added session manager, but in local dict

app/api.py

@@ -1,4 +1,4 @@
-from fastapi import FastAPI, File, UploadFile, Depends, HTTPException, Security
+from fastapi import FastAPI, File, UploadFile, Depends, HTTPException, Security, Response, Cookie
 from fastapi.responses import FileResponse, PlainTextResponse, StreamingResponse
 from fastapi.security import APIKeyHeader
 from sqlalchemy import exists
@@ -6,6 +6,7 @@ import hashlib
 from ftplib import FTP
 from io import BytesIO
 from . import db
+from .session_manager import SessionManager
 from dotenv import load_dotenv
 import os
 import hmac
@@ -33,13 +34,40 @@ def compute_hash(data: bytes, algorithm="sha256") -> str:
     h.update(data)
     return h.hexdigest()
 
-app = FastAPI()
+def set_cookie(response: Response, name: str, value: str, max_age: int) -> None:
+    response.set_cookie(
+        key=name,
+        value=value,
+        httponly=True,
+        secure=True,
+        samesite="Strict",
+        max_age=max_age,
+    )
 
+TOKEN_TTL = 60*15
+session_manager = SessionManager(TOKEN_TTL)
+
+app = FastAPI()
 
 @app.get("/")
 async def root():
     return {"message": "hiii from sfs"}
 
+
+@app.post("/login")
+def login(response: Response):
+    user_id = "user123"
+    token = session_manager.create(user_id)
+    set_cookie(response, "token", token, TOKEN_TTL)
+    return {"message": "logged in"}
+
+def get_current_user(token: str = Cookie(None)) -> str:
+    return session_manager.validate(token)
+
+@app.get("/protected")
+def protected_route(user: str = Depends(get_current_user)):
+    return {"message": f"Hello {user}, you are authenticated!"}
+
 @app.post("/file")
 async def save_file(file: UploadFile = File(...), api_key: str = Depends(verify_api_key)):
     contents = await file.read()