add workflow

backend/src/auth/auth.py

@@ -22,9 +22,7 @@ jwk_client = PyJWKClient(JWKS_URL)
 security = HTTPBearer()
 
 @router.get('/logout')
-def logout(
-    refresh_token: Annotated[str | None, Cookie()] = None,
-):
+def logout():
     params = {
         'client_id': settings.keycloak_client_id,
         'post_logout_redirect_uri': settings.origins,
@@ -34,26 +32,20 @@ def logout(
         key='access_token',
         path='/',
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
     )
     response.delete_cookie(
         key='refresh_token',
         path='/',
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
     )
     response.delete_cookie(
         key='id_token',
         path='/',
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
     )
-    # if refresh_token:
-    #     requests.post(LOGOUT_URL, data={
-    #         'client_id': settings.keycloak_client_id,
-    #         'client_secret': settings.keycloak_client_secret,
-    #         'refresh_token': refresh_token
-    #     })
     return response
 
 
@@ -127,7 +119,7 @@ def callback(code: str, session: Session = Depends(get_session)):
         value=token_data['access_token'],
         httponly=True,
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
         max_age=settings.max_age
     )
     response.set_cookie(
@@ -135,7 +127,7 @@ def callback(code: str, session: Session = Depends(get_session)):
         value=token_data['refresh_token'] or '',
         httponly=True,
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
         max_age=30 * 24 * settings.max_age
     )
     response.set_cookie(
@@ -143,7 +135,7 @@ def callback(code: str, session: Session = Depends(get_session)):
         value=token_data['id_token'],
         httponly=True,
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
         max_age=settings.max_age
     )
 
@@ -152,15 +144,15 @@ def callback(code: str, session: Session = Depends(get_session)):
 def verify_token(token: str):
     try:
         signing_key = jwk_client.get_signing_key_from_jwt(token)
-        decoded = jwt.decode(token, options={'verify_signature': False})
-        payload = jwt.decode(
+        decoded = jwt.decode(
             token,
             signing_key.key,
             algorithms=['RS256'],
             audience=settings.keycloak_client_id,
             issuer=ISSUER,
+            leeway=60,
         )
-        return payload
+        return decoded
     except jwt.ExpiredSignatureError:
         raise HTTPException(status_code=401, detail=messages.tokenexipired)
     except jwt.InvalidTokenError:
@@ -210,7 +202,7 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
         value=token_data['access_token'],
         httponly=True,
         secure=True if settings.debug == False else True,
-        samesite='lax',
+        samesite='strict',
         max_age=settings.max_age
     )
     response.set_cookie(
@@ -218,7 +210,7 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
         value=token_data['refresh_token'] or '',
         httponly=True,
         secure=True if settings.debug == False else True,
-        samesite='lax',
+        samesite='strict',
         max_age=30 * 24 * settings.max_age
     )
     response.set_cookie(
@@ -226,7 +218,7 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
         value=token_data['id_token'],
         httponly=True,
         secure=not settings.debug,
-        samesite='lax',
+        samesite='strict',
         max_age=settings.max_age
     )
     return response

backend/src/contracts/generate_contract.py

@@ -5,6 +5,8 @@ import html
 from weasyprint import HTML
 import io
 
+import pathlib
+
 def generate_html_contract(
     contract: models.Contract,
     cheques: list[dict],
@@ -13,7 +15,7 @@ def generate_html_contract(
     recurrent_price: float,
     total_price: float
 ):    
-    template_dir = "./src/contracts/templates"
+    template_dir = pathlib.Path().resolve() + "/src/contracts/templates"
     template_loader = jinja2.FileSystemLoader(searchpath=template_dir)
     template_env = jinja2.Environment(loader=template_loader, autoescape=jinja2.select_autoescape(["html", "xml"]))
     template_file = "layout.html"
@@ -57,7 +59,8 @@ def generate_html_contract(
 
     return HTML(
         string=output_text,
-        base_url=template_dir
+        base_url=template_dir,
+        **options
     ).write_pdf()
 
 from odfdo import Document, Table, Row, Cell

backend/src/main.py

@@ -12,7 +12,7 @@ from src.users.users import router as users_router
 from src.auth.auth import router as auth_router
 from src.shipments.shipments import router as shipment_router
 from src.settings import settings
-from src.database import engine
+from src.database import engine, create_all_tables
 
 app = FastAPI()
 
@@ -37,4 +37,5 @@ app.include_router(users_router, prefix="/api")
 app.include_router(auth_router, prefix="/api")
 app.include_router(shipment_router, prefix="/api")
 
-SQLModel.metadata.create_all(engine)
+if settings.debug == True:
+    create_all_tables()

backend/src/settings.py

@@ -12,7 +12,6 @@ class Settings(BaseSettings):
     keycloak_client_id: str
     keycloak_client_secret: str
     keycloak_redirect_uri: str
-    vite_api_url: str
     max_age: int
     debug: bool