From 6dee0956ddd40f044a198ec1061b126a614be40f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Y=C3=BBki=20Vachot?= Date: Wed, 5 Jan 2022 10:09:40 +0100 Subject: [PATCH] Update: Session JWT added (not working now) --- backend/application/responses.py | 12 ++++++---- backend/application/routes.py | 14 ++++++++--- backend/application/sessionJWT.py | 38 ++++++++++++++++++++++++++++++ backend/application/users_model.py | 33 -------------------------- backend/config.py | 4 +++- 5 files changed, 60 insertions(+), 41 deletions(-) create mode 100644 backend/application/sessionJWT.py diff --git a/backend/application/responses.py b/backend/application/responses.py index 39e7fff..5f5b4db 100644 --- a/backend/application/responses.py +++ b/backend/application/responses.py @@ -2,7 +2,7 @@ from flask import current_app as app import json -def send_error(status_code, message): +def send_error(status_code, message, token=None): data_json = { 'status': 'error', 'message': message @@ -12,11 +12,13 @@ def send_error(status_code, message): status=status_code, mimetype='application/json' ) - res.headers['Access-Control-Allow-Origin'] = '*' + res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN') + if token is not None: + res.set_cookie('SESSIONID', token) return res -def send_message(message, data): +def send_message(message, data, token=None): data_json = { 'status': 'success', 'message': message, @@ -27,5 +29,7 @@ def send_message(message, data): status=200, mimetype='application/json' ) - res.headers['Access-Control-Allow-Origin'] = '*' + res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN') + if token is not None: + res.set_cookie('SESSIONID', token) return res diff --git a/backend/application/routes.py b/backend/application/routes.py index 3a1f1b8..664dbd0 100644 --- a/backend/application/routes.py +++ b/backend/application/routes.py @@ -2,6 +2,7 @@ from flask import current_app as app from flask import request from .responses import send_message, send_error from .api_functions import db_login, db_register +from .sessionJWT import create_auth_token, decode_auth_token, check_auth_token # Login @@ -15,7 +16,9 @@ def login(): res = db_login(ip, post_email, post_password) # TODO: Token Authentication if res['status'] == 0: - return send_message(res['message'], res['data']) + user = res['data'] + token = create_auth_token(res['data']) + return send_message(res['message'], user, token) elif res['status'] == 1: return send_error(404, res['message']) else: @@ -42,9 +45,14 @@ def register(): # Logout -@app.route('/api/logout', methods=['POST']) +@app.route('/api/logout', methods=['DELETE']) def logout(): - return send_message('Logout not implemented', None) + token = check_auth_token(request, 'X-Access-Token') + if token['success']: + return send_message('User disconnected.', None) + else: + return send_error(500, token['message']) + # Update User diff --git a/backend/application/sessionJWT.py b/backend/application/sessionJWT.py new file mode 100644 index 0000000..13ddafc --- /dev/null +++ b/backend/application/sessionJWT.py @@ -0,0 +1,38 @@ +from datetime import datetime, timedelta +from flask import current_app as app +import jwt + + +def create_auth_token(user, time_second=1800): + try: + time = datetime.now() + payload = { + 'exp': time + timedelta(days=0, seconds=time_second), + 'iat': time, + 'user': user + } + return jwt.encode( + payload, + app.config.get('SECRET_KEY'), + algorithm='HS256' + ) + except Exception as e: + return e + + +def decode_auth_token(auth_token): + try: + payload = jwt.decode( + auth_token, + app.config.get('SECRET_KEY') + ) + return {'success': True, 'payload': payload['user']} + except jwt.ExpiredSignatureError: + return {'success': False, 'message': 'Signature expired . Please log in again.'} + except jwt.InvalidTokenError: + return {'success': False, 'message': 'Invalid token. Please log in again.'} + + +def check_auth_token(request): + token = request.cookies.get('SESSIONID') + return decode_auth_token(token) diff --git a/backend/application/users_model.py b/backend/application/users_model.py index 797fd38..198fa7a 100644 --- a/backend/application/users_model.py +++ b/backend/application/users_model.py @@ -1,7 +1,3 @@ -from datetime import datetime, timedelta -from flask import current_app as app -import jwt - from . import db @@ -35,32 +31,3 @@ class Users(db.Model): 'email': self.email, 'is_admin': self.is_admin } - - def auth_token(self): - try: - time = datetime.now() - payload = { - 'exp': time + timedelta(days=0, seconds=5), - 'iat': time, - 'user': self.json() - } - return jwt.encode( - payload, - app.config.get('SECRET_KEY'), - algorithm='HS256' - ) - except Exception as e: - return e - - @staticmethod - def decode_auth_token(auth_token): - try: - payload = jwt.decode( - auth_token, - app.config.get('SECRET_KEY') - ) - return payload['user'] - except jwt.ExpiredSignatureError: - return 'Signature expired . Please log in again.' - except jwt.InvalidTokenError: - return 'Invalid token. Please log in again.' diff --git a/backend/config.py b/backend/config.py index 2f816c1..8c4460c 100644 --- a/backend/config.py +++ b/backend/config.py @@ -8,7 +8,6 @@ class Config(object): TESTING = False CSRF_ENABLED = True - SECRET_KEY = os.environ.get('SECRET_KEY', 'default_secret_key') FLASK_APP = os.environ.get('FLASK_APP', None) FLASK_ENV = os.environ.get('FLASK_ENV', None) @@ -21,6 +20,9 @@ class Config(object): 'flaskaled-srv2': SQLALCHEMY_DATABASE_URI_2 } + SECRET_KEY = os.environ.get('SECRET_KEY', 'default_secret_key') + ALLOW_ORIGIN = os.environ.get('ALLOW_ORIGIN', '*') + class ProductionConfig(Config): DEBUG = False