35 lines
1.5 KiB
Python
35 lines
1.5 KiB
Python
# magic.py — handle magic token login confirmation
|
|
|
|
from fastapi import APIRouter, Form, HTTPException, Depends, Request
|
|
from fastapi.responses import RedirectResponse
|
|
from sqlmodel import Session, select
|
|
from database import get_db
|
|
from models import User
|
|
from datetime import datetime, timedelta
|
|
|
|
router = APIRouter()
|
|
|
|
@router.post("/magic-login")
|
|
def magic_login(request: Request, db: Session = Depends(get_db), token: str = Form(...)):
|
|
print(f"[magic-login] Received token: {token}")
|
|
user = db.exec(select(User).where(User.token == token)).first()
|
|
print(f"[magic-login] User lookup: {'found' if user else 'not found'}")
|
|
|
|
if not user:
|
|
print("[magic-login] Invalid or expired token")
|
|
return RedirectResponse(url="/?error=Invalid%20or%20expired%20token", status_code=302)
|
|
|
|
if datetime.utcnow() - user.token_created > timedelta(minutes=30):
|
|
print(f"[magic-login] Token expired for user: {user.username}")
|
|
return RedirectResponse(url="/?error=Token%20expired", status_code=302)
|
|
|
|
if not user.confirmed:
|
|
user.confirmed = True
|
|
user.ip = request.client.host
|
|
db.commit()
|
|
print(f"[magic-login] User {user.username} confirmed. Redirecting to /?login=success&confirmed_uid={user.username}")
|
|
else:
|
|
print(f"[magic-login] Token already used for user: {user.username}, but allowing multi-use login.")
|
|
|
|
return RedirectResponse(url=f"/?login=success&confirmed_uid={user.username}", status_code=302)
|