first commit

server/backend/endpoints/endpoints.py

@@ -0,0 +1,41 @@
+from fastapi import FastAPI, Depends, HTTPException,status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+import server.backend.schema.pydantic as pydantic
+import server.backend.database.db as db
+from server.backend.auth.JWT import signJWT, decodeJWT
+api = FastAPI()
+security = HTTPBearer()
+
+async def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
+    token = credentials.credentials
+    user = decodeJWT(token)
+    if not user:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
+    return user
+async def check_roles(user=Depends(get_current_user)):
+    if user.get("admin") != True:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Access denied")
+    return user
+
+@api.post("/update", response_model=pydantic.UserUpdate)
+async def update_user(data: pydantic.UserUpdate,user=Depends(get_current_user)):
+    data = await db.update_user(data)
+    return data
+
+@api.post("/create", response_model=pydantic.UserAccess)
+async def create_user(user_info: pydantic.UserCreate,user=Depends(check_roles)):
+    await db.create_user(user_info)
+    return user_info
+
+@api.get("/list")
+async def list_users(user=Depends(check_roles)):
+    list_of_users = await db.list_users()
+    return list_of_users
+
+@api.post("/auth",response_model=pydantic.Token)
+async def auth(code:pydantic.UserAccess):
+    login = await db.login_user(code)
+    if login == None:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Forbidden")
+    token = signJWT(login)
+    return {"access_token": token, "token_type": "bearer"}