ...


app = Ravyn(routes=Gateway(handler=create_user))

When you check the response from the api call, you should now also have a csrf cookie being sent as well with the value CIwNZNlR4XbisJF39I8yWnWX9wX4WFoz.

This is how simple and effective you can manage response cookies.

Caution

Although Cookie from response cookies looks very similar to Cookie from the params they are in fact very different.

Cookie from response cookies

This cookie is a datastructure that contains unique fields to create a cookie to be sent back in the response.

To import it:

from ravyn.core.datastructures import Cookie

# or

from ravyn.core.datastructures import Cookie as ResponseCookie

Cookie from params

The cookie used with the example as param is not a datastructure but a FieldInfo so it cannot be used to set and create a new cookie like the one from response cookies.

To import it:

from ravyn import Cookie

# or

from ravyn.params import Cookie