diff --git a/server/backend/JWT.py b/server/backend/JWT.py index 0517469..a477a5b 100644 --- a/server/backend/JWT.py +++ b/server/backend/JWT.py @@ -32,19 +32,6 @@ class RefreshToken(Token): token_str = await Token.create_token(data, expires_delta) await db.refresh_token(encoded_jwt = token_str,email=data["sub"]) return token_str -# async def create_access_token(data: dict, expires_delta: timedelta | None = None): -# to_encode = data.copy() -# expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15)) -# to_encode.update({"exp": expire}) -# encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) -# return encoded_jwt -# async def create_refresh_token(data:dict, expires_delta:timedelta | None = None): -# to_encode = data.copy() -# expire = datetime.utcnow() + (expires_delta or timedelta(minutes=6000)) -# to_encode.update({"exp": expire}) -# encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) -# return encoded_jwt - async def current_user(token: str = Depends(oauth2_scheme)): #Проверка jwt try: payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) diff --git a/server/backend/endpoints.py b/server/backend/endpoints.py index 86d1eee..60b3f3a 100644 --- a/server/backend/endpoints.py +++ b/server/backend/endpoints.py @@ -1,5 +1,6 @@ from fastapi import FastAPI, HTTPException, status, Depends from fastapi.middleware.cors import CORSMiddleware +from fastapi.responses import JSONResponse from . import pydentic, JWT from datetime import datetime, timedelta from pydantic import EmailStr @@ -86,7 +87,6 @@ async def login_user(row: pydentic.UserLogin): user = await db.LoginUser(row) if not user: raise HTTPException(status_code=401, detail="The user isn't found") - access_token = await JWT.AccessToken.create( {"sub": user.email}, timedelta(minutes=JWT.ACCESS_TOKEN_EXPIRE_MINUTES) @@ -95,8 +95,21 @@ async def login_user(row: pydentic.UserLogin): {"sub": user.email}, timedelta(minutes=JWT.REFRESH_TOKEN_EXPIRE_MINUTES) ) - return { + response = JSONResponse(content={ "access_token": access_token, - "refresh_token": refresh_token, "token_type": "bearer" - } \ No newline at end of file + }) + response.set_cookie( + key="refresh_token", + value=refresh_token, + httponly=True, + secure=False, # только https + samesite="strict" # чтобы не утекал на другие сайты + ) + return response +@api.post("/logout") +async def logout_user(row: pydentic.UserLogout): + user = await db.GetUserbyEmail(row) + if not user: + raise HTTPException(status_code=401, detail="The user isn't found") + await db.refresh_token(encoded_jwt = Null,email=user.email) \ No newline at end of file diff --git a/server/backend/pydentic.py b/server/backend/pydentic.py index ddacc84..a23c4e2 100644 --- a/server/backend/pydentic.py +++ b/server/backend/pydentic.py @@ -37,4 +37,6 @@ class UserUpdate(BaseModel): return check_password_complexity(cls, password) class UserLogin(BaseModel): email:EmailStr = Field(..., min_length=6, max_length=254, description="user's email") - password:str = Field(..., description="Password") \ No newline at end of file + password:str = Field(..., description="Password") +class UserLogout(BaseModel): + email:EmailStr = Field(..., min_length=6, max_length=254, description="user's email") \ No newline at end of file diff --git a/server/database/db.py b/server/database/db.py index 95a59fe..d20386e 100644 --- a/server/database/db.py +++ b/server/database/db.py @@ -44,9 +44,9 @@ async def CreateUser(user_info): session.add(new_user) await session.commit() await session.refresh(new_user) -async def GetUser(id): +async def GetUserbyEmail(email): async with AsyncSessionLocal() as session: - result = await session.execute(select(User).where(User.id==id)) + result = await session.execute(select(User).where(User.email==email)) user = result.scalar_one_or_none() return user async def get_all_rows(): @@ -86,9 +86,4 @@ async def refresh_token(encoded_jwt, email): user.refresh_token = encoded_jwt await session.commit() async def main(): - await init_db() - #await CreateUser() - # await get_all_rows() - # await UpdateUser(1) - # await GetUser(1) - # await DeleteUser(1) \ No newline at end of file + await init_db() \ No newline at end of file diff --git a/server/front/login/js.js b/server/front/login/js.js index a21dc19..3ba13e2 100644 --- a/server/front/login/js.js +++ b/server/front/login/js.js @@ -1,9 +1,14 @@ //Разобраться с хранением и использованием refresh token //Добавить endpoint logout -const token = localStorage.getItem("token"); -if (token) { - window.location.href = "./../main/index.html"; +function getToken() { + return localStorage.getItem("token") || sessionStorage.getItem("token"); +} +function tokenCheck(){ + const token = getToken(); + if (!token) { + window.location.href = "./../main/index.html"; + } } document.getElementById('loginForm').addEventListener('submit', async function (e) { e.preventDefault(); diff --git a/server/front/main/js.js b/server/front/main/js.js index f716cd1..62b8d92 100644 --- a/server/front/main/js.js +++ b/server/front/main/js.js @@ -1,5 +1,8 @@ +function getToken() { + return localStorage.getItem("token") || sessionStorage.getItem("token"); +} function tokenCheck(){ - const token = localStorage.getItem("token") || sessionStorage.getItem("token"); + const token = getToken(); if (!token) { window.location.href = "./../login/index.html"; } @@ -9,5 +12,6 @@ tokenCheck() document.getElementById('logoutForm').addEventListener('submit', async function (e) { e.preventDefault(); localStorage.removeItem("token"); + sessionStorage.removeItem("token"); tokenCheck(); }); \ No newline at end of file