feat(auth): add remember me option with persistent DB sessions
This commit is contained in:
@@ -42,15 +42,23 @@ def login_submit(
|
||||
request: Request,
|
||||
username: str = Form(...),
|
||||
password: str = Form(...),
|
||||
remember_me: str = Form(""),
|
||||
db: Session = Depends(get_db),
|
||||
):
|
||||
from app.auth import cleanup_expired_sessions
|
||||
cleanup_expired_sessions(db)
|
||||
user = db.query(User).filter(User.username == username).first()
|
||||
if not user or not verify_password(password, user.password_hash):
|
||||
return templates.TemplateResponse(
|
||||
"login.html", {"request": request, "error": "用户名或密码错误"}, status_code=401
|
||||
)
|
||||
is_remember = remember_me == "on"
|
||||
token = create_session(user.id, db, remember_me=is_remember)
|
||||
resp = _redirect("/dashboard")
|
||||
resp.set_cookie(SESSION_COOKIE_NAME, create_session(user.id), httponly=True)
|
||||
cookie_kwargs = {"httponly": True, "samesite": "lax"}
|
||||
if is_remember:
|
||||
cookie_kwargs["max_age"] = 365 * 24 * 3600
|
||||
resp.set_cookie(SESSION_COOKIE_NAME, token, **cookie_kwargs)
|
||||
return resp
|
||||
|
||||
|
||||
@@ -84,9 +92,9 @@ def register_submit(
|
||||
|
||||
|
||||
@router.get("/logout")
|
||||
def logout(request: Request):
|
||||
def logout(request: Request, db: Session = Depends(get_db)):
|
||||
token = request.cookies.get(SESSION_COOKIE_NAME)
|
||||
destroy_session(token or "")
|
||||
destroy_session(token or "", db)
|
||||
resp = _redirect("/login")
|
||||
resp.delete_cookie(SESSION_COOKIE_NAME)
|
||||
return resp
|
||||
|
||||
Reference in New Issue
Block a user