From 234148f0463690e64bb4a4f497ecfd87b1f85216 Mon Sep 17 00:00:00 2001 From: James Ketrenos Date: Mon, 4 Aug 2025 16:21:29 -0700 Subject: [PATCH] Fix auth issue --- src/backend/routes/auth.py | 51 ++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 16 deletions(-) diff --git a/src/backend/routes/auth.py b/src/backend/routes/auth.py index 04edcfb..0cf2470 100644 --- a/src/backend/routes/auth.py +++ b/src/backend/routes/auth.py @@ -4,6 +4,7 @@ Authentication routes import json import jwt import secrets +import traceback import uuid import os from datetime import datetime, timedelta, timezone, UTC @@ -11,7 +12,7 @@ from typing import Any, Dict from fastapi import APIRouter, Depends, Body, Request, BackgroundTasks from fastapi.responses import JSONResponse -from pydantic import BaseModel, EmailStr, ValidationError, field_validator +from pydantic import BaseModel, EmailStr, ValidationError, field_validator, Field import backstory_traceback as backstory_traceback from utils.rate_limiter import RateLimiter @@ -190,7 +191,6 @@ async def create_guest_session_enhanced( except Exception as e: logger.error(f"❌ Guest session creation error: {e}") - import traceback logger.error(traceback.format_exc()) return JSONResponse( @@ -443,43 +443,62 @@ async def logout_all_devices(current_user=Depends(get_current_admin), database: return JSONResponse(status_code=500, content=create_error_response("LOGOUT_ALL_ERROR", str(e))) +class RefreshTokenRequest(BaseModel): + refresh_token: str = Field(..., alias="refreshToken") + + @router.post("/refresh") -async def refresh_token_endpoint( - refresh_token: str = Body(..., alias="refreshToken"), database: RedisDatabase = Depends(get_database) -): +async def refresh_token_endpoint(request: RefreshTokenRequest, database: RedisDatabase = Depends(get_database)): """Refresh token endpoint""" try: # Verify refresh token - payload = jwt.decode(refresh_token, JWT_SECRET_KEY, algorithms=[ALGORITHM]) + payload = jwt.decode(request.refresh_token, JWT_SECRET_KEY, algorithms=[ALGORITHM]) user_id = payload.get("sub") token_type = payload.get("type") - if not user_id or token_type != "refresh": + if not user_id or (token_type not in ["refresh", "refresh_guest"]): return JSONResponse( status_code=401, content=create_error_response("INVALID_TOKEN", "Invalid refresh token") ) # Create new access token - access_token = create_access_token(data={"sub": user_id}) + if token_type == "refresh_guest": + access_token = create_access_token( + data={"sub": user_id, "type": "guest"}, + expires_delta=timedelta(hours=48), # Longer expiry for guests + ) + else: + access_token = create_access_token(data={"sub": user_id}) # Get user user = None - candidate_data = await database.get_candidate(user_id) - if candidate_data: - user = Candidate.model_validate(candidate_data) + if token_type == "refresh_guest": + guest_data = await database.get_guest(user_id) + if guest_data: + user = Guest.model_validate(guest_data) else: - employer_data = await database.get_employer(user_id) - if employer_data: - user = Employer.model_validate(employer_data) + candidate_data = await database.get_candidate(user_id) + if candidate_data: + user = Candidate.model_validate(candidate_data) + else: + employer_data = await database.get_employer(user_id) + if employer_data: + user = Employer.model_validate(employer_data) if not user: return JSONResponse(status_code=404, content=create_error_response("USER_NOT_FOUND", "User not found")) + # Set appropriate expiry time + if token_type == "refresh_guest": + expires_at = int((datetime.now(UTC) + timedelta(hours=48)).timestamp()) + else: + expires_at = int((datetime.now(UTC) + timedelta(hours=24)).timestamp()) + auth_response = AuthResponse( access_token=access_token, - refresh_token=refresh_token, # Keep same refresh token + refresh_token=request.refresh_token, # Keep same refresh token user=user, - expires_at=int((datetime.now(UTC) + timedelta(hours=24)).timestamp()), + expires_at=expires_at, ) return create_success_response(auth_response.model_dump(by_alias=True))