Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Implementation:OpenHands OpenHands SetAuthCookieMiddleware

From Leeroopedia
Knowledge Sources
Domains Server_Architecture, SaaS_Infrastructure
Last Updated 2026-02-11 21:00 GMT

Overview

Concrete tool for intercepting HTTP requests to manage authentication cookies, enforce terms-of-service acceptance, and handle session logout, provided by the OpenHands enterprise server layer.

Description

The SetAuthCookieMiddleware class is a FastAPI HTTP middleware that runs on every incoming request. It performs three key functions: (1) checking whether the user has accepted the terms of service via _check_tos, (2) determining whether an authentication cookie should be attached to the response via _should_attach, and (3) handling logout flows via _logout. The middleware intercepts the request before it reaches any route handler, inspects JWT tokens and session state, and can modify the response headers to set or clear authentication cookies. Additionally, the module provides rate limiting infrastructure through setup_rate_limit_handler which configures rate limiting on the Starlette app, and create_redis_rate_limiter which creates a Redis-backed rate limiter with configurable time windows.

Usage

Use this middleware when deploying the SaaS server to ensure that all HTTP requests are subject to authentication cookie management. The middleware is added to the FastAPI application during server assembly and runs automatically on every request. The rate limiting functions are called during server startup to configure request throttling.

Code Reference

Source Location

  • Repository: OpenHands
  • File: enterprise/server/middleware.py:L32-97
  • Also: enterprise/server/rate_limit.py:L25-29, L99-106

Signature

class SetAuthCookieMiddleware(BaseHTTPMiddleware):
    async def __call__(
        self, request: Request, call_next: Callable
    ) -> Response:
        ...

    async def _check_tos(self, request: Request) -> None:
        ...

    def _should_attach(self, request: Request) -> bool:
        ...

    async def _logout(self, request: Request) -> None:
        ...

# Rate limiting utilities
def setup_rate_limit_handler(app: Starlette) -> None:
    ...

def create_redis_rate_limiter(windows: str) -> RateLimiter:
    ...

Import

from enterprise.server.middleware import SetAuthCookieMiddleware
from enterprise.server.rate_limit import setup_rate_limit_handler, create_redis_rate_limiter

I/O Contract

Inputs

Name Type Required Description
request Request Yes The incoming FastAPI/Starlette request object containing headers, cookies, and path info
call_next Callable Yes The next middleware or route handler in the processing chain
app Starlette Yes The Starlette/FastAPI application instance (for setup_rate_limit_handler)
windows str Yes Rate limit window configuration string (for create_redis_rate_limiter)

Outputs

Name Type Description
response Response The HTTP response, potentially with modified cookies or headers
rate_limiter RateLimiter A configured Redis-backed rate limiter instance

Usage Examples

Basic Usage

from fastapi import FastAPI
from enterprise.server.middleware import SetAuthCookieMiddleware
from enterprise.server.rate_limit import setup_rate_limit_handler

app = FastAPI()

# Add authentication cookie middleware
app.add_middleware(SetAuthCookieMiddleware)

# Configure rate limiting
setup_rate_limit_handler(app)

Related Pages

Implements Principle

Environment

Heuristics

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:OpenHands_OpenHands_SetAuthCookieMiddleware&oldid=4026"