lhye200

app/routes/auth_routes.py

@@ -32,9 +32,28 @@ def login():
         remember = bool(request.form.get('remember'))
         merge_data = bool(request.form.get('merge_data'))
         
+
+
         if user and check_password_hash(user.password_hash, password):
             login_user(user, remember=remember)
             
+            from app.models import UserSession
+            session_token = str(uuid.uuid4())
+            # 尝试获取反向代理传递的真实 IP
+            client_ip = request.headers.get('X-Real-IP')
+            if not client_ip:
+                client_ip = request.remote_addr
+                
+            user_session = UserSession(
+                user_id=user.id,
+                session_token=session_token,
+                ip_address=client_ip,
+                user_agent=request.user_agent.string
+            )
+            db.session.add(user_session)
+            db.session.commit()
+            session['user_session_token'] = session_token
+            
             if merge_data:
                 guest_id = request.cookies.get('guest_id')
                 if guest_id:
@@ -110,10 +129,20 @@ def login():
         flash('Invalid username or password', 'danger')
     return render_template('auth/login.html')
 
+
 @auth_bp.route('/logout')
 @login_required
 def logout():
+    session_token = session.get('user_session_token')
+    if session_token:
+        from app.models import UserSession
+        user_session = UserSession.query.filter_by(session_token=session_token).first()
+        if user_session:
+            user_session.is_active = False
+            db.session.commit()
     logout_user()
+    session.pop('user_session_token', None)
+
     response = make_response(redirect(url_for('main.index')))
     response.delete_cookie('guest_id') # Optionally clear guest cookie
     return response