Store code as cookie in frontend and send credentials

fastapi_server/frontend/login/index.html

@@ -19,15 +19,10 @@
       if (codeParam !== null) {
         // Use the value of the "code" parameter
         console.log("Value of 'code' parameter:", codeParam);
+        document.cookie = `code=${codeParam}; expires=30; path=/`;
 
-        fetch(`https://{{ server_url }}/htmxapi/login?code=${codeParam}`).then(
-          (response) => {
-            if (response.ok) {
-              // Redirect after successful login
-              window.location.href = "/chat";
-            }
-          }
-        );
+        // Redirect after successful login
+        window.location.href = "/chat";
       } else {
         // "code" parameter is not present in the URL
         console.log("'code' parameter is missing.");

fastapi_server/frontend/logout/index.html

@@ -5,12 +5,10 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>HTMX+Fastapi Todo App</title>
     <script>
-      fetch("https://{{ server_url }}/htmxapi/logout").then((response) => {
-        if (response.ok) {
-          // Redirect after successful removal of cookies
-          window.location.href = "/chat";
-        }
-      });
+      document.cookie = `github_access_token=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
+
+        // Redirect after successful removal of cookies
+      window.location.href = "/chat";
     </script>
   </head>
 

fastapi_server/routes/login_logout.py

@@ -5,7 +5,7 @@
 
 import aiohttp
 from fastapi import APIRouter, Cookie, Request, Response, status
-from fastapi.responses import HTMLResponse
+from fastapi.responses import HTMLResponse, RedirectResponse
 from fastapi.templating import Jinja2Templates
 
 login_router = APIRouter()
@@ -36,13 +36,16 @@ def logout_page(request: Request):
 
 @login_router.get("/htmxapi/login")
 async def user_login(
-    response: Response, code: str | None = None, github_access_token: Annotated[str | None, Cookie()] = None
+    response: Response,
+    code: Annotated[str | None, Cookie()] = None,
+    github_access_token: Annotated[str | None, Cookie()] = None
 ):
     # TODO Check/log where the request came from (ip or website?)
     if code is None:
         response.status_code = status.HTTP_204_NO_CONTENT
         return
     if github_access_token is not None:
+        response.delete_cookie(key="code")
         response.status_code = status.HTTP_204_NO_CONTENT
         return
 
@@ -62,15 +65,17 @@ async def user_login(
         data = await post_response.json()
         if "error" in data:
             return "wrong client id code"
+        redirect = RedirectResponse("/htmxapi/chatheader")
         # TODO What does "secure" and "same_site" do?
-        response.set_cookie(key="github_access_token", value=data["access_token"], secure=True)
-        return
+        redirect.set_cookie(key="github_access_token", value=data["access_token"], secure=True)
+        redirect.delete_cookie(key="code")
+        return redirect
 
 
-@login_router.get("/htmxapi/logout")
-async def user_logout(response: Response, github_access_token: Annotated[str | None, Cookie()] = None):
-    # TODO Check/log where the request came from (ip or website?)
-    if github_access_token is not None:
-        response.delete_cookie(key="github_access_token")
-        response.status_code = status.HTTP_204_NO_CONTENT
-        return
+# @login_router.get("/htmxapi/logout")
+# async def user_logout(response: Response, github_access_token: Annotated[str | None, Cookie()] = None):
+#     # TODO Check/log where the request came from (ip or website?)
+#     if github_access_token is not None:
+#         response.delete_cookie(key="github_access_token")
+#         response.status_code = status.HTTP_204_NO_CONTENT
+#         return

fastapi_server/templates/chat/chat_header.html

@@ -6,6 +6,7 @@
       hx-get="https://{{ server_url }}/htmxapi/login"
       hx-swap="outerHTML"
       hx-target="#chatheader"
+      hx-request="credentials"
     ></div>
     {% if logged_in %}
     <a href="https://{{ server_url }}/logout">Log out</a>