Spaces:

Hans-R-D
/

Auth.Nexus

Sleeping

App Files Files Community

ChandimaPrabath commited on Jan 20, 2025

Commit

8ba99a8

1 Parent(s): 5b4d7da

1.0.1 debug

Browse files

Files changed (1) hide show

main.py +27 -2

main.py CHANGED Viewed

@@ -14,7 +14,7 @@ from typing import Optional
 load_dotenv()
 SERVER_NAME = "Nexus Authentication Service"
-VERSION = "1.0"
 # Supabase Configuration
 SUPABASE_URL = os.getenv("SUPABASE_URL")
@@ -164,11 +164,31 @@ async def login(request: LoginRequest, user_agent: str = Header(...)):
 @auth_router.post("/logout")
 async def logout(user_id: str, token: str):
     supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
     return {"message": "Session forcefully expired"}
 @auth_router.get("/validate", response_model=TokenResponse)
 async def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
     session_query = (
         supabase.table("sessions")
         .select("*")
@@ -178,20 +198,25 @@ async def validate_token(user_id: str, token: str, user_agent: str = Header(...)
         .execute()
     )
     if not session_query.data:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
         )
     session = session_query.data[0]
     if is_token_expired(datetime.fromisoformat(session["expires"])):
-        supabase.table("sessions").delete().eq("id", session["id"]).execute()
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
         )
     return TokenResponse(access_token=token)
 @auth_router.get("/search-users", response_model=List[str])
 async def search_users(query: str):
     users = supabase.table("users").select("username").ilike("username", f"%{query}%").execute()

 load_dotenv()
 SERVER_NAME = "Nexus Authentication Service"
+VERSION = "1.0.1 debug"
 # Supabase Configuration
 SUPABASE_URL = os.getenv("SUPABASE_URL")
 @auth_router.post("/logout")
 async def logout(user_id: str, token: str):
+    # Query to check if the session exists for the given user_id and token
+    session_query = (
+        supabase.table("sessions")
+        .select("*")
+        .eq("user_id", user_id)
+        .eq("token", token)
+        .execute()
+    )
+    # If session is not found, raise an unauthorized error
+    if not session_query.data:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Session not found or already expired"
+        )
+    # Delete the session using the composite key (user_id and token)
     supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
     return {"message": "Session forcefully expired"}
 @auth_router.get("/validate", response_model=TokenResponse)
 async def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
+    # Query to validate session by user_id, token, and device
     session_query = (
         supabase.table("sessions")
         .select("*")
         .execute()
     )
+    # If no session found, raise unauthorized error
     if not session_query.data:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
         )
     session = session_query.data[0]
+    # Check if token is expired
     if is_token_expired(datetime.fromisoformat(session["expires"])):
+        # Delete session using both user_id and token (composite key)
+        supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
         )
     return TokenResponse(access_token=token)
 @auth_router.get("/search-users", response_model=List[str])
 async def search_users(query: str):
     users = supabase.table("users").select("username").ilike("username", f"%{query}%").execute()