From 34ee6415ade9738c0f15965f008be4e56c33947c Mon Sep 17 00:00:00 2001
From: Andrew Smith <a.smith@silentworks.co.uk>
Date: Wed, 15 Nov 2023 17:51:26 +0000
Subject: [PATCH] Update protected route code

---
 app/__init__.py                        |  4 ++--
 app/account.py                         |  4 ++--
 app/decorators.py                      | 10 +++++-----
 app/supabase.py                        | 17 +++++++----------
 templates/account/index.html           |  2 +-
 templates/account/update-email.html    |  2 +-
 templates/account/update-password.html |  2 +-
 templates/account/update.html          |  2 +-
 templates/dashboard.html               |  2 +-
 templates/layout.html                  |  2 +-
 templates/notes/edit.html              |  2 +-
 templates/notes/index.html             |  2 +-
 templates/notes/new.html               |  2 +-
 13 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index b91a3cf..c8b64f3 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -3,7 +3,7 @@
 from flask_misaka import Misaka
 from app.supabase import (
     supabase,
-    session_context_processor,
+    user_context_processor,
     get_profile_by_slug,
     get_profile_by_user,
     get_all_notes_by_user_id,
@@ -22,7 +22,7 @@
 
 # Set the secret key to some random bytes. Keep this really secret!
 app.secret_key = b"c8af64a6a0672678800db3c5a3a8d179f386e083f559518f2528202a4b7de8f8"
-app.context_processor(session_context_processor)
+app.context_processor(user_context_processor)
 app.register_blueprint(auth)
 app.register_blueprint(account)
 app.register_blueprint(notes)
diff --git a/app/account.py b/app/account.py
index 12be839..4c12fca 100644
--- a/app/account.py
+++ b/app/account.py
@@ -5,11 +5,11 @@
 from supafunc.errors import FunctionsRelayError, FunctionsHttpError
 
 from app.forms import UpdateEmailForm, UpdateForm, UpdatePasswordForm
-from app.supabase import get_profile_by_user, session_context_processor, supabase
+from app.supabase import get_profile_by_user, user_context_processor, supabase
 from app.decorators import login_required, password_update_required, profile_required
 
 account = Blueprint("account", __name__, url_prefix="/account")
-account.context_processor(session_context_processor)
+account.context_processor(user_context_processor)
 
 
 @account.route("/")
diff --git a/app/decorators.py b/app/decorators.py
index 6d851c0..691991d 100644
--- a/app/decorators.py
+++ b/app/decorators.py
@@ -2,24 +2,24 @@
 from typing import Union
 from flask import redirect, session, url_for, request
 from gotrue.errors import AuthApiError, AuthRetryableError
-from gotrue.types import Session, User
+from gotrue.types import User
 from app.supabase import get_profile_by_user, supabase
 
 
 def login_required(f):
     @wraps(f)
     def decorated(*args, **kwargs):
-        sess: Union[Session, None] = None
+        user: Union[User, None] = None
         try:
-            sess = supabase.auth.get_session()
+            user = supabase.auth.get_user()
         except AuthApiError as exception:
             err = exception.to_dict()
             if err.get("message") == "Invalid Refresh Token: Already Used":
-                sess = None
+                user = None
         except AuthRetryableError:
             return redirect(url_for("service_unavailable"))
 
-        if sess is None:
+        if user is None:
             return redirect(url_for("auth.signin", next=request.endpoint))
 
         return f(*args, **kwargs)
diff --git a/app/supabase.py b/app/supabase.py
index c2bb0c3..a648046 100644
--- a/app/supabase.py
+++ b/app/supabase.py
@@ -25,12 +25,12 @@ def get_supabase() -> Client:
 supabase: Client = LocalProxy(get_supabase)
 
 
-def session_context_processor():
+def user_context_processor():
     try:
-        sess = supabase.auth.get_session()
-        return dict(session=sess, app_name=app_name)
+        user = supabase.auth.get_user()
+        return dict(user=user, app_name=app_name)
     except (AuthApiError, AuthRetryableError):
-        return dict(session=None, app_name=app_name)
+        return dict(user=None, app_name=app_name)
 
 
 def get_profile(user_or_slug: Union[User, str]):
@@ -58,8 +58,7 @@ def get_profile(user_or_slug: Union[User, str]):
 
 
 def get_profile_by_user():
-    sess = supabase.auth.get_session()
-    user = sess.user
+    user = supabase.auth.get_user()
     return get_profile(user)
 
 
@@ -91,8 +90,7 @@ def get_notes(user_or_user_id: Union[User, str], public_only: bool = False):
 
 
 def get_notes_by_user():
-    sess = supabase.auth.get_session()
-    user = sess.user
+    user = supabase.auth.get_user()
     return get_notes(user)
 
 
@@ -137,8 +135,7 @@ def get_note(user_or_slug: Union[User, str], id: str):
 
 
 def get_note_by_user_and_id(id: str):
-    sess = supabase.auth.get_session()
-    user = sess.user
+    user = supabase.auth.get_user()
     return get_note(user, id)
 
 
diff --git a/templates/account/index.html b/templates/account/index.html
index 4562bd1..cc0fc19 100644
--- a/templates/account/index.html
+++ b/templates/account/index.html
@@ -9,7 +9,7 @@
     {{ h.alert('mb-10') }}
     <h2 class="font-semibold text-4xl mb-4">Account</h2>
     <p class="font-medium mb-10">
-        Hi {{ profile.display_name or session.user.email }}, you can update your email or password from here
+        Hi {{ profile.display_name or user.email }}, you can update your email or password from here
     </p>
 
     <ul class="divide-y-2 divide-gray-200">
diff --git a/templates/account/update-email.html b/templates/account/update-email.html
index d8e70b8..f2b4bf5 100644
--- a/templates/account/update-email.html
+++ b/templates/account/update-email.html
@@ -11,7 +11,7 @@
 	{{ h.alert('mb-10') }}
 	<h2 class="font-semibold text-4xl mb-4">Update Email</h2>
 	<p class="font-medium mb-4">
-		Hi {{ profile.display_name or session.user.email }}, Enter your new email below and confirm it
+		Hi {{ profile.display_name or user.email }}, Enter your new email below and confirm it
 	</p>
 	<form action="{{ url_for('account.update_email') }}" method="post">
 		{{ form.csrf_token }}
diff --git a/templates/account/update-password.html b/templates/account/update-password.html
index 5612658..25102a5 100644
--- a/templates/account/update-password.html
+++ b/templates/account/update-password.html
@@ -11,7 +11,7 @@
 	{{ h.alert('mb-10') }}
 	<h2 class="font-semibold text-4xl mb-4">Update Password</h2>
 	<p class="font-medium mb-4">
-		Hi {{ profile.display_name or session.user.email }}, Enter your new password below and confirm it
+		Hi {{ profile.display_name or user.email }}, Enter your new password below and confirm it
 	</p>
 	<form action="{{ url_for('account.update_password') }}" method="post">
 		{{ form.csrf_token }}
diff --git a/templates/account/update.html b/templates/account/update.html
index f79d70e..21a1d81 100644
--- a/templates/account/update.html
+++ b/templates/account/update.html
@@ -11,7 +11,7 @@
 	{{ h.alert('mb-10') }}
 	<h2 class="font-semibold text-4xl mb-4">{{ 'Update Profile' if profile.display_name else 'Please complete your profile' }}</h2>
 	<p class="font-medium mb-4">
-		Hi {{ profile.display_name or session.user.email }}, Enter your new email below and confirm it
+		Hi {{ profile.display_name or user.email }}, Enter your new email below and confirm it
 	</p>
 	<form action="{{ url_for('account.update') }}" method="post">
 		{{ form.csrf_token }}
diff --git a/templates/dashboard.html b/templates/dashboard.html
index a3178ce..679ffd9 100644
--- a/templates/dashboard.html
+++ b/templates/dashboard.html
@@ -6,7 +6,7 @@
 {% block content %}
   <div class="card w-4/12 bg-base-100 shadow-xl">
     <div class="card-body">
-      <h2 class="card-title">Welcome {{ profile.display_name or session.user.email }}</h2>
+      <h2 class="card-title">Welcome {{ profile.display_name or user.email }}</h2>
       {% if profile.display_name %}
         <p>
           Name: {{ profile.first_name }}
diff --git a/templates/layout.html b/templates/layout.html
index 6be70d1..18b5d83 100644
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -20,7 +20,7 @@ <h1 class="font-semibold">
           {% for id, caption in navigation_bar %}
             <a class="btn btn-ghost no-animation {{ 'btn-active' if active_page == id else ''}}" href="{{ url_for(id) }}">{{ caption }}</a>
           {% endfor %}
-          <form action="{{ url_for('auth.signout') }}" method="post" use:enhance>
+          <form action="{{ url_for('auth.signout') }}" method="post">
             <button class="btn btn-outline btn-error no-animation">Sign out</button>
           </form>
         </div>
diff --git a/templates/notes/edit.html b/templates/notes/edit.html
index 70e0cdd..d5264a6 100644
--- a/templates/notes/edit.html
+++ b/templates/notes/edit.html
@@ -11,7 +11,7 @@
         <div class="flex-auto">
             <h2 class="font-semibold text-4xl mb-4">Edit Note</h2>
             <p class="font-medium mb-10">
-                Hi {{ profile.display_name or session.user.email }}, you can add, edit and delete notes from here
+                Hi {{ profile.display_name or user.email }}, you can add, edit and delete notes from here
             </p>
         </div>
     </div>
diff --git a/templates/notes/index.html b/templates/notes/index.html
index acad894..ad5629a 100644
--- a/templates/notes/index.html
+++ b/templates/notes/index.html
@@ -11,7 +11,7 @@
         <div class="flex-auto">
             <h2 class="font-semibold text-4xl mb-4">Notes</h2>
             <p class="font-medium mb-10">
-                Hi {{ profile.display_name or session.user.email }}, you can add, edit and delete notes from here
+                Hi {{ profile.display_name or user.email }}, you can add, edit and delete notes from here
             </p>
         </div>
         <div class="flex-none">
diff --git a/templates/notes/new.html b/templates/notes/new.html
index 77fa68a..3671dd4 100644
--- a/templates/notes/new.html
+++ b/templates/notes/new.html
@@ -11,7 +11,7 @@
         <div class="flex-auto">
             <h2 class="font-semibold text-4xl mb-4">New Note</h2>
             <p class="font-medium mb-10">
-                Hi {{ profile.display_name or session.user.email }}, you can add, edit and delete notes from here
+                Hi {{ profile.display_name or user.email }}, you can add, edit and delete notes from here
             </p>
         </div>
     </div>