Spaces:

Hans-R-D
/

Auth.Nexus

Sleeping

App Files Files Community

ChandimaPrabath commited on Jan 20, 2025

Commit

05777c4

1 Parent(s): 421675f

login and validate is now utc 0

Browse files

Files changed (1) hide show

main.py +22 -8

main.py CHANGED Viewed

@@ -131,34 +131,44 @@ async def signup(request: SignupRequest):
     supabase.table("users").insert(user_data).execute()
     return {"message": "User created successfully"}
 @auth_router.post("/login", response_model=LoginResponse)
 async def login(request: LoginRequest, user_agent: str = Header(...)):
     user_query = supabase.table("users").select("*").eq("username", request.username).execute()
     if not user_query.data or not verify_password(request.password, user_query.data[0]["password"]):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials"
         )
     user = user_query.data[0]
     token = create_device_token(request.username, user_agent)
     expiration_time = datetime.now(timezone.utc) + timedelta(minutes=TOKEN_EXPIRATION_MINUTES)
     session_data = {
         "user_id": user["id"],
         "token": token,
-        "expires": expiration_time.isoformat(),
         "device": user_agent
     }
     supabase.table("sessions").insert(session_data).execute()
     return LoginResponse(
         user_id=user["id"],
         username=user["username"],
         email=user["email"],
         access_level=user["access_level"],
-        date_joined=datetime.fromisoformat(user["date_joined"]),
         access_token=token
     )
@@ -186,6 +196,8 @@ async def logout(user_id: str, token: str):
     return {"message": "Session forcefully expired"}
 @auth_router.get("/validate", response_model=TokenResponse)
 async def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
     # Query to validate session by user_id, token, and device
@@ -206,14 +218,15 @@ async def validate_token(user_id: str, token: str, user_agent: str = Header(...)
     session = session_query.data[0]
-    # Get the current time (UTC)
-    current_time = datetime.utcnow()
-    # Check if token has expired by comparing it with the current time
-    session_expiry = datetime.fromisoformat(session["expires"].rstrip("Z"))  # Removing 'Z' if present
     if session_expiry <= current_time:
-        # Delete session using both user_id and token (composite key)
         supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
@@ -221,6 +234,7 @@ async def validate_token(user_id: str, token: str, user_agent: str = Header(...)
     return TokenResponse(access_token=token)
 @auth_router.get("/search-users", response_model=List[str])
 async def search_users(query: str):
     users = supabase.table("users").select("username").ilike("username", f"%{query}%").execute()

     supabase.table("users").insert(user_data).execute()
     return {"message": "User created successfully"}
+from datetime import datetime, timedelta, timezone
 @auth_router.post("/login", response_model=LoginResponse)
 async def login(request: LoginRequest, user_agent: str = Header(...)):
+    # Query the user based on the username
     user_query = supabase.table("users").select("*").eq("username", request.username).execute()
+    # If user not found or password verification fails, raise an error
     if not user_query.data or not verify_password(request.password, user_query.data[0]["password"]):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials"
         )
+    # Extract user details
     user = user_query.data[0]
+    # Create a token and calculate expiration time in UTC
     token = create_device_token(request.username, user_agent)
     expiration_time = datetime.now(timezone.utc) + timedelta(minutes=TOKEN_EXPIRATION_MINUTES)
+    # Prepare session data with the expiration time in ISO 8601 format (UTC)
     session_data = {
         "user_id": user["id"],
         "token": token,
+        "expires": expiration_time.isoformat(),  # ISO 8601 format ensures the timezone is stored
         "device": user_agent
     }
+    # Insert the session data into the database
     supabase.table("sessions").insert(session_data).execute()
+    # Return the login response with relevant user details
     return LoginResponse(
         user_id=user["id"],
         username=user["username"],
         email=user["email"],
         access_level=user["access_level"],
+        date_joined=datetime.fromisoformat(user["date_joined"]),  # Ensure date_joined is parsed correctly
         access_token=token
     )
     return {"message": "Session forcefully expired"}
+from datetime import datetime, timezone
 @auth_router.get("/validate", response_model=TokenResponse)
 async def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
     # Query to validate session by user_id, token, and device
     session = session_query.data[0]
+    # Get the current time (UTC) with timezone awareness
+    current_time = datetime.now(timezone.utc)
+    # Parse the 'expires' field from the session as an offset-aware datetime
+    session_expiry = datetime.fromisoformat(session["expires"])
+    # Check if the token has expired
     if session_expiry <= current_time:
+        # Delete the session if expired
         supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
     return TokenResponse(access_token=token)
 @auth_router.get("/search-users", response_model=List[str])
 async def search_users(query: str):
     users = supabase.table("users").select("username").ilike("username", f"%{query}%").execute()