diff --git a/handler.py b/handler.py index 9673233..c0fe428 100644 --- a/handler.py +++ b/handler.py @@ -89,6 +89,26 @@ def index(): } return public_reset.reset().html(params) +@app.route('/logout') +def index(): + beaker_session = request.environ.get('beaker.session') + if "token" in beaker_session: + params = { + "jwt" : beaker_session["token"], + "type" : "out" + } + response_session = api_auth.auth().session(params) + response_logout = api_auth.auth().logout(params) + if response_session['status'] == 'success' and response_logout['status'] == 'success' : + redirect('/?message=logout success') + else: + print('logout failed') + print(f"response session: {response_session['status']}") + print(f"response logout: {response_logout['status']}") + redirect('/?message=logout failed') + else: + redirect('/') + @app.route('/api/auth/register/', method=['OPTIONS', 'POST']) def index(roles): try: @@ -208,7 +228,7 @@ def index(type): return None else: response.content_type = 'application/json' - params = {} + params = request.json params["type" ] = type return json.dumps(api_auth.auth().session(params), indent = 2).encode() except Exception as e: @@ -221,7 +241,7 @@ def index(): if request.method == 'OPTIONS': return None else: - params = {} + params = request.json return json.dumps(api_auth.auth().logout(params), indent = 2).encode() except Exception as e: print(str(e),flush=True) diff --git a/modules/api/auth.py b/modules/api/auth.py index b1b43db..e6a66bd 100644 --- a/modules/api/auth.py +++ b/modules/api/auth.py @@ -297,21 +297,24 @@ class auth: loggorilla.prcss(APIADDR, "Get the token from params") jwt = params["jwt" ] else: - loggorilla.fyinf(APIADDR, "type is not 'set': get the jwt from Header") - loggorilla.prcss(APIADDR, "Extract the token from Header") - auth_header = request.get_header('Authorization') - loggorilla.prcss(APIADDR, "Check the bearer") - if auth_header.split(' ')[0] == 'Bearer': - loggorilla.fyinf(APIADDR, "Use bearer") - jwt = auth_header.split(' ')[1] - else: - loggorilla.fyinf(APIADDR, "Not use bearer") - jwt = None + jwt = params["jwt" ] + #loggorilla.fyinf(APIADDR, "type is not 'set': get the jwt from Header") + #loggorilla.prcss(APIADDR, "Extract the token from Header") + #auth_header = request.get_header('Authorization') + #loggorilla.prcss(APIADDR, "Check the bearer") + #if auth_header.split(' ')[0] == 'Bearer': + # loggorilla.fyinf(APIADDR, "Use bearer") + # jwt = auth_header.split(' ')[1] + #else: + # loggorilla.fyinf(APIADDR, "Not use bearer") + # jwt = None payload = tokenguard.decode(jwt, globalvar.ssh['key']['public']) session_id = payload["session"]["id"] + session_beaker = request.environ.get('beaker.session') if type == 'set': - loggorilla.prcss(APIADDR, "Set authorization on header") - bottle_response.set_header("Authorization", f"Bearer {jwt}") + loggorilla.prcss(APIADDR, "Set session") + session_beaker["token"] = jwt + session_beaker.save() response["status" ] = "success" response["desc" ] = "Session set" elif type == 'check': @@ -332,8 +335,8 @@ class auth: "status":"active" } elif type == 'out': - loggorilla.prcss(APIADDR, "Remove Authorization header") - bottle_response.set_header("Authorization", "") + loggorilla.prcss(APIADDR, "Out session") + session_beaker.delete() response["status" ] = "success" response["desc" ] = "Session out" else: @@ -452,36 +455,28 @@ class auth: return response def logout(self, params): - APIADDR = "/api/auth/logout" + APIADDR = "/logout" loggorilla.prcss(APIADDR, "Define parameters") response = {} - loggorilla.prcss(APIADDR, "Extract the token from Header") - auth_header = request.get_header('Authorization') - loggorilla.prcss(APIADDR, "Check the bearer") - if auth_header.split(' ')[0] == 'Bearer': - loggorilla.fyinf(APIADDR, "Use bearer") - jwt = auth_header.split(' ')[1] - else: - loggorilla.fyinf(APIADDR, "Not use bearer") - jwt = None + jwt = params["jwt" ] payload = tokenguard.decode(jwt, globalvar.ssh['key']['public']) session_id = payload["session"]["id"] self.cursor.execute("BEGIN;") try: loggorilla.prcss(APIADDR, "Deleting") self.cursor.execute("DELETE FROM auth_session WHERE id = %s ; ", (session_id,) ) - loggorilla.prcss(APIADDR, "Giving response") loggorilla.fyinf(APIADDR, f"Session {session_id} removed.") + loggorilla.prcss(APIADDR, "Giving response") response["status" ] = "success" - response["desc" ] = f"Your session removed." + response["desc" ] = f"Session ({session_id}) removed." except Exception as e: + loggorilla.prcss(APIADDR, "Rollback") self.cursor.execute("ROLLBACK;") loggorilla.error(APIADDR, str(e) ) response["status" ] = "failed" - response["desc" ] = "Internal Server Error. Please contact us if you still have an error. for detail" + response["desc" ] = "Internal Server Error. Please contact us if you still have an error. for detail" finally: self.cursor.execute("COMMIT;") self.cursor.close() self.db_main.close() return response -