env python 1.0

server/backend/JWT.py

@@ -1,14 +1,17 @@
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta                    #jwt
 from jose import JWTError, jwt
 from fastapi import HTTPException, Depends, status
 from fastapi.security import OAuth2PasswordBearer
 
-SECRET_KEY = "super-secret-string"
-ALGORITHM = "HS256"
-ACCESS_TOKEN_EXPIRE_MINUTES = 30
+from dotenv import load_dotenv                              #Работа с env для jwt
+import os
+load_dotenv()
+SECRET_KEY = os.getenv('SECRET_KEY')
+ALGORITHM = os.getenv('ALGORITHM')
+ACCESS_TOKEN_EXPIRE_MINUTES = int(os.getenv('ACCESS_TOKEN_EXPIRE_MINUTES'))
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
 
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")      #Создание jwt
 async def create_access_token(data: dict, expires_delta: timedelta | None = None):
     to_encode = data.copy()
     expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15))
@@ -16,7 +19,7 @@ async def create_access_token(data: dict, expires_delta: timedelta | None = None
     encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
     return encoded_jwt
 
-async def current_user(token: str = Depends(oauth2_scheme)):
+async def current_user(token: str = Depends(oauth2_scheme)): #Проверка jwt
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
         email: str = payload.get("sub")

server/backend/endpoints.py

@@ -4,17 +4,23 @@ from . import pydentic, JWT
 from datetime import datetime, timedelta
 from pydantic import EmailStr
 from server.database import db
-
 import asyncio
 
 api = FastAPI()
 
+from dotenv import load_dotenv                              #Работа с env для CORS
+import os
+load_dotenv()
+origins = os.getenv("ALLOW_ORIGINS").split(",")
+credentials = os.getenv("ALLOW_CREDENTIALS").lower() == "true"
+methods = os.getenv("ALLOW_METHODS").split(",")
+headers = os.getenv("ALLOW_HEADERS").split(",")
 api.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],  # "*" — разрешить всем; можно указать список конкретных доменов
-    allow_credentials=True,
-    allow_methods=["*"],  # GET, POST, PUT, DELETE и т.д.
-    allow_headers=["*"],  # Разрешить любые заголовки
+    allow_origins=origins,
+    allow_credentials=credentials,
+    allow_methods=methods,
+    allow_headers=headers,
 )
 
 @api.get("/protected")
@@ -22,7 +28,7 @@ async def protected(current_user: str = Depends(JWT.current_user)):
     return {"msg": f"Hello, {current_user}"}
 
 @api.get("/", response_model=pydentic.IdofPersons)
-async def get_all_rows():
+async def get_all_rows(current_user: str = Depends(JWT.current_user)):
     for row in await db.get_all_rows():
         if row:
             return row
@@ -42,14 +48,14 @@ async def create_user(row:pydentic.CreateUser):
     await db.CreateUser(new_row)
     return new_row
 @api.delete("/user_delete/{id}", response_model=pydentic.IdofPersons)
-async def delete_user(id: int):
+async def delete_user(id: int,current_user: str = Depends(JWT.current_user)):
     user = await db.GetUser(id)
     if not user:
         raise HTTPException(status_code=404, detail="The user isn't found")
     await db.DeleteUser(id)
     return user
 @api.put("/user_update/{id}", response_model=pydentic.IdofPersons)
-async def update_user(id: int, updated_row: pydentic.UserUpdate):
+async def update_user(id: int, updated_row: pydentic.UserUpdate, current_user: str = Depends(JWT.current_user)):
     user = await db.GetUser(id)
     if not user:
         raise HTTPException(status_code=404, detail="The user isn't found")

server/front/login/js.js

@@ -1,3 +1,7 @@
+const token = localStorage.getItem("token");
+if (token) {
+    window.location.href = "./../main/index.html";
+}
 document.getElementById('loginForm').addEventListener('submit', async function (e) {
     e.preventDefault();
     const email = document.getElementById('email').value;