feat: add exception handling for SuperTokens in Litestar framework

Author: pythonhubdev

supertokens_python/framework/litestar/__init__.py

@@ -12,11 +12,17 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from .litestar_exception_handlers import (
+    get_exception_handlers,
+    supertokens_exception_handler,
+)
 from .litestar_middleware import create_supertokens_middleware
 from .litestar_plugin import SupertokensPlugin, get_supertokens_plugin
 
 __all__ = [
     "SupertokensPlugin",
     "get_supertokens_plugin",
     "create_supertokens_middleware",
+    "get_exception_handlers",
+    "supertokens_exception_handler",
 ]

supertokens_python/framework/litestar/litestar_exception_handlers.py

@@ -0,0 +1,132 @@
+# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+import asyncio
+from typing import Any
+
+from litestar import Request, Response
+
+from supertokens_python.exceptions import SuperTokensError
+
+
+def supertokens_exception_handler(
+    request: Request[Any, Any, Any], exc: SuperTokensError
+) -> Response[Any]:
+    """
+    Exception handler for SuperTokens errors in Litestar applications.
+
+    This handler intercepts SuperTokens exceptions and converts them to proper
+    HTTP responses with session management.
+
+    Note: This is a synchronous wrapper around async SuperTokens error handling.
+    Litestar requires exception handlers to be synchronous, so we run the async
+    logic in the event loop.
+
+    Args:
+        request: The Litestar request object
+        exc: The SuperTokens exception
+
+    Returns:
+        A Litestar Response object with proper status code and session cookies
+    """
+    from supertokens_python import Supertokens
+    from supertokens_python.framework.litestar.litestar_request import LitestarRequest
+    from supertokens_python.framework.litestar.litestar_response import LitestarResponse
+    from supertokens_python.utils import default_user_context
+
+    async def handle_async() -> Response[Any]:
+        """Async logic for handling the SuperTokens error"""
+        st = Supertokens.get_instance()
+        custom_request = LitestarRequest(request)
+        user_context = default_user_context(custom_request)
+
+        # Create a response for SuperTokens to populate
+        response_obj = Response(content=None)
+        response = LitestarResponse(response_obj)
+
+        # Handle the error through SuperTokens
+        # This will modify the response object with proper status code,
+        # clear tokens, and set appropriate headers
+        result = await st.handle_supertokens_error(
+            custom_request,
+            exc,
+            response,
+            user_context,  # type: ignore
+        )
+
+        # Return the modified Litestar response
+        # The response object has been updated by SuperTokens error handlers
+        if isinstance(result, LitestarResponse):
+            litestar_response = result.response
+
+            # Clear the session from request.state to prevent the middleware
+            # from re-applying session cookies after we've cleared them
+            if hasattr(request.state, "supertokens"):
+                delattr(request.state, "supertokens")
+
+            # Litestar stores cookies separately from headers. When an exception
+            # handler returns a response, Litestar will automatically convert cookies
+            # to Set-Cookie headers. So we can just return the response as-is.
+            return litestar_response
+
+        # Fallback to a generic error response
+        return Response(
+            content={"message": str(exc)},
+            status_code=500,
+        )
+
+    # Run the async logic in the event loop
+    try:
+        loop = asyncio.get_running_loop()
+    except RuntimeError:
+        # No event loop running, create one
+        loop = asyncio.new_event_loop()
+        asyncio.set_event_loop(loop)
+        try:
+            return loop.run_until_complete(handle_async())
+        finally:
+            loop.close()
+    else:
+        # Event loop is already running (which is the case in Litestar)
+        # Create a task and run it
+        import nest_asyncio  # type: ignore
+
+        nest_asyncio.apply()
+        return loop.run_until_complete(handle_async())
+
+
+def get_exception_handlers() -> dict[int | type[Exception], Any]:
+    """
+    Get exception handlers for SuperTokens errors.
+
+    Returns:
+        A dictionary mapping exception types to handler functions.
+
+    Example:
+        ```python
+        from litestar import Litestar
+        from supertokens_python.framework.litestar import (
+            get_exception_handlers,
+            get_supertokens_plugin,
+            create_supertokens_middleware,
+        )
+
+        app = Litestar(
+            route_handlers=[...],
+            middleware=[create_supertokens_middleware()],
+            plugins=[get_supertokens_plugin(api_base_path="/auth")],
+            exception_handlers=get_exception_handlers(),
+        )
+        ```
+    """
+    return {SuperTokensError: supertokens_exception_handler}  # type: ignore

supertokens_python/framework/litestar/litestar_plugin.py

@@ -26,14 +26,37 @@ class SupertokensPlugin(InitPluginProtocol):
     that processes SuperTokens authentication requests.
     """
 
-    def __init__(self, api_base_path: str = "/auth"):
+    def __init__(self, api_base_path: str = "/auth", app_root_path: str = ""):
         """
         Initialize the SuperTokens plugin.
 
         Args:
             api_base_path: The base path for SuperTokens API routes (default: "/auth")
+            app_root_path: The root path of the Litestar app (e.g., "api/v1").
+                          If provided, will be stripped from api_base_path for mounting.
         """
-        self.api_base_path = api_base_path.rstrip("/")
+        self.full_api_base_path = api_base_path.rstrip("/")
+        self.app_root_path = app_root_path.strip("/")
+
+        # Calculate the mount path by removing app_root_path prefix from api_base_path
+        if self.app_root_path and self.full_api_base_path.startswith(
+            f"/{self.app_root_path}"
+        ):
+            # Remove the root path prefix for mounting
+            self.api_base_path = self.full_api_base_path[
+                len(f"/{self.app_root_path}") :
+            ]
+        elif self.app_root_path and self.full_api_base_path.startswith(
+            self.app_root_path
+        ):
+            # Handle case where api_base_path doesn't start with /
+            self.api_base_path = self.full_api_base_path[len(self.app_root_path) :]
+        else:
+            self.api_base_path = self.full_api_base_path
+
+        # Ensure it starts with /
+        if not self.api_base_path.startswith("/"):
+            self.api_base_path = f"/{self.api_base_path}"
 
     def on_app_init(self, app_config: AppConfig) -> AppConfig:
         """
@@ -123,6 +146,11 @@ async def supertokens_asgi_app(
                     custom_request, e, error_response, user_context
                 )
 
+                # Clear the session from request.state to prevent the middleware
+                # from re-applying session cookies after we've cleared them
+                if hasattr(litestar_request.state, "supertokens"):
+                    delattr(litestar_request.state, "supertokens")
+
                 if isinstance(result, LitestarResponse):
                     asgi_response = result.response.to_asgi_response(
                         app=None, request=None
@@ -143,14 +171,31 @@ async def supertokens_asgi_app(
         return app_config
 
 
-def get_supertokens_plugin(api_base_path: str = "/auth") -> SupertokensPlugin:
+def get_supertokens_plugin(
+    api_base_path: str = "/auth", app_root_path: str = ""
+) -> SupertokensPlugin:
     """
     Get a configured SuperTokens plugin for Litestar.
 
     Args:
-        api_base_path: The base path for SuperTokens API routes (default: "/auth")
+        api_base_path: The base path for SuperTokens API routes (default: "/auth").
+                      This should match the api_base_path in your SuperTokens init().
+        app_root_path: The root path of your Litestar app if using app path (e.g., "api/v1").
+                      This will be automatically stripped from api_base_path for proper mounting.
 
     Returns:
         A configured SupertokensPlugin instance
+
+    Example:
+        # Without app root path
+        app = Litestar(
+            plugins=[get_supertokens_plugin(api_base_path="/auth")]
+        )
+
+        # With app root path
+        app = Litestar(
+            path="api/v1",
+            plugins=[get_supertokens_plugin(api_base_path="/api/v1/auth", app_root_path="api/v1")]
+        )
     """
-    return SupertokensPlugin(api_base_path=api_base_path)
+    return SupertokensPlugin(api_base_path=api_base_path, app_root_path=app_root_path)

tests/litestar/test_litestar.py

@@ -15,14 +15,15 @@
 from typing import Any, Dict, Optional, Union
 from unittest import skip
 
-from litestar import Litestar, MediaType, Request, Response, get, post
+from litestar import Litestar, Request, Response, get, post
 from litestar.di import Provide
 from litestar.testing import TestClient
 from pytest import fixture, mark
 from supertokens_python import InputAppInfo, SupertokensConfig, init
 from supertokens_python.framework import BaseRequest
 from supertokens_python.framework.litestar import (
     create_supertokens_middleware,
+    get_exception_handlers,
     get_supertokens_plugin,
 )
 from supertokens_python.querier import Querier
@@ -138,16 +139,16 @@ async def custom_logout(request: Request[Any, Any, Any]) -> Dict[str, Any]:
         await session.revoke_session()
         return {}
 
-    @post("/create", media_type=MediaType.TEXT)
-    async def _create(request: Request[Any, Any, Any]) -> str:
+    @post("/create")
+    async def _create(request: Request[Any, Any, Any]) -> Dict[str, Any]:
         await create_new_session(
             request=request,
             tenant_id="public",
             recipe_user_id=RecipeUserId("userId"),
             access_token_payload={},
             session_data_in_database={},
         )
-        return ""
+        return {}
 
     @post("/create-throw")
     async def _create_throw(request: Request[Any, Any, Any]) -> None:
@@ -174,6 +175,7 @@ async def _create_throw(request: Request[Any, Any, Any]) -> None:
         ],
         middleware=[create_supertokens_middleware()],
         plugins=[get_supertokens_plugin(api_base_path="/auth")],
+        exception_handlers=get_exception_handlers(),
     )
     return TestClient(app)
 
@@ -577,7 +579,12 @@ def test_litestar_root_path(litestar_root_path: str):
     app = Litestar(
         path=litestar_root_path,
         middleware=[create_supertokens_middleware()],
-        plugins=[get_supertokens_plugin(api_base_path=f"{litestar_root_path}/auth")],
+        plugins=[
+            get_supertokens_plugin(
+                api_base_path=f"{litestar_root_path}/auth",
+                app_root_path=litestar_root_path,
+            )
+        ],
     )
 
     test_client = TestClient(app)
@@ -636,6 +643,8 @@ async def refresh_post(
     if token_transfer_method == "header":
         headers.update({"authorization": f"Bearer {info['refreshTokenFromAny']}"})
     else:
+        # Clear existing cookies from the client to avoid duplicate cookie issues
+        driver_config_client.cookies.clear()
         cookies.update(
             {"sRefreshToken": info["refreshTokenFromAny"], "sIdRefreshToken": "asdf"}
         )