Spaces:

Ananthakr1shnan
/

ResearchMate

Sleeping

App Files Files Community

Ananthakr1shnan commited on Jul 13

Commit

94f10f5

verified ·

1 Parent(s): 04daea4

Update main.py

Browse files

Files changed (1) hide show

main.py +65 -15

main.py CHANGED Viewed

@@ -252,7 +252,7 @@ async def register(request: RegisterRequest):
 @app.post("/api/auth/login")
 async def login(request: LoginRequest):
     """
-    Enhanced login endpoint with better error handling and debugging
     """
     try:
         print(f"🔐 Login attempt for username: {request.username}")
@@ -262,6 +262,10 @@ async def login(request: LoginRequest):
             print("❌ Missing username or password")
             raise HTTPException(status_code=400, detail="Username and password are required")
         # Ensure admin user exists (critical for first-time setup)
         admin_result = auth_manager.create_default_admin()
         print(f"👤 Admin user status: {admin_result.get('message', 'Ready')}")
@@ -271,24 +275,50 @@ async def login(request: LoginRequest):
         print(f"📊 Available users: {list(users.keys())}")
         # Authenticate user
-        result = auth_manager.authenticate_user(request.username, request.password)
         if result["success"]:
-            print(f"✅ Login successful for: {request.username}")
-            return {
                 "success": True,
                 "token": result["token"],
                 "user_id": result["user_id"],
-                "username": result["username"]
             }
         else:
-            print(f"❌ Login failed for: {request.username} - {result.get('error')}")
-            raise HTTPException(status_code=401, detail=result["error"])
     except HTTPException:
         raise
     except Exception as e:
         print(f"💥 Login endpoint error: {e}")
         raise HTTPException(status_code=500, detail="Internal server error")
 @app.get("/api/auth/debug")
@@ -323,14 +353,34 @@ async def login_page(request: Request):
 @app.post("/api/auth/logout")
 async def logout(request: Request):
-    # Get current user to invalidate their session
-    user = await get_current_user_web(request)
-    if user:
-        auth_manager.logout_user(user['user_id'])
-    response = JSONResponse({"success": True, "message": "Logged out successfully"})
-    response.delete_cookie("authToken", path="/")
-    return response
 # Web interface routes (protected)
 @app.get("/", response_class=HTMLResponse)

 @app.post("/api/auth/login")
 async def login(request: LoginRequest):
     """
+    Enhanced login endpoint with cookie setting and proper redirection
     """
     try:
         print(f"🔐 Login attempt for username: {request.username}")
             print("❌ Missing username or password")
             raise HTTPException(status_code=400, detail="Username and password are required")
+        # Strip whitespace
+        username = request.username.strip()
+        password = request.password
         # Ensure admin user exists (critical for first-time setup)
         admin_result = auth_manager.create_default_admin()
         print(f"👤 Admin user status: {admin_result.get('message', 'Ready')}")
         print(f"📊 Available users: {list(users.keys())}")
         # Authenticate user
+        result = auth_manager.authenticate_user(username, password)
         if result["success"]:
+            print(f"✅ Login successful for: {username}")
+            # Create response data
+            response_data = {
                 "success": True,
                 "token": result["token"],
                 "user_id": result["user_id"],
+                "username": result["username"],
+                "redirect_url": "/"
             }
+            # Create JSON response
+            response = JSONResponse(content=response_data)
+            # Set authentication cookie with proper settings for Hugging Face Spaces
+            response.set_cookie(
+                key="authToken",
+                value=result["token"],
+                httponly=True,  # Prevent XSS attacks
+                secure=True,    # HTTPS only (Hugging Face Spaces uses HTTPS)
+                samesite="lax", # CSRF protection while allowing normal navigation
+                max_age=24*60*60,  # 24 hours
+                path="/"
+            )
+            print(f"🍪 Cookie set for user: {username}")
+            return response
         else:
+            print(f"❌ Login failed for: {username} - {result.get('error')}")
+            raise HTTPException(
+                status_code=401,
+                detail=result.get("error", "Invalid username or password")
+            )
     except HTTPException:
         raise
     except Exception as e:
         print(f"💥 Login endpoint error: {e}")
+        import traceback
+        traceback.print_exc()
         raise HTTPException(status_code=500, detail="Internal server error")
 @app.get("/api/auth/debug")
 @app.post("/api/auth/logout")
 async def logout(request: Request):
+    """Enhanced logout with proper cookie clearing"""
+    try:
+        # Get current user to invalidate their session
+        user = await get_current_user_web(request)
+        if user:
+            auth_manager.logout_user(user['user_id'])
+            print(f"🔓 User logged out: {user.get('username', 'Unknown')}")
+        response_data = {"success": True, "message": "Logged out successfully"}
+        response = JSONResponse(content=response_data)
+        # Clear the authentication cookie
+        response.delete_cookie(
+            key="authToken",
+            path="/",
+            domain=None,
+            secure=True,
+            samesite="lax"
+        )
+        return response
+    except Exception as e:
+        print(f"❌ Logout error: {e}")
+        # Still return success and clear cookie even if there's an error
+        response = JSONResponse(content={"success": True, "message": "Logged out"})
+        response.delete_cookie("authToken", path="/")
+        return response
 # Web interface routes (protected)
 @app.get("/", response_class=HTMLResponse)