fix: rename cookie for webapp (#27264)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-19 11:45:05 +08:00 · 2025-10-23 11:03:48 +08:00
parent b198c9474a
commit e843fe8aa6
5 changed files with 34 additions and 15 deletions
--- a/api/libs/token.py
+++ b/api/libs/token.py
@ -12,6 +12,7 @@ from constants import (
    COOKIE_NAME_CSRF_TOKEN,
    COOKIE_NAME_PASSPORT,
    COOKIE_NAME_REFRESH_TOKEN,
+    COOKIE_NAME_WEBAPP_ACCESS_TOKEN,
    HEADER_NAME_CSRF_TOKEN,
    HEADER_NAME_PASSPORT,
 )
@ -81,6 +82,14 @@ def extract_access_token(request: Request) -> str | None:
    return _try_extract_from_cookie(request) or _try_extract_from_header(request)


+def extract_webapp_access_token(request: Request) -> str | None:
+    """
+    Try to extract webapp access token from cookie, then header.
+    """
+
+    return request.cookies.get(_real_cookie_name(COOKIE_NAME_WEBAPP_ACCESS_TOKEN)) or _try_extract_from_header(request)
+
+
 def extract_webapp_passport(app_code: str, request: Request) -> str | None:
    """
    Try to extract app token from header or params.
@ -155,6 +164,10 @@ def clear_access_token_from_cookie(response: Response, samesite: str = "Lax"):
    _clear_cookie(response, COOKIE_NAME_ACCESS_TOKEN, samesite)


+def clear_webapp_access_token_from_cookie(response: Response, samesite: str = "Lax"):
+    _clear_cookie(response, COOKIE_NAME_WEBAPP_ACCESS_TOKEN, samesite)
+
+
 def clear_refresh_token_from_cookie(response: Response):
    _clear_cookie(response, COOKIE_NAME_REFRESH_TOKEN)