MH.Dmitrii/sqlalchemy-fastapi-pydentic-pytest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JWT tokens 1.0

Browse Source
This commit is contained in:
Dmitrii Seliakov
2025-09-19 18:17:31 +03:00
parent 484fa0de23
commit 6b7a57dc6d
12 changed files with 139 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -21,3 +21,4 @@ hint.py
#env
*.env
db.py

1
requirements
View File

@@ -5,3 +5,4 @@ aiosqlite == 0.21.0
greenlet == 3.2.4
passlib == 1.7.4
bcrypt == 4.3.0
python-jose[cryptography] == 3.5.0

27
server/backend/JWT.py Normal file
View File

@@ -0,0 +1,27 @@
from datetime import datetime, timedelta
from jose import JWTError, jwt
from fastapi import HTTPException, Depends, status
from fastapi.security import OAuth2PasswordBearer
SECRET_KEY = "super-secret-string"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
async def create_access_token(data: dict, expires_delta: timedelta | None = None):
to_encode = data.copy()
expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15))
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
async def current_user(token: str = Depends(oauth2_scheme)):
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
email: str = payload.get("sub")
if email is None:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
return email
except JWTError:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")

26
server/backend/endpoints.py
View File

@@ -1,7 +1,10 @@
from fastapi import FastAPI, HTTPException
from fastapi import FastAPI, HTTPException, status, Depends
from fastapi.middleware.cors import CORSMiddleware
from . import pydentic
from . import pydentic, JWT
from datetime import datetime, timedelta
from pydantic import EmailStr
from server.database import db
import asyncio
api = FastAPI()
@@ -14,6 +17,10 @@ api.add_middleware(
allow_headers=["*"], # Разрешить любые заголовки
)
@api.get("/protected")
async def protected(current_user: str = Depends(JWT.current_user)):
return {"msg": f"Hello, {current_user}"}
@api.get("/", response_model=pydentic.IdofPersons)
async def get_all_rows():
for row in await db.get_all_rows():
@@ -21,8 +28,8 @@ async def get_all_rows():
return row
else:
raise HTTPException(status_code=404, detail="The user isn't found")
@api.get("/get_user/{id}", response_model=pydentic.IdofPersons)
async def get_user(id:int):
@api.get("/get_user_by_id/{id}", response_model=pydentic.IdofPersons)
async def get_user(id: int, current_user: str = Depends(JWT.current_user)):
user = await db.GetUser(id)
if user:
return user
@@ -64,3 +71,14 @@ async def update_user(id: int, updated_row: pydentic.UserUpdate):
else:
pass
return user
@api.post("/login")
async def login_user(row: pydentic.UserLogin):
user = await db.LoginUser(row)
if not user:
raise HTTPException(status_code=401, detail="The user isn't found")
token = await JWT.create_access_token(
{"sub": user.email},
timedelta(minutes=JWT.ACCESS_TOKEN_EXPIRE_MINUTES)
)
return {"access_token": token, "token_type": "bearer"}

3
server/backend/pydentic.py
View File

@@ -35,3 +35,6 @@ class UserUpdate(BaseModel):
@validator('password')
def password_validator(cls, password):
return check_password_complexity(cls, password)
class UserLogin(BaseModel):
email:EmailStr = Field(..., min_length=6, max_length=254, description="user's email")
password:str = Field(..., description="Password")

BIN
server/database/DB/example.db
View File

Binary file not shown.

7
server/database/db.py
View File

@@ -71,6 +71,13 @@ async def DeleteUser(id):
if user:
await session.delete(user)
await session.commit()
async def LoginUser(user_info):
async with AsyncSessionLocal() as session:
result = await session.execute(select(User).where(User.email == user_info.email))
user = result.scalar_one_or_none()
if user and verify_password(user_info.password, user.password):
return user
return None
async def main():
await init_db()
await CreateUser()

5
server/front/login/index.html
View File

@@ -10,8 +10,8 @@
<div class="glass-container">
<div class="login-box">
<h2>Login</h2>
<form action="#" method="POST">
<input type="text" id="username" name="username" required placeholder="Username">
<form id="loginForm">
<input type="text" id="email" name="email" required placeholder="Email">
<input type="password" id="password" name="password" required placeholder="Password">
<div class="options">
<input type="checkbox" id="remember" name="remember">
@@ -23,5 +23,6 @@
</form>
</div>
</div>
<script src="js.js"></script>
</body>
</html>

65
server/front/login/js.js Normal file
View File

@@ -0,0 +1,65 @@
document.getElementById('loginForm').addEventListener('submit', async function (e) {
e.preventDefault();
const email = document.getElementById('email').value;
const password = document.getElementById('password').value;
const userData = {
email,
password
};
try {
const response = await fetch('http://localhost:8000/login', {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify(userData)
});
const data = await response.json(); // читаем только один раз
if (response.ok) {
localStorage.setItem("token", data.access_token); // сохраняем только при успехе
window.location.href = './../main/index.html';
} else {
if (Array.isArray(data.detail)) {
const messages = data.detail.map(e => {
const field = e.loc.filter(locPart => locPart !== 'body').join(' -> ');
return `${field}: ${e.msg}`;
});
showError(messages);
} else if (typeof data.detail === 'string') {
showError([data.detail]);
} else {
showError(['Unknown error']);
}
}
} catch (err) {
showError(['Connection error: ' + err.message]);
}
});
function showError(messages){
let errorElem = document.getElementById('formError');
let container = document.getElementById('glass-container');
if (!errorElem){
errorElem = document.createElement('div');
errorElem.style.transition="3s";
errorElem.id = 'formError';
errorElem.style.color = 'red';
errorElem.style.marginTop = '20px';
errorElem.style.fontSize = '14px';
errorElem.style.fontWeight = '100';
errorElem.style.marginBottom = '20px';
errorElem.style.lineHeight="120%";
errorElem.style.height = 'auto';
const form = document.getElementById('loginForm');
form.insertAdjacentElement('afterend', errorElem);
};
errorElem.innerHTML = '';
messages.forEach(msg => {
const li = document.createElement('li');
li.style.listStyleType="none";
li.textContent = msg;
errorElem.appendChild(li);
});
}

1
server/front/main/index.html
View File

@@ -15,5 +15,6 @@
</form>
</div>
</div>
<script src="js.js"></script>
</body>
</html>

4
server/front/main/js.js Normal file
View File

@@ -0,0 +1,4 @@
const token = localStorage.getItem("token");
if (!token) {
window.location.href = "./../register/index.html";
}

2
server/front/register/js.js
View File

@@ -59,7 +59,7 @@ function showError(messages) {
container.style.height = "auto";
const form = document.getElementById('registerForm');
form.insertAdjacentElement('afterend', errorElem);
}
};
errorElem.innerHTML = '';
messages.forEach(msg => {
const li = document.createElement('li');