feat: add authentication for administration #2

Merged
agatha merged 9 commits from feature-auth into dev 2024-04-06 19:56:48 +00:00
Showing only changes of commit 03a95c3872 - Show all commits

View File

@ -1,4 +1,4 @@
from datetime import timedelta, datetime from datetime import timedelta, datetime, timezone
from typing import Annotated from typing import Annotated
from fastapi import APIRouter, Depends, HTTPException from fastapi import APIRouter, Depends, HTTPException
from pydantic import BaseModel from pydantic import BaseModel
@ -31,7 +31,22 @@ def get_db():
db.close() db.close()
async def get_current_user(token: Annotated[str, Depends(oauth2_bearer)]):
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
username: str = payload.get('sub')
user_id: int = payload.get('id')
role: str = payload.get('role')
if username is None or user_id is None:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="1Could not validate credentials")
return {'username': username, 'user_id': user_id, 'role': role}
except JWTError as e:
print(str(e))
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="2Could not validate credentials")
db_dependency = Annotated[Session, Depends(get_db)] db_dependency = Annotated[Session, Depends(get_db)]
user_dependency = Annotated[dict, Depends(get_current_user)]
def authenticate_user(username: str, password: str, db): def authenticate_user(username: str, password: str, db):
@ -43,9 +58,9 @@ def authenticate_user(username: str, password: str, db):
return user return user
def create_access_token(username: str, user_id: int, expires_delta: timedelta): def create_access_token(username: str, user_id: int, role: str, expires_delta: timedelta):
encode = {'sub': username, 'id': user_id} encode = {'sub': username, 'id': user_id, 'role': role}
expire = datetime.now() + expires_delta expire = datetime.now(timezone.utc) + expires_delta
encode.update({'exp': expire}) encode.update({'exp': expire})
return jwt.encode(encode, SECRET_KEY, ALGORITHM) return jwt.encode(encode, SECRET_KEY, ALGORITHM)
@ -62,21 +77,14 @@ class Token(BaseModel):
token_type: str token_type: str
async def get_current_user(token: Annotated[str, Depends(oauth2_bearer)]):
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
username: str = payload.get('sub')
user_id: int = payload.get('id')
if username is None or user_id is None:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials")
return {'username': username, 'user_id': user_id}
except JWTError:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials")
@router.post('/user/create', status_code=status.HTTP_201_CREATED) @router.post('/user/create', status_code=status.HTTP_201_CREATED)
async def create_user(db: db_dependency, data: CreateUser): async def create_user(user: user_dependency, db: db_dependency, data: CreateUser):
if user is None:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Authentication failed')
if user['role'] != 'admin':
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Not authorized')
create_user_model = User( create_user_model = User(
username=data.username, username=data.username,
email=data.email, email=data.email,
@ -97,5 +105,5 @@ async def get_token(
if not user: if not user:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials") raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials")
token = create_access_token(user.username, user.id, timedelta(minutes=20)) token = create_access_token(user.username, user.id, user.role, timedelta(minutes=20))
return {'access_token': token, 'token_type': 'bearer'} return {'access_token': token, 'token_type': 'bearer'}