fix fingerprint body

full refresh token
2025-09-27 11:26:10 +03:00 · 2025-09-27 11:24:57 +03:00
5 changed files with 36 additions and 36 deletions
--- a/src/api/dependacies/user_dep.py
+++ b/src/api/dependacies/user_dep.py
@@ -37,7 +37,7 @@ async def get_current_user(
        user = TokenData(**payload)
        if check_active and not user.is_active:
            raise HTTPException(status_code=400, detail="Inactive user")
-    except InvalidTokenError:
+    except (InvalidTokenError, AttributeError):
        raise credentials_exception
    return user

--- a/src/api/v1/auth.py
+++ b/src/api/v1/auth.py
@@ -29,14 +29,16 @@ async def login(
    response: Response,
    fingerprint: str = Form(),
 ):
-    result = await AuthService(session).login(credential.username, credential.password, fingerprint=fingerprint)
+    result = await AuthService(session).login(
+        credential.username, credential.password, fingerprint=fingerprint
+    )
    response.set_cookie(
        key="refresh_token",
        value=result["refresh_token"],
        httponly=True,
        samesite="lax",
-        path=settings.api.v1.auth,
-        max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
+        path=settings.api.v1_login_url,
+        max_age=60 * 60 * 24 * 7,
    )
    return result

@@ -46,18 +48,20 @@ async def refresh(
    session: sessionDep,
    current_user: RefreshUser,
    response: Response,
-    fingerprint: str = Body(),
+    fingerprint: Annotated[str, Body(embed=True)],
    refresh_token: Annotated[str | None, Cookie(name="refresh_token")] = None,
 ):
    if refresh_token is None:
        raise HTTPException(status_code=401, detail="No refresh token")
-    result = await AuthService(session).refresh_tokens(refresh_token, current_user, fingerprint)
+    result = await AuthService(session).refresh_tokens(
+        refresh_token, current_user, fingerprint
+    )
    response.set_cookie(
        key="refresh_token",
        value=result["refresh_token"],
        httponly=True,
        samesite="lax",
-        path=settings.api.v1.auth,
+        path=settings.api.v1_login_url,
        max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
    )
    return result
--- a/src/core/database.py
+++ b/src/core/database.py
@@ -6,7 +6,7 @@ from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column

 from src.core.settings import settings

-engine = create_async_engine(settings.db.url, echo=True)
+engine = create_async_engine(settings.db.url, echo=settings.db.echo)


@event.listens_for(engine.sync_engine, "connect")
--- a/src/core/settings.py
+++ b/src/core/settings.py
@@ -28,6 +28,7 @@ class ApiPrefix(BaseModel):

 class DbSettings(BaseModel):
    url: str = f"sqlite+aiosqlite:///{DB_PATH}"
+    echo: bool = False


 class AccessToken(BaseModel):
--- a/src/services/auth.py
+++ b/src/services/auth.py
@@ -19,6 +19,20 @@ class AuthService(BaseService):
        await self.session.commit()
        return User.model_validate(result)

+    async def _tokens_create(self, user_data: TokenData, fingerprint: str):
+        access_token = AuthManager.create_access_token(user_data.model_dump())
+        refresh_token = AuthManager.create_refresh_token()
+        await self.session.auth.create_one({
+            "token": refresh_token, 
+            "user_id": user_data.id,
+            "fingerprint": fingerprint
+        })
+        return {
+            "access_token": access_token,
+            "token_type": settings.access_token.token_type,
+            "refresh_token": refresh_token,
+        }
+
    async def login(self, username: str, password: str, fingerprint: str) -> dict:
        result = await self.session.user.get_one_or_none(username=username)
        if result is None:
@@ -36,39 +50,20 @@ class AuthService(BaseService):
                status_code=401,
                detail="Incorrect username or password",
            )
-        access_token = AuthManager.create_access_token(token_data.model_dump())
-        refresh_token = AuthManager.create_refresh_token()
-        await self.session.auth.create_one({
-            "token": refresh_token, 
-            "user_id": user.id,
-            "fingerprint": fingerprint
-        })
-        await self.session.commit()
-        return {
-            "access_token": access_token,
-            "token_type": settings.access_token.token_type,
-            "refresh_token": refresh_token,
-        }
-
-    async def delete_token(self, token: str) -> None:
-        await self.session.auth.delete_one(token=token)
+        tokens = await self._tokens_create(token_data, fingerprint)
        await self.session.commit()
+        print(tokens)
+        return tokens

    async def refresh_tokens(self, refresh_token: str, user_data: TokenData, fingerprint: str) -> dict:
        token_record = await self.session.auth.get_one_or_none(token=refresh_token)
        if not token_record or token_record.user_id != user_data.id:
            raise HTTPException(status_code=401, detail="Invalid refresh token")
-        new_access_token = AuthManager.create_access_token(user_data.model_dump())
-        new_refresh_token = AuthManager.create_refresh_token()
+        token = await self._tokens_create(user_data, fingerprint)
        await self.session.auth.delete_one(token=refresh_token)
-        await self.session.auth.create_one({
-            "token": new_refresh_token,
-            "user_id": user_data.id,
-            "fingerprint": fingerprint
-        })
        await self.session.commit()
-        return {
-            "access_token": new_access_token,
-            "token_type": settings.access_token.token_type,
-            "refresh_token": new_refresh_token,
-        }
+        return token
+    
+    async def delete_token(self, token: str) -> None:
+        await self.session.auth.delete_one(token=token)
+        await self.session.commit()
Author	SHA1	Message	Date
IluaAir	4e47ce80fd	fix fingerprint body	2025-09-27 11:26:10 +03:00
IluaAir	f4e46bef22	full refresh token	2025-09-27 11:24:57 +03:00