feat(auth): add remember me option with persistent DB sessions

This commit is contained in:
2026-07-05 21:28:58 +08:00
parent 2bd914532e
commit 9692ff8ade
4 changed files with 60 additions and 21 deletions

View File

@@ -42,15 +42,23 @@ def login_submit(
request: Request,
username: str = Form(...),
password: str = Form(...),
remember_me: str = Form(""),
db: Session = Depends(get_db),
):
from app.auth import cleanup_expired_sessions
cleanup_expired_sessions(db)
user = db.query(User).filter(User.username == username).first()
if not user or not verify_password(password, user.password_hash):
return templates.TemplateResponse(
"login.html", {"request": request, "error": "用户名或密码错误"}, status_code=401
)
is_remember = remember_me == "on"
token = create_session(user.id, db, remember_me=is_remember)
resp = _redirect("/dashboard")
resp.set_cookie(SESSION_COOKIE_NAME, create_session(user.id), httponly=True)
cookie_kwargs = {"httponly": True, "samesite": "lax"}
if is_remember:
cookie_kwargs["max_age"] = 365 * 24 * 3600
resp.set_cookie(SESSION_COOKIE_NAME, token, **cookie_kwargs)
return resp
@@ -84,9 +92,9 @@ def register_submit(
@router.get("/logout")
def logout(request: Request):
def logout(request: Request, db: Session = Depends(get_db)):
token = request.cookies.get(SESSION_COOKIE_NAME)
destroy_session(token or "")
destroy_session(token or "", db)
resp = _redirect("/login")
resp.delete_cookie(SESSION_COOKIE_NAME)
return resp