Update: Session JWT added (not working now)

2022-01-05 10:09:40 +01:00 · 2022-01-05 10:09:40 +01:00 · 6dee0956dd
commit 6dee0956dd
parent 1771c63b36
5 changed files with 60 additions and 41 deletions
--- a/backend/application/responses.py
+++ b/backend/application/responses.py
@ -2,7 +2,7 @@ from flask import current_app as app
 import json


-def send_error(status_code, message):
+def send_error(status_code, message, token=None):
    data_json = {
        'status': 'error',
        'message': message
@ -12,11 +12,13 @@ def send_error(status_code, message):
        status=status_code,
        mimetype='application/json'
    )
-    res.headers['Access-Control-Allow-Origin'] = '*'
+    res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN')
+    if token is not None:
+        res.set_cookie('SESSIONID', token)
    return res


-def send_message(message, data):
+def send_message(message, data, token=None):
    data_json = {
        'status': 'success',
        'message': message,
@ -27,5 +29,7 @@ def send_message(message, data):
        status=200,
        mimetype='application/json'
    )
-    res.headers['Access-Control-Allow-Origin'] = '*'
+    res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN')
+    if token is not None:
+        res.set_cookie('SESSIONID', token)
    return res
--- a/backend/application/routes.py
+++ b/backend/application/routes.py
@ -2,6 +2,7 @@ from flask import current_app as app
 from flask import request
 from .responses import send_message, send_error
 from .api_functions import db_login, db_register
+from .sessionJWT import create_auth_token, decode_auth_token, check_auth_token


 # Login
@ -15,7 +16,9 @@ def login():
        res = db_login(ip, post_email, post_password)
        # TODO: Token Authentication
        if res['status'] == 0:
-            return send_message(res['message'], res['data'])
+            user = res['data']
+            token = create_auth_token(res['data'])
+            return send_message(res['message'], user, token)
        elif res['status'] == 1:
            return send_error(404, res['message'])
    else:
@ -42,9 +45,14 @@ def register():


 # Logout
-@app.route('/api/logout', methods=['POST'])
+@app.route('/api/logout', methods=['DELETE'])
 def logout():
-    return send_message('Logout not implemented', None)
+    token = check_auth_token(request, 'X-Access-Token')
+    if token['success']:
+        return send_message('User disconnected.', None)
+    else:
+        return send_error(500, token['message'])
+


 # Update User
--- a/backend/application/sessionJWT.py
+++ b/backend/application/sessionJWT.py
@ -0,0 +1,38 @@
+from datetime import datetime, timedelta
+from flask import current_app as app
+import jwt
+
+
+def create_auth_token(user, time_second=1800):
+    try:
+        time = datetime.now()
+        payload = {
+            'exp': time + timedelta(days=0, seconds=time_second),
+            'iat': time,
+            'user': user
+        }
+        return jwt.encode(
+            payload,
+            app.config.get('SECRET_KEY'),
+            algorithm='HS256'
+        )
+    except Exception as e:
+        return e
+
+
+def decode_auth_token(auth_token):
+    try:
+        payload = jwt.decode(
+            auth_token,
+            app.config.get('SECRET_KEY')
+        )
+        return {'success': True, 'payload': payload['user']}
+    except jwt.ExpiredSignatureError:
+        return {'success': False, 'message': 'Signature expired . Please log in again.'}
+    except jwt.InvalidTokenError:
+        return {'success': False, 'message': 'Invalid token. Please log in again.'}
+
+
+def check_auth_token(request):
+    token = request.cookies.get('SESSIONID')
+    return decode_auth_token(token)
--- a/backend/application/users_model.py
+++ b/backend/application/users_model.py
@ -1,7 +1,3 @@
-from datetime import datetime, timedelta
-from flask import current_app as app
-import jwt
-
 from . import db


@ -35,32 +31,3 @@ class Users(db.Model):
            'email': self.email,
            'is_admin': self.is_admin
        }
-
-    def auth_token(self):
-        try:
-            time = datetime.now()
-            payload = {
-                'exp': time + timedelta(days=0, seconds=5),
-                'iat': time,
-                'user': self.json()
-            }
-            return jwt.encode(
-                payload,
-                app.config.get('SECRET_KEY'),
-                algorithm='HS256'
-            )
-        except Exception as e:
-            return e
-
-    @staticmethod
-    def decode_auth_token(auth_token):
-        try:
-            payload = jwt.decode(
-                auth_token,
-                app.config.get('SECRET_KEY')
-            )
-            return payload['user']
-        except jwt.ExpiredSignatureError:
-            return 'Signature expired . Please log in again.'
-        except jwt.InvalidTokenError:
-            return 'Invalid token. Please log in again.'
--- a/backend/config.py
+++ b/backend/config.py
@ -8,7 +8,6 @@ class Config(object):
    TESTING = False
    CSRF_ENABLED = True

-    SECRET_KEY = os.environ.get('SECRET_KEY', 'default_secret_key')
    FLASK_APP = os.environ.get('FLASK_APP', None)
    FLASK_ENV = os.environ.get('FLASK_ENV', None)

@ -21,6 +20,9 @@ class Config(object):
        'flaskaled-srv2': SQLALCHEMY_DATABASE_URI_2
    }

+    SECRET_KEY = os.environ.get('SECRET_KEY', 'default_secret_key')
+    ALLOW_ORIGIN = os.environ.get('ALLOW_ORIGIN', '*')
+

 class ProductionConfig(Config):
    DEBUG = False