diff --git a/app/__init__.py b/app/__init__.py index f9f0f91..2cac29f 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -1,4 +1,4 @@ -from flask import Flask, session, request, render_template +from flask import Flask, session, request, render_template, redirect, url_for from dotenv import load_dotenv from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads, Sessions from .auth import digest, is_logged_in, get_active_user @@ -230,9 +230,13 @@ def create_app(): app.config['SESSION_COOKIE_SECURE'] = True @app.before_request - def make_session_permanent(): + def revoke_session(): if is_logged_in(): - session.permanent = True + sess = Sessions.find({'key': session['pyrom_session_key']}) + if int(time.time()) > int(sess.expires_at): + sess.delete() + session.clear() + return redirect(url_for('topics.all_topics')) commit = '' with open('.git/refs/heads/main') as f: diff --git a/app/routes/users.py b/app/routes/users.py index 56fc597..d435a10 100644 --- a/app/routes/users.py +++ b/app/routes/users.py @@ -13,12 +13,15 @@ def log_in_page(): def log_in_post(): user = Users.find({'username': request.form['username']}) if not user: - return "no user" + return 'no user' if not verify(user.password_hash, request.form['password']): - return "no" + return 'no' sess = create_session(user.id) session['pyrom_session_key'] = sess.key + session['remember'] = request.form.get('remember') == 'on' + if session['remember']: + session.permanent = True return redirect(request.form['return_to']) @bp.get('/')