OAuth2 implemented

modules/security.py

@@ -1,10 +1,8 @@
 from datetime import datetime, timedelta
 from typing import List, Union
 from modules.database import col_users
-from modules.app import app
 
 from fastapi import Depends, HTTPException, Security, status
-from starlette.status import HTTP_204_NO_CONTENT
 from fastapi.security import (
     OAuth2PasswordBearer,
     SecurityScopes,
@@ -20,22 +18,6 @@ ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_DAYS = 180
 
 
-fake_users_db = {
-    "johndoe": {
-        "user": "johndoe",
-        "email": "johndoe@example.com",
-        "hash": "$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW",
-        "disabled": False,
-    },
-    "alice": {
-        "user": "alice",
-        "email": "alicechains@example.com",
-        "hash": "$2b$12$gSvqqUPvlXP2tfVFaWK1Be7DlH.PKZbv5H8KnzzVgXXbVxpva.pFm",
-        "disabled": True,
-    },
-}
-
-
 class Token(BaseModel):
     access_token: str
     token_type: str
@@ -62,9 +44,13 @@ oauth2_scheme = OAuth2PasswordBearer(
     tokenUrl="token",
     scopes={
         "me": "Get current user's data.",
-        "list": "List albums and images.",
-        "read": "View albums and images.",
-        "write": "Manage albums and images."},
+        "albums.list": "List albums.",
+        "albums.read": "Read albums data.",
+        "albums.write": "Modify albums.",
+        "photos.list": "List photos.",
+        "photos.read": "View photos.",
+        "photos.write": "Modify photos."
+    },
 )
 
 
@@ -90,7 +76,7 @@ def authenticate_user(user_name: str, password: str):
     return user
 
 
-def create_access_token(data: dict, expires_delta: Union[timedelta, None] = None):
+def create_access_token( data: dict, expires_delta: Union[timedelta, None] = None ):
     to_encode = data.copy()
     if expires_delta:
         expire = datetime.utcnow() + expires_delta
@@ -101,18 +87,19 @@ def create_access_token(data: dict, expires_delta: Union[timedelta, None] = None
     return encoded_jwt
 
 
-async def get_current_user(
-    security_scopes: SecurityScopes, token: str = Depends(oauth2_scheme)
-):
+async def get_current_user( security_scopes: SecurityScopes, token: str = Depends(oauth2_scheme) ):
+
     if security_scopes.scopes:
         authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
     else:
         authenticate_value = "Bearer"
+
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
         detail="Could not validate credentials",
         headers={"WWW-Authenticate": authenticate_value},
     )
+
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
         user: str = payload.get("sub")
@@ -122,9 +109,12 @@ async def get_current_user(
         token_data = TokenData(scopes=token_scopes, user=user)
     except (JWTError, ValidationError):
         raise credentials_exception
+        
     user = get_user(user=token_data.user)
+
     if user is None:
         raise credentials_exception
+
     for scope in security_scopes.scopes:
         if scope not in token_data.scopes:
             raise HTTPException(
@@ -135,9 +125,7 @@ async def get_current_user(
     return user
 
 
-async def get_current_active_user(
-    current_user: User = Security(get_current_user, scopes=["me"])
-):
+async def get_current_active_user( current_user: User = Security(get_current_user, scopes=["me"]) ):
     if current_user.disabled:
         raise HTTPException(status_code=400, detail="Inactive user")
     return current_user