diff --git a/config_example.json b/config_example.json index cf3d516..f59c4dc 100644 --- a/config_example.json +++ b/config_example.json @@ -11,6 +11,30 @@ "key_invalid": "Invalid API key", "key_valid": "Valid API key", "bad_request": "Bad request. Read the docs at photos.end-play.xyz/docs", - "ip_blacklisted": "Your IP is blacklisted. Make sure you are using correct API address." + "ip_blacklisted": "Your IP is blacklisted. Make sure you are using correct API address.", + "credentials_invalid": "Incorrect user or password", + "user_already_exists": "User with this username already exists.", + "email_confirmed": "Email confirmed. You can now log in.", + "email_code_invalid": "Confirmation code is invalid." + }, + "external_address": "localhost", + "registration_enabled": true, + "registration_requires_confirmation": true, + "mailer": { + "smtp": { + "host": "", + "port": 0, + "sender": "", + "login": "", + "password": "", + "use_ssl": true, + "use_tls": false + }, + "messages": { + "registration_confirmation": { + "subject": "Email confirmation", + "message": "To confirm your email please follow this link: {0}" + } + } } } \ No newline at end of file diff --git a/extensions/security.py b/extensions/security.py index 3ca9e0a..295b678 100644 --- a/extensions/security.py +++ b/extensions/security.py @@ -1,9 +1,16 @@ -from datetime import timedelta -from modules.database import col_users +from datetime import datetime, timedelta +from modules.database import col_users, col_albums, col_photos, col_emails, col_videos, col_emails, col_tokens from modules.app import app +from modules.utils import configGet, logWrite +from modules.scheduler import scheduler +from modules.mailer import mail_sender -from fastapi import Depends, HTTPException, Response -from starlette.status import HTTP_204_NO_CONTENT +from uuid import uuid1 +from email.mime.text import MIMEText +from email.mime.multipart import MIMEMultipart +from fastapi import Depends, HTTPException +from fastapi.responses import Response, UJSONResponse +from starlette.status import HTTP_204_NO_CONTENT, HTTP_400_BAD_REQUEST, HTTP_406_NOT_ACCEPTABLE from fastapi.security import ( OAuth2PasswordRequestForm, ) @@ -15,15 +22,30 @@ from modules.security import ( authenticate_user, create_access_token, get_current_active_user, - get_password_hash + get_password_hash, + get_user, + verify_password ) +async def send_confirmation(user: str, email: str): + confirmation_code = str(uuid1()) + try: + mail_sender.sendmail( + from_addr=configGet("sender", "mailer", "smtp"), + to_addrs=email, + msg=f'From: {configGet("sender", "mailer", "smtp")}\nSubject: Email confirmation\n\n'+configGet("message", "mailer", "messages", "registration_confirmation").format(configGet("external_address")+f"/users/{user}/confirm?code={confirmation_code}") + ) + col_emails.insert_one( {"user": user, "email": email, "used": False, "code": confirmation_code} ) + except Exception as exp: + logWrite(f"Could not send confirmation email to '{email}' due to: {exp}") + + @app.post("/token", response_model=Token) async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()): user = authenticate_user(form_data.username, form_data.password) if not user: - raise HTTPException(status_code=400, detail="Incorrect user or password") + raise HTTPException(status_code=400, detail=configGet("credentials_invalid", "messages")) access_token_expires = timedelta(days=ACCESS_TOKEN_EXPIRE_DAYS) access_token = create_access_token( data={"sub": user.user, "scopes": form_data.scopes}, @@ -37,19 +59,37 @@ async def read_users_me(current_user: User = Depends(get_current_active_user)): return current_user -@app.post("/users", response_class=Response) -async def create_users(user: str, email: str, password: str): - col_users.insert_one( {"user": user, "email": email, "hash": get_password_hash(password), "disabled": True} ) - return Response(status_code=HTTP_204_NO_CONTENT) +if configGet("registration_requires_confirmation") is True: + @app.get("/users/{user}/confirm") + @app.patch("/users/{user}/confirm") + async def confirm_users(user: str, code: str): + confirm_record = col_emails.find_one( {"user": user, "code": code, "used": False} ) + if confirm_record is None: + return HTTPException(HTTP_400_BAD_REQUEST, detail=configGet("email_code_invalid", "messages")) + col_emails.find_one_and_update( {"_id": confirm_record["_id"]}, {"$set": {"used": True}} ) + col_users.find_one_and_update( {"user": confirm_record["user"]}, {"$set": {"disabled": False}} ) + return UJSONResponse( {"detail": configGet("email_confirmed", "messages")} ) + +if configGet("registration_enabled") is True: + @app.post("/users") + async def create_users(user: str, email: str, password: str): + if col_users.find_one( {"user": user} ) is not None: + return HTTPException(HTTP_406_NOT_ACCEPTABLE, detail=configGet("user_already_exists", "messages")) + col_users.insert_one( {"user": user, "email": email, "hash": get_password_hash(password), "disabled": configGet("registration_requires_confirmation")} ) + if configGet("registration_requires_confirmation") is True: + scheduler.add_job( send_confirmation, trigger="date", run_date=datetime.now()+timedelta(seconds=1), kwargs={"user": user, "email": email} ) + return Response(status_code=HTTP_204_NO_CONTENT) -# @app.get("/users/me/items/") -# async def read_own_items( -# current_user: User = Security(get_current_active_user, scopes=["items"]) -# ): -# return [{"item_id": "Foo", "owner": current_user.user}] - - -# @app.get("/status/") -# async def read_system_status(current_user: User = Depends(get_current_user)): -# return {"status": "ok"} \ No newline at end of file +@app.delete("/users/me/") +async def delete_users(password: str, current_user: User = Depends(get_current_active_user)): + user = get_user(current_user.user) + if not user: + return False + if not verify_password(password, user.hash): + return HTTPException(HTTP_400_BAD_REQUEST, detail=configGet("credentials_invalid", "messages")) + col_users.delete_many( {"user": current_user.user} ) + col_emails.delete_many( {"user": current_user.user} ) + col_photos.delete_many( {"user": current_user.user} ) + col_videos.delete_many( {"user": current_user.user} ) + col_albums.delete_many( {"user": current_user.user} ) \ No newline at end of file diff --git a/modules/database.py b/modules/database.py index b36d6f7..aefc193 100644 --- a/modules/database.py +++ b/modules/database.py @@ -24,7 +24,7 @@ db = db_client.get_database(name=db_config["name"]) collections = db.list_collection_names() -for collection in ["users", "albums", "photos", "videos", "tokens"]: +for collection in ["users", "albums", "photos", "videos", "tokens", "emails"]: if not collection in collections: db.create_collection(collection) @@ -33,5 +33,6 @@ col_albums = db.get_collection("albums") col_photos = db.get_collection("photos") col_videos = db.get_collection("videos") col_tokens = db.get_collection("tokens") +col_emails = db.get_collection("emails") col_photos.create_index([("location", GEOSPHERE)]) \ No newline at end of file diff --git a/modules/mailer.py b/modules/mailer.py new file mode 100644 index 0000000..a0d9428 --- /dev/null +++ b/modules/mailer.py @@ -0,0 +1,39 @@ +from smtplib import SMTP, SMTP_SSL +from traceback import print_exc +from ssl import create_default_context +from modules.utils import configGet, logWrite + +try: + if configGet("use_ssl", "mailer", "smtp") is True: + mail_sender = SMTP_SSL( + configGet("host", "mailer", "smtp"), + configGet("port", "mailer", "smtp"), + ) + logWrite(f"Initialized SMTP SSL connection") + elif configGet("use_tls", "mailer", "smtp") is True: + mail_sender = SMTP( + configGet("host", "mailer", "smtp"), + configGet("port", "mailer", "smtp"), + ) + mail_sender.starttls(context=create_default_context()) + mail_sender.ehlo() + logWrite(f"Initialized SMTP TLS connection") + else: + mail_sender = SMTP( + configGet("host", "mailer", "smtp"), + configGet("port", "mailer", "smtp") + ) + mail_sender.ehlo() + logWrite(f"Initialized SMTP connection") +except Exception as exp: + logWrite(f"Could not initialize SMTP connection to: {exp}") + print_exc() + +try: + mail_sender.login( + configGet("login", "mailer", "smtp"), + configGet("password", "mailer", "smtp") + ) + logWrite(f"Successfully initialized mailer") +except Exception as exp: + logWrite(f"Could not login into provided SMTP account due to: {exp}") \ No newline at end of file