fooder-api/fooder/auth.py

from passlib.context import CryptContext
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy.ext.asyncio import async_sessionmaker
from jose import JWTError, jwt
from fastapi.security import OAuth2PasswordBearer
from fastapi import Depends, HTTPException
from fastapi_users.password import PasswordHelper
from typing import Annotated
from datetime import datetime, timedelta
from .settings import Settings
from .domain.user import User
from .domain.token import RefreshToken
from .db import get_session


pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/token")
settings = Settings()
password_helper = PasswordHelper(pwd_context)  # type: ignore

AsyncSessionDependency = Annotated[async_sessionmaker, Depends(get_session)]
TokenDependency = Annotated[str, Depends(oauth2_scheme)]


def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)


def get_password_hash(password: str) -> str:
    return pwd_context.hash(password)


async def authenticate_user(
    session: AsyncSession, username: str, password: str
) -> User | None:
    user = await User.get_by_username(session, username)

    if user is None:
        return None

    assert user is not None

    if not verify_password(password, user.hashed_password):
        return None

    return user


async def verify_refresh_token(
    session: AsyncSession, token: str
) -> RefreshToken | None:
    try:
        payload = jwt.decode(
            token, settings.REFRESH_SECRET_KEY, algorithms=[settings.ALGORITHM]
        )
        sub = payload.get("sub")

        if sub is None:
            return None

        if not isinstance(sub, str):
            return None

        username: str = str(sub)

        if username is None:
            return None

    except JWTError:
        return None

    user = await User.get_by_username(session, username)

    if user is None:
        return None

    assert user is not None

    current_token = await RefreshToken.get_token(session, user.id, token)

    if current_token is not None:
        return current_token

    return None


def create_access_token(user: User) -> str:
    expire = datetime.utcnow() + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
    to_encode = {
        "sub": user.username,
        "exp": expire,
    }
    encoded_jwt = jwt.encode(
        to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM
    )
    return encoded_jwt


async def create_refresh_token(session: AsyncSession, user: User) -> RefreshToken:
    expire = datetime.utcnow() + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS)
    to_encode = {
        "sub": user.username,
        "exp": expire,
    }
    encoded_jwt = jwt.encode(
        to_encode, settings.REFRESH_SECRET_KEY, algorithm=settings.ALGORITHM
    )
    return await RefreshToken.create(session, token=encoded_jwt, user_id=user.id)


async def get_current_user(
    session: AsyncSessionDependency, token: TokenDependency
) -> User:
    async with session() as session:
        try:
            payload = jwt.decode(
                token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]
            )
            sub = payload.get("sub")

            if sub is None:
                raise HTTPException(status_code=401, detail="Unathorized")

            if not isinstance(sub, str):
                raise HTTPException(status_code=401, detail="Unathorized")

            username: str = str(sub)

            if username is None:
                raise HTTPException(status_code=401, detail="Unathorized")

        except JWTError:
            raise HTTPException(status_code=401, detail="Unathorized")

        user = await User.get_by_username(session, username)

        if user is None:
            raise HTTPException(status_code=401, detail="Unathorized")

        assert user is not None
        return user


async def authorize_api_key(
    session: AsyncSessionDependency, token: TokenDependency
) -> None:
    if token == settings.API_KEY:
        return None
    raise HTTPException(status_code=401, detail="Unathorized")
initial push 2023-04-01 16:19:12 +02:00			`from passlib.context import CryptContext`
			`from sqlalchemy.ext.asyncio import AsyncSession`
			`from sqlalchemy.ext.asyncio import async_sessionmaker`
			`from jose import JWTError, jwt`
			`from fastapi.security import OAuth2PasswordBearer`
[flake8] fix all the issues and include config 2024-05-17 15:23:35 +02:00			`from fastapi import Depends, HTTPException`
initial push 2023-04-01 16:19:12 +02:00			`from fastapi_users.password import PasswordHelper`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`from typing import Annotated`
initial push 2023-04-01 16:19:12 +02:00			`from datetime import datetime, timedelta`
			`from .settings import Settings`
			`from .domain.user import User`
add refresh tokens 2023-04-02 14:38:22 +02:00			`from .domain.token import RefreshToken`
initial push 2023-04-01 16:19:12 +02:00			`from .db import get_session`


			`pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")`
remove trailing slashes 2023-04-01 20:23:04 +02:00			`oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/token")`
initial push 2023-04-01 16:19:12 +02:00			`settings = Settings()`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`password_helper = PasswordHelper(pwd_context) # type: ignore`
initial push 2023-04-01 16:19:12 +02:00
			`AsyncSessionDependency = Annotated[async_sessionmaker, Depends(get_session)]`
			`TokenDependency = Annotated[str, Depends(oauth2_scheme)]`


			`def verify_password(plain_password: str, hashed_password: str) -> bool:`
			`return pwd_context.verify(plain_password, hashed_password)`


			`def get_password_hash(password: str) -> str:`
			`return pwd_context.hash(password)`


			`async def authenticate_user(`
			`session: AsyncSession, username: str, password: str`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`) -> User \| None:`
initial push 2023-04-01 16:19:12 +02:00			`user = await User.get_by_username(session, username)`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00
			`if user is None:`
initial push 2023-04-01 16:19:12 +02:00			`return None`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00
			`assert user is not None`

initial push 2023-04-01 16:19:12 +02:00			`if not verify_password(password, user.hashed_password):`
			`return None`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00
initial push 2023-04-01 16:19:12 +02:00			`return user`


add refresh tokens 2023-04-02 14:38:22 +02:00			`async def verify_refresh_token(`
			`session: AsyncSession, token: str`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`) -> RefreshToken \| None:`
add refresh tokens 2023-04-02 14:38:22 +02:00			`try:`
			`payload = jwt.decode(`
add refresh tokens 2023-04-02 14:51:08 +02:00			`token, settings.REFRESH_SECRET_KEY, algorithms=[settings.ALGORITHM]`
add refresh tokens 2023-04-02 14:38:22 +02:00			`)`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`sub = payload.get("sub")`

			`if sub is None:`
			`return None`

			`if not isinstance(sub, str):`
			`return None`

			`username: str = str(sub)`

add refresh tokens 2023-04-02 14:38:22 +02:00			`if username is None:`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`return None`

add refresh tokens 2023-04-02 14:38:22 +02:00			`except JWTError:`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`return None`
add refresh tokens 2023-04-02 14:38:22 +02:00
			`user = await User.get_by_username(session, username)`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00
add refresh tokens 2023-04-02 15:20:53 +02:00			`if user is None:`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`return None`

			`assert user is not None`

add refresh tokens 2023-04-02 15:20:53 +02:00			`current_token = await RefreshToken.get_token(session, user.id, token)`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00
add refresh tokens 2023-04-02 15:20:53 +02:00			`if current_token is not None:`
			`return current_token`
add refresh tokens 2023-04-02 14:38:22 +02:00
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`return None`

add refresh tokens 2023-04-02 14:38:22 +02:00
			`def create_access_token(user: User) -> str:`
initial push 2023-04-01 16:19:12 +02:00			`expire = datetime.utcnow() + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)`
			`to_encode = {`
			`"sub": user.username,`
			`"exp": expire,`
			`}`
			`encoded_jwt = jwt.encode(`
			`to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM`
			`)`
			`return encoded_jwt`


add refresh tokens 2023-04-02 14:38:22 +02:00			`async def create_refresh_token(session: AsyncSession, user: User) -> RefreshToken:`
			`expire = datetime.utcnow() + timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS)`
			`to_encode = {`
			`"sub": user.username,`
			`"exp": expire,`
			`}`
			`encoded_jwt = jwt.encode(`
			`to_encode, settings.REFRESH_SECRET_KEY, algorithm=settings.ALGORITHM`
			`)`
			`return await RefreshToken.create(session, token=encoded_jwt, user_id=user.id)`


initial push 2023-04-01 16:19:12 +02:00			`async def get_current_user(`
			`session: AsyncSessionDependency, token: TokenDependency`
			`) -> User:`
			`async with session() as session:`
			`try:`
			`payload = jwt.decode(`
			`token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]`
			`)`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`sub = payload.get("sub")`

			`if sub is None:`
			`raise HTTPException(status_code=401, detail="Unathorized")`

			`if not isinstance(sub, str):`
			`raise HTTPException(status_code=401, detail="Unathorized")`

			`username: str = str(sub)`

initial push 2023-04-01 16:19:12 +02:00			`if username is None:`
			`raise HTTPException(status_code=401, detail="Unathorized")`
[mypy] fixed auth 2024-05-21 14:40:31 +02:00
initial push 2023-04-01 16:19:12 +02:00			`except JWTError:`
			`raise HTTPException(status_code=401, detail="Unathorized")`

[mypy] fixed auth 2024-05-21 14:40:31 +02:00			`user = await User.get_by_username(session, username)`

			`if user is None:`
			`raise HTTPException(status_code=401, detail="Unathorized")`

			`assert user is not None`
			`return user`
[tasks] basic implementation of the concept 2024-05-21 11:11:47 +02:00

			`async def authorize_api_key(`
			`session: AsyncSessionDependency, token: TokenDependency`
			`) -> None:`
			`if token == settings.API_KEY:`
			`return None`
			`raise HTTPException(status_code=401, detail="Unathorized")`