session and logout features with sending the token inside the body

handler.py

@@ -89,6 +89,26 @@ def index():
     }
     return public_reset.reset().html(params)
 
+@app.route('/logout')
+def index():
+    beaker_session = request.environ.get('beaker.session')
+    if "token" in beaker_session:
+        params = {
+            "jwt" : beaker_session["token"],
+            "type" : "out"
+        }
+        response_session    = api_auth.auth().session(params)
+        response_logout     = api_auth.auth().logout(params)
+        if response_session['status'] == 'success' and response_logout['status'] == 'success' :
+            redirect('/?message=logout success')
+        else:
+            print('logout failed')
+            print(f"response session: {response_session['status']}")
+            print(f"response logout: {response_logout['status']}")
+            redirect('/?message=logout failed')
+    else:
+        redirect('/')
+
 @app.route('/api/auth/register/<roles>', method=['OPTIONS', 'POST'])
 def index(roles):
     try:
@@ -208,7 +228,7 @@ def index(type):
             return None
         else:
             response.content_type = 'application/json'
-            params = {}
+            params = request.json
             params["type"   ] = type
             return json.dumps(api_auth.auth().session(params), indent = 2).encode()
     except Exception as e:
@@ -221,7 +241,7 @@ def index():
         if request.method == 'OPTIONS':
             return None
         else:
-            params = {}
+            params = request.json
             return json.dumps(api_auth.auth().logout(params), indent = 2).encode()
     except Exception as e:
         print(str(e),flush=True)

modules/api/auth.py

@@ -297,21 +297,24 @@ class auth:
                 loggorilla.prcss(APIADDR, "Get the token from params")
                 jwt         = params["jwt"  ]
             else:
-                loggorilla.fyinf(APIADDR, "type is not 'set': get the jwt from Header")
-                loggorilla.prcss(APIADDR, "Extract the token from Header")
-                auth_header = request.get_header('Authorization')
-                loggorilla.prcss(APIADDR, "Check the bearer")
-                if auth_header.split(' ')[0] == 'Bearer':
-                    loggorilla.fyinf(APIADDR, "Use bearer")
-                    jwt 	    = auth_header.split(' ')[1]
-                else:
-                    loggorilla.fyinf(APIADDR, "Not use bearer")
-                    jwt = None
+                jwt         = params["jwt"  ]
+                #loggorilla.fyinf(APIADDR, "type is not 'set': get the jwt from Header")
+                #loggorilla.prcss(APIADDR, "Extract the token from Header")
+                #auth_header = request.get_header('Authorization')
+                #loggorilla.prcss(APIADDR, "Check the bearer")
+                #if auth_header.split(' ')[0] == 'Bearer':
+                #    loggorilla.fyinf(APIADDR, "Use bearer")
+                #    jwt 	    = auth_header.split(' ')[1]
+                #else:
+                #    loggorilla.fyinf(APIADDR, "Not use bearer")
+                #    jwt = None
             payload     	= tokenguard.decode(jwt, globalvar.ssh['key']['public'])
             session_id  	= payload["session"]["id"]
+            session_beaker	= request.environ.get('beaker.session')
             if type == 'set':
-                loggorilla.prcss(APIADDR, "Set authorization on header")
-                bottle_response.set_header("Authorization", f"Bearer {jwt}")
+                loggorilla.prcss(APIADDR, "Set session")
+                session_beaker["token"] = jwt
+                session_beaker.save()
                 response["status"   ] = "success"
                 response["desc"     ] = "Session set"
             elif type == 'check':
@@ -332,8 +335,8 @@ class auth:
                         "status":"active"
                     }
             elif type == 'out':
-                loggorilla.prcss(APIADDR, "Remove Authorization header")
-                bottle_response.set_header("Authorization", "")
+                loggorilla.prcss(APIADDR, "Out session")
+                session_beaker.delete()
                 response["status"   ] = "success"
                 response["desc"     ] = "Session out"
             else:
@@ -452,29 +455,22 @@ class auth:
         return response
 
     def logout(self, params):
-        APIADDR     = "/api/auth/logout"
+        APIADDR     = "/logout"
         loggorilla.prcss(APIADDR, "Define parameters")
         response    = {}
-        loggorilla.prcss(APIADDR, "Extract the token from Header")
-        auth_header = request.get_header('Authorization')
-        loggorilla.prcss(APIADDR, "Check the bearer")
-        if auth_header.split(' ')[0] == 'Bearer':
-            loggorilla.fyinf(APIADDR, "Use bearer")
-            jwt 	    = auth_header.split(' ')[1]
-        else:
-            loggorilla.fyinf(APIADDR, "Not use bearer")
-            jwt = None
+        jwt         = params["jwt"  ]
         payload     = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
         session_id  = payload["session"]["id"]
         self.cursor.execute("BEGIN;")
         try:
             loggorilla.prcss(APIADDR, "Deleting")
             self.cursor.execute("DELETE FROM auth_session WHERE id = %s ; ", (session_id,) )
-            loggorilla.prcss(APIADDR, "Giving response")
             loggorilla.fyinf(APIADDR, f"Session {session_id} removed.")
+            loggorilla.prcss(APIADDR, "Giving response")
             response["status"	] = "success"
-            response["desc"	] = f"Your session removed."
+            response["desc"		] = f"Session ({session_id}) removed."
         except Exception as e:
+            loggorilla.prcss(APIADDR, "Rollback")
             self.cursor.execute("ROLLBACK;")
             loggorilla.error(APIADDR, str(e) )
             response["status"	] = "failed"
@@ -484,4 +480,3 @@ class auth:
             self.cursor.close()
             self.db_main.close()
         return response
-