feat: add logout

6 months ago · 7bb6b0b8c7
parent a7b728951d
commit 7bb6b0b8c7
4 changed files with 32 additions and 73 deletions
--- a/backend/blueprints/profile/init.py
+++ b/backend/blueprints/profile/init.py
@ -85,7 +85,8 @@ def register():
        quizzes=[],
        quiz_attempts=[],
        chats=[],
-        notifications=[]
+        notifications=[],
+        publications=[]
    )

    # Save the user to the database
@ -101,76 +102,6 @@ def register():
        db.session.rollback()
        return jsonify({"error": "Registration failed, please try again later."}), 500

-
-@profile.route('/login', methods=['POST'])
-def login():
-    """
-    Handle user login.
-    """
-    data = request.form  # Expecting JSON body
-
-    # Extract credentials from request
-    # username = data.get('username')
-    email = data.get('email')
-    password = data.get('password')
-    user_agent = request.headers.get('User-Agent', 'Unknown')
-
-    # Validate required fields
-    if not email or not password:
-        return jsonify({"error": "email and password are required"}), 400
-
-    # Find the user by username
-    # user = User.query.filter_by(username=username).first()
-    user = User.query.filter_by(email=email).first()
-
-    if not user:
-        return jsonify({"error": "Invalid email or password"}), 401
-
-    # Verify the password
-    if not check_password_hash(user.hash_password, password):
-        return jsonify({"error": "Invalid email or password"}), 401
-
-    # Create a new session
-    session_key = str(uuid.uuid4())  # Generate a unique session key
-    new_session = Session(
-        userID=user.id,
-        user=user,  # Pass the user object here
-        key=session_key,
-        ua=user_agent,
-        creationDate=datetime.utcnow(),
-        lastUsed=datetime.utcnow(),
-        isValid=True
-    )
-
-
-    try:
-        db.session.add(new_session)
-        db.session.commit()
-        return jsonify({
-            "message": "Login successful",
-            "session_key": session_key,
-            "user_id": str(user.id)
-        }), 200
-    except Exception as e:
-        db.session.rollback()
-        return jsonify({"error": "Login failed, please try again later."}), 500
-
-#Implement laters
-# @profile.route('/update', methhods=['UPDATE', 'DELETE'])
-# def update():
-#     if request.method == 'DELETE':
-#         pass
-#     if request.method == 'UPDATE':
-#         pass
-
-# @profile.route('/me')
-# def my_profile():
-#     pass
-
-# @profile.route('/info/<str:uuid>')
-# def profile_info(user_uuid):
-#     return user_uuid
-
 #make a get request to get json on hello word
@profile.route('/hello')
@auth_required()
--- a/backend/blueprints/session/init.py
+++ b/backend/blueprints/session/init.py
@ -12,6 +12,7 @@ import os
 from config import *
 from utils.utils import password_check_sanity,is_valid_email,InsecurePasswordException
 from sqlalchemy.exc import IntegrityError
+from sqlalchemy import select, and_

 session = Blueprint('session', __name__)

@ -66,4 +67,31 @@ def login():
        }), 200
    except Exception as e:
        db.session.rollback()
-        return jsonify({"error": "Login failed, please try again later."}), 500
+        return jsonify({"error": "Login failed, please try again later."}), 500
+
+
+@session.route('/destroy', methods=['POST'])
+@auth_required()
+def logout():
+    """
+    Handle user logout by invalidating the session.
+    """
+    try:
+
+        data = request.json  # Expecting JSON body
+    except:
+        data = {}
+    target_session_key = data.get('session_key',None)
+    target_session = g.current_session
+
+    if target_session_key is not None:
+        target_session = db.session.execute(
+            select(Session).where(and_(
+                Session.key == target_session_key, Session.isValid == True, Session.userID == g.current_user.id
+                ))
+            ).scalar()
+        if target_session is None:
+            return jsonify({'message': 'The session key is invalid or does not belong to current user.'}), 401
+    target_session.isValid = False
+    db.session.commit()
+    return jsonify({'message': 'Session invalidated'}), 200
--- a/backend/config.py
+++ b/backend/config.py
@ -18,7 +18,7 @@ DEFAULT_BADGE_ICON: str = "defaultBadgeIcon.png"
 DISABLE_PASSWORD_SANITY_CHECKS: bool = False

 PROJECT_ROOT: os.path = os.path.dirname(os.path.abspath(__file__))
-USER_UPLOADS_DIR: str = os.path.join(PROJECT_ROOT, "uploads")
+USER_UPLOADS_DIR: str = os.path.abspath(os.path.join(PROJECT_ROOT, "uploads"))

 DB_URI: str = f"{DB_ENGINE}://{DB_USER}:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/{DB_NAME}"
 ACTIVATE_ACCOUNTS_ON_SIGNUP: bool = True
--- a/backend/uploads/meme.jpg
+++ b/backend/uploads/meme.jpg