[V0.3] Working dashboard calendar module

backend/modules/auth/api.py

@@ -3,7 +3,7 @@ from fastapi import APIRouter, Cookie, Depends, HTTPException, status, Request,
 from fastapi.security import OAuth2PasswordRequestForm
 from jose import JWTError
 from modules.auth.models import User
-from modules.auth.schemas import UserCreate, UserResponse, Token
+from modules.auth.schemas import UserCreate, UserResponse, Token, RefreshTokenRequest, LogoutRequest
 from modules.auth.services import create_user
 from modules.auth.security import TokenType, get_current_user, oauth2_scheme, create_access_token, create_refresh_token, verify_token, authenticate_user, blacklist_tokens
 from sqlalchemy.orm import Session
@@ -20,9 +20,9 @@ def register(user: UserCreate, db: Annotated[Session, Depends(get_db)]):
     return create_user(user.username, user.password, user.name, db)
 
 @router.post("/login", response_model=Token)
-def login(response: Response, form_data: Annotated[OAuth2PasswordRequestForm, Depends()], db: Annotated[Session, Depends(get_db)]):
+def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()], db: Annotated[Session, Depends(get_db)]):
     """
-    Authenticate user and return JWT token.
+    Authenticate user and return JWT tokens in the response body.
     """
     user = authenticate_user(form_data.username, form_data.password, db)
     if not user:
@@ -34,40 +34,34 @@ def login(response: Response, form_data: Annotated[OAuth2PasswordRequestForm, De
     access_token = create_access_token(data={"sub": user.username}, expires_delta=timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES))
     refresh_token = create_refresh_token(data={"sub": user.username})
 
-    max_age = settings.REFRESH_TOKEN_EXPIRE_DAYS * 24 * 60 * 60
-
-    response.set_cookie(
-        key="refresh_token", value=refresh_token, httponly=True, secure=True, samesite="Lax", max_age=max_age
-    )
-    return {"access_token": access_token, "token_type": "bearer"}
+    return {"access_token": access_token, "refresh_token": refresh_token, "token_type": "bearer"}
 
 @router.post("/refresh")
-def refresh_token(request: Request, db: Annotated[Session, Depends(get_db)]):
-    refresh_token = request.cookies.get("refresh_token")
+def refresh_token(payload: RefreshTokenRequest, db: Annotated[Session, Depends(get_db)]):
+    print("Refreshing token...")
+    refresh_token = payload.refresh_token
     if not refresh_token:
-        raise unauthorized_exception("Refresh token missing")
-
+        raise unauthorized_exception("Refresh token missing in request body")
 
     user_data = verify_token(refresh_token, expected_token_type=TokenType.REFRESH, db=db)
     if not user_data:
         raise unauthorized_exception("Invalid refresh token")
 
-
     new_access_token = create_access_token(data={"sub": user_data.username})
     return {"access_token": new_access_token, "token_type": "bearer"}
 
 @router.post("/logout")
-def logout(response: Response, db: Annotated[Session, Depends(get_db)], current_user: Annotated[User, Depends(get_current_user)], access_token: str = Depends(oauth2_scheme), refresh_token: Optional[str] = Cookie(None, alias="refresh_token")):
+def logout(payload: LogoutRequest, db: Annotated[Session, Depends(get_db)], current_user: Annotated[User, Depends(get_current_user)], access_token: str = Depends(oauth2_scheme)):
     try:
+        refresh_token = payload.refresh_token
         if not refresh_token:
-            raise unauthorized_exception("Refresh token not found")
+            raise unauthorized_exception("Refresh token not found in request body")
             
         blacklist_tokens(
             access_token=access_token,
             refresh_token=refresh_token,
             db=db
         )
-        response.delete_cookie(key="refresh_token")
 
         return {"message": "Logged out successfully"}
     except JWTError: