Update authentication system, database models, and UI components

2025-08-07 19:39:22 +02:00
parent d497492186
commit 72f79b1059
48 changed files with 5328 additions and 1642 deletions
--- a/auth_router.py
+++ b/auth_router.py
@ -15,7 +15,6 @@ security = HTTPBearer()
 async def logout(
    request: Request,
    response: Response,
-    db: Session = Depends(get_db),
    credentials: HTTPAuthorizationCredentials = Depends(security)
 ):
    """Log out by invalidating the current session"""
@ -26,25 +25,28 @@ async def logout(
        if not token:
            return {"message": "No session to invalidate"}
        
-        try:
-            # Find and invalidate the session
-            session = db.exec(
-                select(DBSession)
-                .where(DBSession.token == token)
-                .where(DBSession.is_active == True)  # noqa: E712
-            ).first()
-            
-            if session:
-                try:
-                    session.is_active = False
-                    db.add(session)
-                    db.commit()
-                except Exception:
-                    db.rollback()
-                    
-        except Exception:
-            # Continue with logout even if session lookup fails
-            pass
+        # Use the database session context manager
+        with get_db() as db:
+            try:
+                # Find and invalidate the session using query interface
+                session = db.query(DBSession).filter(
+                    DBSession.token == token,
+                    DBSession.is_active == True  # noqa: E712
+                ).first()
+                
+                if session:
+                    try:
+                        session.is_active = False
+                        db.add(session)
+                        db.commit()
+                    except Exception as e:
+                        db.rollback()
+                        # Debug messages disabled
+                        # Continue with logout even if session update fails
+            except Exception as e:
+                # Debug messages disabled
+                # Continue with logout even if session lookup fails
+                pass
        
        # Clear the session cookie
        response.delete_cookie(
@ -56,7 +58,7 @@ async def logout(
        )
        
        # Clear any other auth-related cookies
-        for cookie_name in ["uid", "authToken", "isAuthenticated", "token"]:
+        for cookie_name in ["uid", "authToken", "username", "token"]:
            response.delete_cookie(
                key=cookie_name,
                path="/",
@ -71,15 +73,15 @@ async def logout(
    except HTTPException:
        # Re-raise HTTP exceptions
        raise
-    except Exception:
+    except Exception as e:
+        # Debug messages disabled
        # Don't expose internal errors to the client
        return {"message": "Logout processed"}


@router.get("/me")
 async def get_current_user_info(
-    current_user: User = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    current_user: User = Depends(get_current_user)
 ):
    """Get current user information"""
    return {
@ -92,15 +94,16 @@ async def get_current_user_info(

@router.get("/sessions")
 async def list_sessions(
-    current_user: User = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    current_user: User = Depends(get_current_user)
 ):
    """List all active sessions for the current user"""
-    sessions = DBSession.get_active_sessions(db, current_user.username)
-    return [
-        {
-            "id": s.id,
-            "ip_address": s.ip_address,
+    # Use the database session context manager
+    with get_db() as db:
+        sessions = DBSession.get_active_sessions(db, current_user.username)
+        return [
+            {
+                "id": s.id,
+                "ip_address": s.ip_address,
            "user_agent": s.user_agent,
            "created_at": s.created_at.isoformat(),
            "last_used_at": s.last_used_at.isoformat(),
@ -113,26 +116,34 @@ async def list_sessions(
@router.post("/sessions/{session_id}/revoke")
 async def revoke_session(
    session_id: int,
-    current_user: User = Depends(get_current_user),
-    db: Session = Depends(get_db)
+    current_user: User = Depends(get_current_user)
 ):
    """Revoke a specific session"""
-    session = db.get(DBSession, session_id)
-    
-    if not session or session.user_id != current_user.username:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="Session not found"
-        )
-    
-    if not session.is_active:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Session is already inactive"
-        )
-    
-    session.is_active = False
-    db.add(session)
-    db.commit()
-    
-    return {"message": "Session revoked"}
+    # Use the database session context manager
+    with get_db() as db:
+        session = db.get(DBSession, session_id)
+        
+        if not session or session.uid != current_user.email:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="Session not found"
+            )
+        
+        if not session.is_active:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Session is already inactive"
+            )
+        
+        try:
+            session.is_active = False
+            db.add(session)
+            db.commit()
+            return {"message": "Session revoked successfully"}
+        except Exception as e:
+            db.rollback()
+            # Debug messages disabled
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail="Failed to revoke session"
+            )