From f8f07c21166f4bc84e780f12bbd8573532e5d0f4 Mon Sep 17 00:00:00 2001 From: cwilvx Date: Wed, 15 May 2024 20:18:00 +0300 Subject: [PATCH] fix: auth using session cookies --- TODO.md | 6 ++++-- app/api/__init__.py | 3 ++- app/api/auth.py | 8 +++++--- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/TODO.md b/TODO.md index c78efee4..36d03066 100644 --- a/TODO.md +++ b/TODO.md @@ -1,2 +1,4 @@ -- Fix migrations! - - Use total length instead of release version length \ No newline at end of file +- Move user track logs to user zero + - Move future logs to appropriate user id +- Migrations: + - Move userdata to new hashing algorithm \ No newline at end of file diff --git a/app/api/__init__.py b/app/api/__init__.py index 4319499d..f0ac3cc0 100644 --- a/app/api/__init__.py +++ b/app/api/__init__.py @@ -67,7 +67,8 @@ def create_api(): app.config["JWT_SECRET_KEY"] = UserConfig().userId app.config["JWT_TOKEN_LOCATION"] = ["cookies"] app.config["JWT_COOKIE_CSRF_PROTECT"] = False - app.config["JWT_ACCESS_TOKEN_EXPIRES"] = datetime.timedelta(days=30) + app.config["JWT_SESSION_COOKIE"] = False + app.config["JWT_ACCESS_TOKEN_EXPIRES"] = int(datetime.timedelta(days=30).total_seconds()) # CORS CORS(app, origins="*", supports_credentials=True) diff --git a/app/api/auth.py b/app/api/auth.py index b8af863a..3fd1d1b7 100644 --- a/app/api/auth.py +++ b/app/api/auth.py @@ -1,8 +1,7 @@ import json -from dataclasses import asdict from functools import wraps import sqlite3 -from flask import jsonify +from flask import current_app, jsonify from flask_jwt_extended import ( create_access_token, current_user, @@ -61,7 +60,10 @@ def login(body: LoginBody): return {"msg": "Hehe! invalid password"}, 401 access_token = create_access_token(identity=user.todict()) - set_access_cookies(res, access_token) + + max_age: int = current_app.config.get("JWT_ACCESS_TOKEN_EXPIRES") + set_access_cookies(res, access_token, max_age=max_age) + return res