fix: auth using session cookies

TODO.md

@@ -1,2 +1,4 @@
-- Fix migrations!
+- Move user track logs to user zero
-    - Use total length instead of release version length
+    - Move future logs to appropriate user id
+- Migrations:
+    - Move userdata to new hashing algorithm

app/api/__init__.py

@@ -67,7 +67,8 @@ def create_api():
     app.config["JWT_SECRET_KEY"] = UserConfig().userId
     app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
     app.config["JWT_COOKIE_CSRF_PROTECT"] = False
-    app.config["JWT_ACCESS_TOKEN_EXPIRES"] = datetime.timedelta(days=30)
+    app.config["JWT_SESSION_COOKIE"] = False
+    app.config["JWT_ACCESS_TOKEN_EXPIRES"] = int(datetime.timedelta(days=30).total_seconds())
 
     # CORS
     CORS(app, origins="*", supports_credentials=True)

app/api/auth.py

@@ -1,8 +1,7 @@
 import json
-from dataclasses import asdict
 from functools import wraps
 import sqlite3
-from flask import jsonify
+from flask import current_app, jsonify
 from flask_jwt_extended import (
     create_access_token,
     current_user,
@@ -61,7 +60,10 @@ def login(body: LoginBody):
         return {"msg": "Hehe! invalid password"}, 401
 
     access_token = create_access_token(identity=user.todict())
-    set_access_cookies(res, access_token)
+
+    max_age: int = current_app.config.get("JWT_ACCESS_TOKEN_EXPIRES")
+    set_access_cookies(res, access_token, max_age=max_age)
+
     return res