[V0.3] Working dashboard calendar module

2025-04-21 20:09:41 +02:00
parent c158ff4e0e
commit 4f57df8101
15 changed files with 5401 additions and 294 deletions
--- a/backend/core/pycache/config.cpython-312.pyc
+++ b/backend/core/pycache/config.cpython-312.pyc
--- a/backend/core/config.py
+++ b/backend/core/config.py
@@ -13,6 +13,7 @@ class Settings(BaseSettings):

    JWT_ALGORITHM: str = "HS256"
    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    # ACCESS_TOKEN_EXPIRE_MINUTES: int = 1
    REFRESH_TOKEN_EXPIRE_DAYS: int = 7
    
    PEPPER: str = getenv("PEPPER", "")
--- a/backend/modules/auth/pycache/api.cpython-312.pyc
+++ b/backend/modules/auth/pycache/api.cpython-312.pyc
--- a/backend/modules/auth/pycache/schemas.cpython-312.pyc
+++ b/backend/modules/auth/pycache/schemas.cpython-312.pyc
--- a/backend/modules/auth/pycache/security.cpython-312.pyc
+++ b/backend/modules/auth/pycache/security.cpython-312.pyc
--- a/backend/modules/auth/api.py
+++ b/backend/modules/auth/api.py
@@ -3,7 +3,7 @@ from fastapi import APIRouter, Cookie, Depends, HTTPException, status, Request,
 from fastapi.security import OAuth2PasswordRequestForm
 from jose import JWTError
 from modules.auth.models import User
-from modules.auth.schemas import UserCreate, UserResponse, Token
+from modules.auth.schemas import UserCreate, UserResponse, Token, RefreshTokenRequest, LogoutRequest
 from modules.auth.services import create_user
 from modules.auth.security import TokenType, get_current_user, oauth2_scheme, create_access_token, create_refresh_token, verify_token, authenticate_user, blacklist_tokens
 from sqlalchemy.orm import Session
@@ -20,9 +20,9 @@ def register(user: UserCreate, db: Annotated[Session, Depends(get_db)]):
    return create_user(user.username, user.password, user.name, db)

@router.post("/login", response_model=Token)
-def login(response: Response, form_data: Annotated[OAuth2PasswordRequestForm, Depends()], db: Annotated[Session, Depends(get_db)]):
+def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()], db: Annotated[Session, Depends(get_db)]):
    """
-    Authenticate user and return JWT token.
+    Authenticate user and return JWT tokens in the response body.
    """
    user = authenticate_user(form_data.username, form_data.password, db)
    if not user:
@@ -34,40 +34,34 @@ def login(response: Response, form_data: Annotated[OAuth2PasswordRequestForm, De
    access_token = create_access_token(data={"sub": user.username}, expires_delta=timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES))
    refresh_token = create_refresh_token(data={"sub": user.username})

-    max_age = settings.REFRESH_TOKEN_EXPIRE_DAYS * 24 * 60 * 60
-
-    response.set_cookie(
-        key="refresh_token", value=refresh_token, httponly=True, secure=True, samesite="Lax", max_age=max_age
-    )
-    return {"access_token": access_token, "token_type": "bearer"}
+    return {"access_token": access_token, "refresh_token": refresh_token, "token_type": "bearer"}

@router.post("/refresh")
-def refresh_token(request: Request, db: Annotated[Session, Depends(get_db)]):
-    refresh_token = request.cookies.get("refresh_token")
+def refresh_token(payload: RefreshTokenRequest, db: Annotated[Session, Depends(get_db)]):
+    print("Refreshing token...")
+    refresh_token = payload.refresh_token
    if not refresh_token:
-        raise unauthorized_exception("Refresh token missing")
-
+        raise unauthorized_exception("Refresh token missing in request body")

    user_data = verify_token(refresh_token, expected_token_type=TokenType.REFRESH, db=db)
    if not user_data:
        raise unauthorized_exception("Invalid refresh token")

-
    new_access_token = create_access_token(data={"sub": user_data.username})
    return {"access_token": new_access_token, "token_type": "bearer"}

@router.post("/logout")
-def logout(response: Response, db: Annotated[Session, Depends(get_db)], current_user: Annotated[User, Depends(get_current_user)], access_token: str = Depends(oauth2_scheme), refresh_token: Optional[str] = Cookie(None, alias="refresh_token")):
+def logout(payload: LogoutRequest, db: Annotated[Session, Depends(get_db)], current_user: Annotated[User, Depends(get_current_user)], access_token: str = Depends(oauth2_scheme)):
    try:
+        refresh_token = payload.refresh_token
        if not refresh_token:
-            raise unauthorized_exception("Refresh token not found")
+            raise unauthorized_exception("Refresh token not found in request body")
            
        blacklist_tokens(
            access_token=access_token,
            refresh_token=refresh_token,
            db=db
        )
-        response.delete_cookie(key="refresh_token")

        return {"message": "Logged out successfully"}
    except JWTError:
--- a/backend/modules/auth/schemas.py
+++ b/backend/modules/auth/schemas.py
@@ -11,6 +11,12 @@ class TokenData(BaseModel):
    username: str | None = None
    scopes: list[str] = []

+class RefreshTokenRequest(BaseModel):
+    refresh_token: str
+
+class LogoutRequest(BaseModel):
+    refresh_token: str
+
 class UserRole(str, PyEnum):
    ADMIN = "admin"
    USER = "user"
--- a/backend/modules/auth/security.py
+++ b/backend/modules/auth/security.py
@@ -58,6 +58,7 @@ def create_access_token(data: dict, expires_delta: timedelta | None = None):
        expire = datetime.now(timezone.utc) + expires_delta
    else:
        expire = datetime.now(timezone.utc) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+        # expire = datetime.now(timezone.utc) + timedelta(seconds=5)
    to_encode.update({"exp": expire, "token_type": TokenType.ACCESS})
    return jwt.encode(
        to_encode,