Login system

[ezzhang8]

General behaviour: Users are issued a token upon signup that is valid for 1 day. When this token expires, the user is signed out the next time they use the website. When they login again, a new token is reissued. The token uniquely identifies users of the website when the server handles requests.

You will need to create the column expiry_date on the users table.

ALTER TABLE users
ADD COLUMN expiry_date timestamp;

Backend:

def auth(auth_header) # will return the user ID of the user that called your API endpoint.

Usage:
This is an example endpoint for using login features

@app.route("/api/authorize", methods=['POST'])
@cross_origin()
def authorize() -> Response: 
    try: 
        user_id = auth(request.headers.get("Authorization")) 
        # pass in the whole header to get the user ID

        return jsonify({"success": True, "user_id": user_id}), 200 
    except Exception as e:
        return jsonify({"success": False, "error": str(e)}), 403 
        # Catch the exception if user isn't authorized

Frontend:

Import useAuth on any page as such, works on any component

import { useAuth } from '@/components/auth/AuthContext';

Usage:

const { auth } = useAuth();

auth.token gives the user's token.
auth.email and auth.username are also available.

See /components/Navbar for example on hiding information to logged-in users only.