Spaces:
Sleeping
Sleeping
Update main.py
Browse files
main.py
CHANGED
|
@@ -252,7 +252,7 @@ async def register(request: RegisterRequest):
|
|
| 252 |
@app.post("/api/auth/login")
|
| 253 |
async def login(request: LoginRequest):
|
| 254 |
"""
|
| 255 |
-
Enhanced login endpoint with cookie setting and proper redirection
|
| 256 |
"""
|
| 257 |
try:
|
| 258 |
print(f"π Login attempt for username: {request.username}")
|
|
@@ -296,14 +296,17 @@ async def login(request: LoginRequest):
|
|
| 296 |
response.set_cookie(
|
| 297 |
key="authToken",
|
| 298 |
value=result["token"],
|
| 299 |
-
httponly=
|
| 300 |
-
secure=
|
| 301 |
-
samesite="lax",
|
| 302 |
max_age=24*60*60, # 24 hours
|
| 303 |
-
path="/"
|
|
|
|
| 304 |
)
|
| 305 |
|
| 306 |
print(f"πͺ Cookie set for user: {username}")
|
|
|
|
|
|
|
| 307 |
return response
|
| 308 |
|
| 309 |
else:
|
|
@@ -353,7 +356,7 @@ async def login_page(request: Request):
|
|
| 353 |
|
| 354 |
@app.post("/api/auth/logout")
|
| 355 |
async def logout(request: Request):
|
| 356 |
-
"""Enhanced logout with proper cookie clearing"""
|
| 357 |
try:
|
| 358 |
# Get current user to invalidate their session
|
| 359 |
user = await get_current_user_web(request)
|
|
@@ -364,12 +367,12 @@ async def logout(request: Request):
|
|
| 364 |
response_data = {"success": True, "message": "Logged out successfully"}
|
| 365 |
response = JSONResponse(content=response_data)
|
| 366 |
|
| 367 |
-
# Clear the authentication cookie
|
| 368 |
response.delete_cookie(
|
| 369 |
key="authToken",
|
| 370 |
path="/",
|
| 371 |
domain=None,
|
| 372 |
-
secure=
|
| 373 |
samesite="lax"
|
| 374 |
)
|
| 375 |
|
|
@@ -379,7 +382,13 @@ async def logout(request: Request):
|
|
| 379 |
print(f"β Logout error: {e}")
|
| 380 |
# Still return success and clear cookie even if there's an error
|
| 381 |
response = JSONResponse(content={"success": True, "message": "Logged out"})
|
| 382 |
-
response.delete_cookie(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 383 |
return response
|
| 384 |
|
| 385 |
# Web interface routes (protected)
|
|
|
|
| 252 |
@app.post("/api/auth/login")
|
| 253 |
async def login(request: LoginRequest):
|
| 254 |
"""
|
| 255 |
+
Enhanced login endpoint with cookie setting and proper redirection for Hugging Face Spaces
|
| 256 |
"""
|
| 257 |
try:
|
| 258 |
print(f"π Login attempt for username: {request.username}")
|
|
|
|
| 296 |
response.set_cookie(
|
| 297 |
key="authToken",
|
| 298 |
value=result["token"],
|
| 299 |
+
httponly=False, # Allow JavaScript access for debugging
|
| 300 |
+
secure=False, # Don't require HTTPS for internal communication
|
| 301 |
+
samesite="lax", # CSRF protection while allowing normal navigation
|
| 302 |
max_age=24*60*60, # 24 hours
|
| 303 |
+
path="/",
|
| 304 |
+
domain=None # Let browser determine domain
|
| 305 |
)
|
| 306 |
|
| 307 |
print(f"πͺ Cookie set for user: {username}")
|
| 308 |
+
print(f"π― Token: {result['token'][:20]}...") # Show first 20 chars
|
| 309 |
+
|
| 310 |
return response
|
| 311 |
|
| 312 |
else:
|
|
|
|
| 356 |
|
| 357 |
@app.post("/api/auth/logout")
|
| 358 |
async def logout(request: Request):
|
| 359 |
+
"""Enhanced logout with proper cookie clearing for Hugging Face Spaces"""
|
| 360 |
try:
|
| 361 |
# Get current user to invalidate their session
|
| 362 |
user = await get_current_user_web(request)
|
|
|
|
| 367 |
response_data = {"success": True, "message": "Logged out successfully"}
|
| 368 |
response = JSONResponse(content=response_data)
|
| 369 |
|
| 370 |
+
# Clear the authentication cookie with same settings as login
|
| 371 |
response.delete_cookie(
|
| 372 |
key="authToken",
|
| 373 |
path="/",
|
| 374 |
domain=None,
|
| 375 |
+
secure=False,
|
| 376 |
samesite="lax"
|
| 377 |
)
|
| 378 |
|
|
|
|
| 382 |
print(f"β Logout error: {e}")
|
| 383 |
# Still return success and clear cookie even if there's an error
|
| 384 |
response = JSONResponse(content={"success": True, "message": "Logged out"})
|
| 385 |
+
response.delete_cookie(
|
| 386 |
+
key="authToken",
|
| 387 |
+
path="/",
|
| 388 |
+
domain=None,
|
| 389 |
+
secure=False,
|
| 390 |
+
samesite="lax"
|
| 391 |
+
)
|
| 392 |
return response
|
| 393 |
|
| 394 |
# Web interface routes (protected)
|