PhotosAPI/extensions/security.py

55 lines
1.8 KiB
Python
Raw Normal View History

2022-12-20 12:36:54 +02:00
from datetime import timedelta
from modules.database import col_users
from modules.app import app
2022-12-20 14:28:50 +02:00
from fastapi import Depends, HTTPException, Response
2022-12-20 12:36:54 +02:00
from starlette.status import HTTP_204_NO_CONTENT
from fastapi.security import (
OAuth2PasswordRequestForm,
)
from modules.security import (
ACCESS_TOKEN_EXPIRE_DAYS,
Token,
User,
authenticate_user,
create_access_token,
get_current_active_user,
get_password_hash
)
@app.post("/token", response_model=Token)
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(status_code=400, detail="Incorrect user or password")
access_token_expires = timedelta(days=ACCESS_TOKEN_EXPIRE_DAYS)
access_token = create_access_token(
data={"sub": user.user, "scopes": form_data.scopes},
expires_delta=access_token_expires,
)
return {"access_token": access_token, "token_type": "bearer"}
@app.get("/users/me/", response_model=User)
async def read_users_me(current_user: User = Depends(get_current_active_user)):
return current_user
@app.post("/users", response_class=Response)
async def create_users(user: str, email: str, password: str):
col_users.insert_one( {"user": user, "email": email, "hash": get_password_hash(password), "disabled": True} )
return Response(status_code=HTTP_204_NO_CONTENT)
2022-12-20 14:28:50 +02:00
# @app.get("/users/me/items/")
# async def read_own_items(
# current_user: User = Security(get_current_active_user, scopes=["items"])
# ):
# return [{"item_id": "Foo", "owner": current_user.user}]
2022-12-20 12:36:54 +02:00
2022-12-20 14:28:50 +02:00
# @app.get("/status/")
# async def read_system_status(current_user: User = Depends(get_current_user)):
# return {"status": "ok"}