From e670c176e8103221961dba73aea1865fadfa22f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lera=20Elvo=C3=A9?= Date: Wed, 29 Apr 2026 19:22:30 +0300 Subject: [PATCH] add logout route --- app/auth.py | 9 +++++++++ app/routes/users.py | 13 +++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/app/auth.py b/app/auth.py index 2020960..8db92b2 100644 --- a/app/auth.py +++ b/app/auth.py @@ -57,6 +57,15 @@ def create_session(user_id, temporary=False): 'expires_at': int(time.time()) + (expires_days * 24 * 60 * 60), }) +def revoke_session(user_id): + if not is_logged_in(): + return + sess = Sessions.find({'key': session['pyrom_session_key']}) + if not sess: + return + sess.delete() + session.clear() + def parse_username(username: str) -> Tuple[str, str]: """first is the unmodified name/display name, second is username""" if len(username) < 3: diff --git a/app/routes/users.py b/app/routes/users.py index 453b006..e93b719 100644 --- a/app/routes/users.py +++ b/app/routes/users.py @@ -5,7 +5,7 @@ import time from ..auth import ( digest, verify, create_session, is_logged_in, parse_username, is_password_valid, - login_required + login_required, revoke_session, get_active_user ) from ..models import Users, Posts, Reactions, Threads from ..constants import PermissionLevel @@ -29,11 +29,6 @@ def redirect_if_logged_in(destination='topics.all_topics'): def log_in(): return render_template('users/log_in.html') -@bp.post('/log-out/') -@login_required -def log_out(): - return 'stub' - @bp.post('/log-in/') @redirect_if_logged_in() def log_in_post(): @@ -52,6 +47,12 @@ def log_in_post(): session.permanent = True return redirect(request.form.get('return_to', default=url_for('topics.all_topics'))) +@bp.post('/log-out/') +@login_required +def log_out(): + revoke_session(get_active_user().id) + return redirect(url_for('topics.all_topics')) + @bp.get('/sign-up/') @redirect_if_logged_in() def sign_up():