Merge pull request #624 from explorigin/session-security

Improve Session Security

backend/apps/web/models/auths.py

@@ -5,12 +5,7 @@ import uuid
 from peewee import *
 
 from apps.web.models.users import UserModel, Users
-from utils.utils import (
-    verify_password,
-    get_password_hash,
-    bearer_scheme,
-    create_token,
-)
+from utils.utils import verify_password
 
 from apps.web.internal.db import DB
 

backend/apps/web/routers/auths.py

@@ -93,7 +93,7 @@ async def update_password(
 async def signin(form_data: SigninForm):
     user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
     if user:
-        token = create_token(data={"email": user.email})
+        token = create_token(data={"id": user.id})
 
         return {
             "token": token,
@@ -132,7 +132,7 @@ async def signup(request: Request, form_data: SignupForm):
         )
 
         if user:
-            token = create_token(data={"email": user.email})
+            token = create_token(data={"id": user.id})
             # response.set_cookie(key='token', value=token, httponly=True)
 
             return {

backend/apps/web/routers/chats.py

@@ -25,9 +25,6 @@ from apps.web.models.tags import (
     Tags,
 )
 
-from utils.utils import (
-    bearer_scheme,
-)
 from constants import ERROR_MESSAGES
 
 router = APIRouter()