-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Beginning to add authentication stuff for login. Code is broken right now. * Authentication token generation seems to be functional, based on a quick online test. Going to see about decoding. * Changed expiration on token to 24 hours * Added ability to authenticate tokens. Will be useful for locking endpoints. * User login route theoretically working. Need to test now. * Login endpoint appears functional * Cleaned up users API code * Added TODO reminder for authentication * Removed unused imports to appease ruff. * Ran Ruff linter to make code look better * Ran ruff linter again
- Loading branch information
1 parent
7f9cd6d
commit 80897e6
Showing
7 changed files
with
126 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
from fastapi import APIRouter | ||
import logging as log | ||
from passlib.hash import bcrypt | ||
from ..api_types import LoginBody, LoginError, ResponseToken | ||
from ..db import Database | ||
from ..auth import generateAuthToken | ||
|
||
router = APIRouter() | ||
|
||
|
||
@router.post("/users/login", response_model=ResponseToken | LoginError) | ||
def login(body: LoginBody): | ||
with Database() as db: | ||
try: | ||
email = body.email | ||
password = body.password | ||
|
||
query = ( | ||
"""SELECT users.pword, users.admin FROM users WHERE users.email = %s;""" | ||
) | ||
entry_sql = db.execute_return(query, [email]) | ||
|
||
# Returns "incorrect email/password" message if there is no such account. | ||
if entry_sql is None or len(entry_sql) == 0: | ||
return LoginError.INCORRECT | ||
|
||
# Grabs the stored hash and admin. | ||
password_hash, admin = entry_sql[0] | ||
|
||
# Returns "incorrect email/password" message if password is incorrect. | ||
if not bcrypt.verify(password, password_hash): | ||
return LoginError.INCORRECT | ||
|
||
# Generates the token and returns | ||
token = generateAuthToken(email, admin) | ||
return ResponseToken(token=token) | ||
|
||
except Exception as e: | ||
log.error(e) | ||
# TODO: Return something better than query error | ||
return LoginError.QUERY_ERROR |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
import jwt | ||
from datetime import datetime, timezone, timedelta | ||
|
||
# TODO: This method of secret key generation is, obviously, extremely unsafe. | ||
# This needs to be changed. | ||
secret_key = "SuperSecret" | ||
|
||
|
||
def generateAuthToken(userId, admin): | ||
payload = { | ||
"email": userId, | ||
"admin": admin, | ||
"exp": datetime.now(tz=timezone.utc) + timedelta(hours=24), | ||
} | ||
return jwt.encode(payload, secret_key, algorithm="HS256") | ||
|
||
|
||
# TODO: Find out how FastAPI handles middleware functions, and turn this into one. | ||
def authenticateToken(token): | ||
# Return the decoded token if it's valid. | ||
try: | ||
decoded = jwt.decode(token, secret_key, algorithms="HS256") | ||
return decoded | ||
|
||
# If the token is invalid, return None. | ||
except Exception: | ||
return None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters