104 lines
3.1 KiB
Python
104 lines
3.1 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from fastapi.security import OAuth2PasswordRequestForm
|
|
from jose import JWTError
|
|
from modules.auth.models import User
|
|
from modules.auth.schemas import (
|
|
UserCreate,
|
|
UserResponse,
|
|
Token,
|
|
RefreshTokenRequest,
|
|
LogoutRequest,
|
|
)
|
|
from modules.auth.services import create_user
|
|
from modules.auth.security import (
|
|
TokenType,
|
|
get_current_user,
|
|
oauth2_scheme,
|
|
create_access_token,
|
|
create_refresh_token,
|
|
verify_token,
|
|
authenticate_user,
|
|
blacklist_tokens,
|
|
)
|
|
from sqlalchemy.orm import Session
|
|
from typing import Annotated
|
|
from core.database import get_db
|
|
from datetime import timedelta
|
|
from core.config import settings
|
|
from core.exceptions import unauthorized_exception
|
|
|
|
router = APIRouter(prefix="/auth", tags=["auth"])
|
|
|
|
|
|
@router.post(
|
|
"/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED
|
|
)
|
|
def register(user: UserCreate, db: Annotated[Session, Depends(get_db)]):
|
|
return create_user(user.username, user.password, user.name, db)
|
|
|
|
|
|
@router.post("/login", response_model=Token)
|
|
def login(
|
|
form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
|
|
db: Annotated[Session, Depends(get_db)],
|
|
):
|
|
"""
|
|
Authenticate user and return JWT tokens in the response body.
|
|
"""
|
|
user = authenticate_user(form_data.username, form_data.password, db)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect username or password",
|
|
)
|
|
|
|
access_token = create_access_token(
|
|
data={"sub": user.username},
|
|
expires_delta=timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES),
|
|
)
|
|
refresh_token = create_refresh_token(data={"sub": user.username})
|
|
|
|
return {
|
|
"access_token": access_token,
|
|
"refresh_token": refresh_token,
|
|
"token_type": "bearer",
|
|
}
|
|
|
|
|
|
@router.post("/refresh")
|
|
def refresh_token(
|
|
payload: RefreshTokenRequest, db: Annotated[Session, Depends(get_db)]
|
|
):
|
|
print("Refreshing token...")
|
|
refresh_token = payload.refresh_token
|
|
if not refresh_token:
|
|
raise unauthorized_exception("Refresh token missing in request body")
|
|
|
|
user_data = verify_token(
|
|
refresh_token, expected_token_type=TokenType.REFRESH, db=db
|
|
)
|
|
if not user_data:
|
|
raise unauthorized_exception("Invalid refresh token")
|
|
|
|
new_access_token = create_access_token(data={"sub": user_data.username})
|
|
return {"access_token": new_access_token, "token_type": "bearer"}
|
|
|
|
|
|
@router.post("/logout")
|
|
def logout(
|
|
payload: LogoutRequest,
|
|
db: Annotated[Session, Depends(get_db)],
|
|
current_user: Annotated[User, Depends(get_current_user)],
|
|
access_token: str = Depends(oauth2_scheme),
|
|
):
|
|
try:
|
|
refresh_token = payload.refresh_token
|
|
if not refresh_token:
|
|
raise unauthorized_exception("Refresh token not found in request body")
|
|
|
|
blacklist_tokens(access_token=access_token, refresh_token=refresh_token, db=db)
|
|
|
|
return {"message": "Logged out successfully"}
|
|
except JWTError:
|
|
raise unauthorized_exception("Invalid token")
|