JWT refresh tokens remove
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
from fastapi import FastAPI, HTTPException, status, Depends
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
from fastapi.responses import JSONResponse
|
||||
from fastapi.security import OAuth2PasswordRequestForm
|
||||
from . import pydentic, JWT
|
||||
from datetime import datetime, timedelta
|
||||
from pydantic import EmailStr
|
||||
@@ -28,40 +29,35 @@ api.add_middleware(
|
||||
async def protected(current_user: str = Depends(JWT.current_user)):
|
||||
return {"msg": f"Hello, {current_user}"}
|
||||
|
||||
@api.get("/", response_model=pydentic.IdofPersons)
|
||||
@api.get("/", response_model=pydentic.CreateUser)
|
||||
async def get_all_rows(current_user: str = Depends(JWT.current_user)):
|
||||
for row in await db.get_all_rows():
|
||||
if row:
|
||||
return row
|
||||
else:
|
||||
raise HTTPException(status_code=404, detail="The user isn't found")
|
||||
@api.get("/get_user_by_id/{id}", response_model=pydentic.IdofPersons)
|
||||
async def get_user(id: int, current_user: str = Depends(JWT.current_user)):
|
||||
user = await db.GetUser(id)
|
||||
@api.get("/get_user_by_email/{email}", response_model=pydentic.CreateUser)
|
||||
async def GetUserbyEmail(email:str, current_user: str = Depends(JWT.current_user)):
|
||||
user = await db.GetUserbyEmail(email)
|
||||
if user:
|
||||
return user
|
||||
else:
|
||||
raise HTTPException(status_code=404, detail="The user isn't found")
|
||||
@api.post("/user_create", response_model=pydentic.IdofPersons)
|
||||
@api.post("/user_create", response_model=pydentic.CreateUser)
|
||||
async def create_user(row:pydentic.CreateUser):
|
||||
rows = await db.get_all_rows()
|
||||
if rows:
|
||||
new_user_id = max(item.id for item in rows) + 1
|
||||
else:
|
||||
new_user_id = 1
|
||||
new_row = pydentic.IdofPersons(id = new_user_id, email=row.email, description=row.description, activated = row.activated, password = row.password)
|
||||
new_row = pydentic.CreateUser(email=row.email, description=row.description, activated = row.activated, password = row.password)
|
||||
await db.CreateUser(new_row)
|
||||
return new_row
|
||||
@api.delete("/user_delete/{id}", response_model=pydentic.IdofPersons)
|
||||
async def delete_user(id: int,current_user: str = Depends(JWT.current_user)):
|
||||
user = await db.GetUser(id)
|
||||
@api.delete("/user_delete/{email}", response_model=pydentic.CreateUser)
|
||||
async def delete_user(email:str,current_user: str = Depends(JWT.current_user)):
|
||||
user = await db.GetUserbyEmail(email)
|
||||
if not user:
|
||||
raise HTTPException(status_code=404, detail="The user isn't found")
|
||||
await db.DeleteUser(id)
|
||||
await db.DeleteUser(email)
|
||||
return user
|
||||
@api.put("/user_update/{id}", response_model=pydentic.IdofPersons)
|
||||
async def update_user(id: int, updated_row: pydentic.UserUpdate, current_user: str = Depends(JWT.current_user)):
|
||||
user = await db.GetUser(id)
|
||||
@api.put("/user_update/{email}", response_model=pydentic.CreateUser)
|
||||
async def update_user(email:str, updated_row: pydentic.UserUpdate, current_user: str = Depends(JWT.current_user)):
|
||||
user = await db.GetUserbyEmail(email)
|
||||
if not user:
|
||||
raise HTTPException(status_code=404, detail="The user isn't found")
|
||||
changed = False
|
||||
@@ -83,33 +79,14 @@ async def update_user(id: int, updated_row: pydentic.UserUpdate, current_user: s
|
||||
pass
|
||||
return user
|
||||
@api.post("/login")
|
||||
async def login_user(row: pydentic.UserLogin):
|
||||
user = await db.LoginUser(row)
|
||||
async def login_user(form_data: OAuth2PasswordRequestForm = Depends()):
|
||||
creds = pydentic.UserLogin(email=form_data.username, password=form_data.password)
|
||||
user = await db.LoginUser(creds)
|
||||
if not user:
|
||||
raise HTTPException(status_code=401, detail="The user isn't found")
|
||||
|
||||
access_token = await JWT.AccessToken.create(
|
||||
{"sub": user.email},
|
||||
timedelta(minutes=JWT.ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
)
|
||||
refresh_token = await JWT.RefreshToken.create(
|
||||
{"sub": user.email},
|
||||
timedelta(minutes=JWT.REFRESH_TOKEN_EXPIRE_MINUTES)
|
||||
)
|
||||
response = JSONResponse(content={
|
||||
"access_token": access_token,
|
||||
"token_type": "bearer"
|
||||
})
|
||||
response.set_cookie(
|
||||
key="refresh_token",
|
||||
value=refresh_token,
|
||||
httponly=True,
|
||||
secure=False, # только https
|
||||
samesite="strict" # чтобы не утекал на другие сайты
|
||||
)
|
||||
return response
|
||||
@api.post("/logout")
|
||||
async def logout_user(row: pydentic.UserLogout):
|
||||
user = await db.GetUserbyEmail(row)
|
||||
if not user:
|
||||
raise HTTPException(status_code=401, detail="The user isn't found")
|
||||
await db.refresh_token(encoded_jwt = Null,email=user.email)
|
||||
return {"access_token": access_token, "token_type": "bearer"}
|
||||
Reference in New Issue
Block a user