jwt refresh token 1.1

2025-09-21 18:24:20 +03:00
parent 5ddab94773
commit 909d4d84b6
6 changed files with 36 additions and 30 deletions
--- a/server/backend/endpoints.py
+++ b/server/backend/endpoints.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI, HTTPException, status, Depends
 from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import JSONResponse
 from . import pydentic, JWT
 from datetime import datetime, timedelta
 from pydantic import EmailStr
@@ -86,7 +87,6 @@ async def login_user(row: pydentic.UserLogin):
    user = await db.LoginUser(row)
    if not user:
        raise HTTPException(status_code=401, detail="The user isn't found")
-
    access_token = await JWT.AccessToken.create(
        {"sub": user.email},
        timedelta(minutes=JWT.ACCESS_TOKEN_EXPIRE_MINUTES)
@@ -95,8 +95,21 @@ async def login_user(row: pydentic.UserLogin):
        {"sub": user.email},
        timedelta(minutes=JWT.REFRESH_TOKEN_EXPIRE_MINUTES)
    )
-    return {
+    response = JSONResponse(content={
        "access_token": access_token,
-        "refresh_token": refresh_token,
        "token_type": "bearer"
-    }
+    })
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=False,       # только https
+        samesite="strict"  # чтобы не утекал на другие сайты
+    )
+    return response
+@api.post("/logout")
+async def logout_user(row: pydentic.UserLogout):
+    user = await db.GetUserbyEmail(row)
+    if not user:
+        raise HTTPException(status_code=401, detail="The user isn't found")
+    await db.refresh_token(encoded_jwt = Null,email=user.email)