def login():
"""
Login the user to the server
:return: user json with id and API key
"""
user_json = request.json
username = user_json[UserKeys.USERNAME_KEY]
password = user_json[UserKeys.HASHED_PASSWORD]
user = UserService.get_user_by_name(username)
if user is None:
abort(404)
if user[UserKeys.HASHED_PASSWORD] != password:
abort(404)
token, refresh_token = create_user_token(str(user.id))
user_json[ID_KEY] = str(user.id)
user_json[UserKeys.API_KEY] = token
UserService.set_refresh_cookie(str(user.id), refresh_token)
res = make_response(token)
res.set_cookie("refresh_token", refresh_token, httponly=True)
return res
def create_user_token(user_id: str):
token = jwt.encode(
{
"id": user_id,
"exp": datetime.utcnow() + timedelta(minutes=TOKEN_EXPIRE_TIME)
}, JWT_SECRET)
refresh_cookie = jwt.encode(
{
"id": user_id,
"exp": datetime.utcnow() + timedelta(minutes=TOKEN_EXPIRE_TIME)
}, REFRESH_COOKIE)
UserService.set_refresh_cookie(user_id, refresh_cookie.decode())
return token.decode(), refresh_cookie.decode()
