Fix logout type mismatch

2024-01-02 17:39:37 -06:00 · 2024-01-02 17:39:37 -06:00 · ca59125a85
commit ca59125a85
parent 5b6ed389c4
4 changed files with 12 additions and 5 deletions
--- a/api/app/api.py
+++ b/api/app/api.py
@ -3,6 +3,7 @@ import sys
 from contextlib import asynccontextmanager

 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware

 from database.utils import create_admin_user
 from routes import users, flights, auth
@ -23,6 +24,10 @@ async def lifespan(app: FastAPI):
 # Initialize FastAPI
 app = FastAPI(lifespan=lifespan)

+# Allow CORS
+app.add_middleware(CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"],
+                   allow_headers=["*"])
+
 # Add subroutes
 app.include_router(users.router, tags=["Users"], prefix="/users")
 app.include_router(flights.router, tags=["Flights"], prefix="/flights")
--- a/api/app/deps.py
+++ b/api/app/deps.py
@ -9,7 +9,8 @@ from pydantic import ValidationError
 from app.config import get_settings, Settings
 from database.tokens import is_blacklisted
 from database.users import get_user_system_info, get_user_system_info_id
-from schemas.user import TokenPayload, AuthLevel, UserDisplaySchema
+
+from schemas.user import TokenPayload, AuthLevel, UserDisplaySchema, TokenSchema

 reusable_oath = OAuth2PasswordBearer(
    tokenUrl="/auth/login",
@ -42,7 +43,7 @@ async def get_current_user(settings: Annotated[Settings, Depends(get_settings)],


 async def get_current_user_token(settings: Annotated[Settings, Depends(get_settings)],
-                                 token: str = Depends(reusable_oath)) -> (UserDisplaySchema, str):
+                                 token: str = Depends(reusable_oath)) -> (UserDisplaySchema, TokenSchema):
    try:
        payload = jwt.decode(
            token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm]
@ -58,11 +59,11 @@ async def get_current_user_token(settings: Annotated[Settings, Depends(get_setti
    if blacklisted:
        raise HTTPException(403, "Token expired", {"WWW-Authenticate": "Bearer"})

-    user = await get_user_system_info(id=token_data.sub)
+    user = await get_user_system_info_id(id=token_data.sub)
    if user is None:
        raise HTTPException(404, "Could not find user")

-    return user
+    return user, token


 async def admin_required(user: Annotated[UserDisplaySchema, Depends(get_current_user)]):
--- a/api/routes/flights.py
+++ b/api/routes/flights.py
@ -50,7 +50,7 @@ async def get_flight(flight_id: str, user: UserDisplaySchema = Depends(get_curre
    :return: Flight details
    """
    flight = await db.retrieve_flight(flight_id)
-    if flight.user != user.id and AuthLevel(user.level) != AuthLevel.ADMIN:
+    if str(flight.user) != user.id and AuthLevel(user.level) != AuthLevel.ADMIN:
        logger.info("Attempted access to unauthorized flight by %s", user.username)
        raise HTTPException(403, "Unauthorized access")

--- a/api/schemas/flight.py
+++ b/api/schemas/flight.py
@ -86,6 +86,7 @@ class FlightCreateSchema(BaseModel):


 class FlightDisplaySchema(FlightCreateSchema):
+    user: PyObjectId
    id: PyObjectId