diff --git a/backend/blueprints/profile/__init__.py b/backend/blueprints/profile/__init__.py index 3f1a9a9..5507f0d 100644 --- a/backend/blueprints/profile/__init__.py +++ b/backend/blueprints/profile/__init__.py @@ -85,7 +85,8 @@ def register(): quizzes=[], quiz_attempts=[], chats=[], - notifications=[] + notifications=[], + publications=[] ) # Save the user to the database @@ -101,76 +102,6 @@ def register(): db.session.rollback() return jsonify({"error": "Registration failed, please try again later."}), 500 - -@profile.route('/login', methods=['POST']) -def login(): - """ - Handle user login. - """ - data = request.form # Expecting JSON body - - # Extract credentials from request - # username = data.get('username') - email = data.get('email') - password = data.get('password') - user_agent = request.headers.get('User-Agent', 'Unknown') - - # Validate required fields - if not email or not password: - return jsonify({"error": "email and password are required"}), 400 - - # Find the user by username - # user = User.query.filter_by(username=username).first() - user = User.query.filter_by(email=email).first() - - if not user: - return jsonify({"error": "Invalid email or password"}), 401 - - # Verify the password - if not check_password_hash(user.hash_password, password): - return jsonify({"error": "Invalid email or password"}), 401 - - # Create a new session - session_key = str(uuid.uuid4()) # Generate a unique session key - new_session = Session( - userID=user.id, - user=user, # Pass the user object here - key=session_key, - ua=user_agent, - creationDate=datetime.utcnow(), - lastUsed=datetime.utcnow(), - isValid=True - ) - - - try: - db.session.add(new_session) - db.session.commit() - return jsonify({ - "message": "Login successful", - "session_key": session_key, - "user_id": str(user.id) - }), 200 - except Exception as e: - db.session.rollback() - return jsonify({"error": "Login failed, please try again later."}), 500 - -#Implement laters -# @profile.route('/update', methhods=['UPDATE', 'DELETE']) -# def update(): -# if request.method == 'DELETE': -# pass -# if request.method == 'UPDATE': -# pass - -# @profile.route('/me') -# def my_profile(): -# pass - -# @profile.route('/info/') -# def profile_info(user_uuid): -# return user_uuid - #make a get request to get json on hello word @profile.route('/hello') @auth_required() diff --git a/backend/blueprints/session/__init__.py b/backend/blueprints/session/__init__.py index 068f65b..6462e2b 100644 --- a/backend/blueprints/session/__init__.py +++ b/backend/blueprints/session/__init__.py @@ -12,6 +12,7 @@ import os from config import * from utils.utils import password_check_sanity,is_valid_email,InsecurePasswordException from sqlalchemy.exc import IntegrityError +from sqlalchemy import select, and_ session = Blueprint('session', __name__) @@ -66,4 +67,31 @@ def login(): }), 200 except Exception as e: db.session.rollback() - return jsonify({"error": "Login failed, please try again later."}), 500 \ No newline at end of file + return jsonify({"error": "Login failed, please try again later."}), 500 + + +@session.route('/destroy', methods=['POST']) +@auth_required() +def logout(): + """ + Handle user logout by invalidating the session. + """ + try: + + data = request.json # Expecting JSON body + except: + data = {} + target_session_key = data.get('session_key',None) + target_session = g.current_session + + if target_session_key is not None: + target_session = db.session.execute( + select(Session).where(and_( + Session.key == target_session_key, Session.isValid == True, Session.userID == g.current_user.id + )) + ).scalar() + if target_session is None: + return jsonify({'message': 'The session key is invalid or does not belong to current user.'}), 401 + target_session.isValid = False + db.session.commit() + return jsonify({'message': 'Session invalidated'}), 200 diff --git a/backend/config.py b/backend/config.py index ce259ae..1ab2f0c 100644 --- a/backend/config.py +++ b/backend/config.py @@ -18,7 +18,7 @@ DEFAULT_BADGE_ICON: str = "defaultBadgeIcon.png" DISABLE_PASSWORD_SANITY_CHECKS: bool = False PROJECT_ROOT: os.path = os.path.dirname(os.path.abspath(__file__)) -USER_UPLOADS_DIR: str = os.path.join(PROJECT_ROOT, "uploads") +USER_UPLOADS_DIR: str = os.path.abspath(os.path.join(PROJECT_ROOT, "uploads")) DB_URI: str = f"{DB_ENGINE}://{DB_USER}:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/{DB_NAME}" ACTIVATE_ACCOUNTS_ON_SIGNUP: bool = True diff --git a/backend/uploads/meme.jpg b/backend/uploads/meme.jpg new file mode 100644 index 0000000..1862f74 Binary files /dev/null and b/backend/uploads/meme.jpg differ