Spaces:
Sleeping
Sleeping
samar m Claude Sonnet 4.6 commited on
Commit ·
4724464
1
Parent(s): d401087
fix: auth quality issues — token cleanup, delete_cookie params, broad exception catch, dead import
Browse files- backend/auth/deps.py +1 -1
- backend/db/queries.py +7 -0
- backend/main.py +0 -1
- backend/routers/auth.py +7 -1
backend/auth/deps.py
CHANGED
|
@@ -8,7 +8,7 @@ oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login")
|
|
| 8 |
async def get_current_user(token: str = Depends(oauth2_scheme)) -> dict:
|
| 9 |
try:
|
| 10 |
return verify_access_token(token)
|
| 11 |
-
except
|
| 12 |
raise HTTPException(status_code=401, detail="Invalid or expired token")
|
| 13 |
|
| 14 |
|
|
|
|
| 8 |
async def get_current_user(token: str = Depends(oauth2_scheme)) -> dict:
|
| 9 |
try:
|
| 10 |
return verify_access_token(token)
|
| 11 |
+
except Exception:
|
| 12 |
raise HTTPException(status_code=401, detail="Invalid or expired token")
|
| 13 |
|
| 14 |
|
backend/db/queries.py
CHANGED
|
@@ -72,3 +72,10 @@ async def delete_refresh_token(token_hash: str) -> None:
|
|
| 72 |
await conn.execute(
|
| 73 |
"DELETE FROM refresh_tokens WHERE token_hash = $1", token_hash
|
| 74 |
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 72 |
await conn.execute(
|
| 73 |
"DELETE FROM refresh_tokens WHERE token_hash = $1", token_hash
|
| 74 |
)
|
| 75 |
+
|
| 76 |
+
|
| 77 |
+
async def delete_old_refresh_tokens(user_id: str) -> None:
|
| 78 |
+
async with get_pool().acquire() as conn:
|
| 79 |
+
await conn.execute(
|
| 80 |
+
"DELETE FROM refresh_tokens WHERE user_id = $1", user_id
|
| 81 |
+
)
|
backend/main.py
CHANGED
|
@@ -1,6 +1,5 @@
|
|
| 1 |
from contextlib import asynccontextmanager
|
| 2 |
from fastapi import FastAPI
|
| 3 |
-
from fastapi.staticfiles import StaticFiles
|
| 4 |
|
| 5 |
from backend.db.connection import init_db_pool
|
| 6 |
from backend.routers import auth
|
|
|
|
| 1 |
from contextlib import asynccontextmanager
|
| 2 |
from fastapi import FastAPI
|
|
|
|
| 3 |
|
| 4 |
from backend.db.connection import init_db_pool
|
| 5 |
from backend.routers import auth
|
backend/routers/auth.py
CHANGED
|
@@ -59,6 +59,7 @@ async def _issue_tokens(response: Response, user: dict) -> AuthResponse:
|
|
| 59 |
)
|
| 60 |
raw, hashed = generate_refresh_token()
|
| 61 |
expires_at = datetime.now(timezone.utc) + timedelta(days=_REFRESH_EXPIRE_DAYS)
|
|
|
|
| 62 |
await queries.create_refresh_token(str(user["id"]), hashed, expires_at)
|
| 63 |
_set_refresh_cookie(response, raw)
|
| 64 |
return AuthResponse(
|
|
@@ -126,5 +127,10 @@ async def logout(response: Response, refresh_token: Optional[str] = Cookie(None)
|
|
| 126 |
if refresh_token:
|
| 127 |
token_hash = hashlib.sha256(refresh_token.encode()).hexdigest()
|
| 128 |
await queries.delete_refresh_token(token_hash)
|
| 129 |
-
response.delete_cookie(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 130 |
return {"ok": True}
|
|
|
|
| 59 |
)
|
| 60 |
raw, hashed = generate_refresh_token()
|
| 61 |
expires_at = datetime.now(timezone.utc) + timedelta(days=_REFRESH_EXPIRE_DAYS)
|
| 62 |
+
await queries.delete_old_refresh_tokens(str(user["id"]))
|
| 63 |
await queries.create_refresh_token(str(user["id"]), hashed, expires_at)
|
| 64 |
_set_refresh_cookie(response, raw)
|
| 65 |
return AuthResponse(
|
|
|
|
| 127 |
if refresh_token:
|
| 128 |
token_hash = hashlib.sha256(refresh_token.encode()).hexdigest()
|
| 129 |
await queries.delete_refresh_token(token_hash)
|
| 130 |
+
response.delete_cookie(
|
| 131 |
+
"refresh_token",
|
| 132 |
+
httponly=True,
|
| 133 |
+
samesite="lax",
|
| 134 |
+
secure=os.getenv("APP_URL", "").startswith("https"),
|
| 135 |
+
)
|
| 136 |
return {"ok": True}
|