ngay 2-8-2022
This commit is contained in:
@@ -1,3 +1,5 @@
|
||||
from os import access
|
||||
from urllib import response
|
||||
from fastapi import (
|
||||
APIRouter,
|
||||
Depends,
|
||||
@@ -16,71 +18,120 @@ from ..models.models import (
|
||||
from ..dependecies import (
|
||||
get_current_user,
|
||||
authenticate_user,
|
||||
authenticate_user_oauth2,
|
||||
create_access_token,
|
||||
get_password_hash
|
||||
)
|
||||
from ..settings import db, ACCESS_TOKEN_EXPIRE_MINUTES
|
||||
|
||||
import json
|
||||
from typing import List
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
import requests
|
||||
import re
|
||||
from pydantic import BaseModel, Field
|
||||
|
||||
|
||||
class LoginRequest(BaseModel):
|
||||
username: str
|
||||
password: str
|
||||
grant_type: str
|
||||
|
||||
|
||||
class TokenModel(BaseModel):
|
||||
token: str = None
|
||||
refresh_token: str = None
|
||||
grant_type: str = None
|
||||
|
||||
|
||||
router = APIRouter()
|
||||
# ============= Creating path operations ==============
|
||||
@router.post("/create_user", response_description="Add new user", response_model=UserModel)
|
||||
async def create_user(user: UserModel, file: UploadFile = File(...)):
|
||||
if re.match("admin|dev|simple mortal", user.role):
|
||||
datetime_now = datetime.now()
|
||||
user.created_at = datetime_now.strftime("%m/%d/%y %H:%M:%S")
|
||||
user.password = get_password_hash(user.password)
|
||||
user = jsonable_encoder(user)
|
||||
file_location = f"../media/"
|
||||
current_time = datetime_now.strftime("%H:%M:%S_%d-%m-%Y_")
|
||||
file_save = file_location + current_time + file.filename
|
||||
user.avatar = current_time + file.filename
|
||||
with open(file_save, "wb+") as file_object:
|
||||
file_object.write(file.file.read())
|
||||
new_user = await db["users"].insert_one(user)
|
||||
await db["users"].update_one({"_id": new_user.inserted_id}, {
|
||||
"$rename": {"password": "hashed_pass"}})
|
||||
|
||||
created_user = await db["users"].find_one({"_id": new_user.inserted_id})
|
||||
return JSONResponse(status_code=status.HTTP_201_CREATED, content=created_user)
|
||||
|
||||
raise HTTPException(status_code=406, detail="User role not acceptable")
|
||||
# @router.post("/create_user", response_description="Add new user", response_model=UserModel)
|
||||
# async def create_user(user: UserModel
|
||||
# # , file: UploadFile = File(...)
|
||||
# ):
|
||||
# if re.match("admin|user|editor", user.role):
|
||||
# datetime_now = datetime.now()
|
||||
# user.created_at = datetime_now.strftime("%m/%d/%y %H:%M:%S")
|
||||
# user.password = get_password_hash(user.password)
|
||||
# user = jsonable_encoder(user)
|
||||
# new_user = await db["users"].insert_one(user)
|
||||
# await db["users"].update_one({"_id": new_user.inserted_id}, {
|
||||
# "$rename": {"password": "hashed_pass"}})
|
||||
|
||||
# created_user = await db["users"].find_one({"_id": new_user.inserted_id})
|
||||
# return JSONResponse(status_code=status.HTTP_201_CREATED, content=created_user)
|
||||
|
||||
# raise HTTPException(status_code=406, detail="User role not acceptable")
|
||||
|
||||
|
||||
@router.post("/login")
|
||||
async def login_for_access_token(body: LoginRequest):
|
||||
print(body)
|
||||
user = await authenticate_user(body.username, body.password)
|
||||
print(body)
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Incorect ID or password",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
access_token = create_access_token(
|
||||
data={"sub": user["username"]}, expires_delta=access_token_expires
|
||||
)
|
||||
await db["users"].update_one({"username": body.username}, {"$set": {
|
||||
"last_login": datetime.now().strftime("%m/%d/%y %H:%M:%S"),
|
||||
"is_active": "true"
|
||||
}})
|
||||
url = "https://sandboxapi.ebacsi.com.vn/auth/oauth/token"
|
||||
|
||||
payload = {'username': body.username,
|
||||
'password': body.password,
|
||||
'grant_type': body.grant_type}
|
||||
files = [
|
||||
|
||||
]
|
||||
headers = {
|
||||
'Authorization': 'Basic RGljdGlvbmFyeU1lZGlob21lOlJ4aXR6ZnZvaWFmZmNtb2l0ZW0=',
|
||||
'Cookie': 'JSESSIONID=node0gmjiiq3ht7kv1gesg74t1pxsb20316.node0; XSRF-TOKEN=0976f6e0-814e-4be9-b6fa-b8d0c0896315'
|
||||
}
|
||||
|
||||
response = requests.request(
|
||||
"POST", url, headers=headers, data=payload, files=files)
|
||||
|
||||
access_token = json.loads(response.text)
|
||||
|
||||
url = "https://sandboxapi.ebacsi.com.vn/auth/oauth/check_token"
|
||||
payload = {'token': access_token["access_token"]}
|
||||
headers = {
|
||||
'Authorization': 'Basic RGljdGlvbmFyeU1lZGlob21lOlJ4aXR6ZnZvaWFmZmNtb2l0ZW0='
|
||||
}
|
||||
response = requests.request(
|
||||
"POST", url, headers=headers, data=payload)
|
||||
data_output = json.loads(response.text)
|
||||
data = data_output.get("user_name", None)
|
||||
if data == None:
|
||||
return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content={"message": "UNAUTHORIZED"})
|
||||
user = json.loads(response.text)
|
||||
access_token["authorities"] = user["authorities"]
|
||||
return access_token
|
||||
|
||||
# @router.post("/token")
|
||||
# async def login_for_access_token(body: OAuth2PasswordRequestForm = Depends()):
|
||||
# url = "https://sandboxapi.ebacsi.com.vn/auth/oauth/token"
|
||||
|
||||
# payload = {'username': body.username,
|
||||
# 'password': body.password,
|
||||
# 'grant_type': body.grant_type}
|
||||
# files = [
|
||||
|
||||
# ]
|
||||
# headers = {
|
||||
# 'Authorization': 'Basic RGljdGlvbmFyeU1lZGlob21lOlJ4aXR6ZnZvaWFmZmNtb2l0ZW0=',
|
||||
# 'Cookie': 'JSESSIONID=node0gmjiiq3ht7kv1gesg74t1pxsb20316.node0; XSRF-TOKEN=0976f6e0-814e-4be9-b6fa-b8d0c0896315'
|
||||
# }
|
||||
|
||||
# response = requests.request(
|
||||
# "POST", url, headers=headers, data=payload, files=files)
|
||||
# data = json.loads(response.text)
|
||||
# del data["refresh_token"]
|
||||
# del data["expires_in"]
|
||||
# del data["scope"]
|
||||
# del data["user_type"]
|
||||
# del data["user_key"]
|
||||
|
||||
# return data
|
||||
|
||||
return {"access_token": access_token, "token_type": "bearer"}
|
||||
|
||||
@router.post("/token")
|
||||
async def login_for_access_token_2(body: LoginRequest):
|
||||
print(body)
|
||||
user = await authenticate_user(body.username, body.password)
|
||||
async def login_for_access_token_2(body: OAuth2PasswordRequestForm = Depends()):
|
||||
user = await authenticate_user_oauth2(body.username, body.password)
|
||||
print(body)
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
@@ -88,69 +139,99 @@ async def login_for_access_token_2(body: LoginRequest):
|
||||
detail="Incorect ID or password",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
access_token = create_access_token(
|
||||
data={"sub": user["username"]}, expires_delta=access_token_expires
|
||||
)
|
||||
await db["users"].update_one({"username": body.username}, {"$set": {
|
||||
"last_login": datetime.now().strftime("%m/%d/%y %H:%M:%S"),
|
||||
"is_active": "true"
|
||||
}})
|
||||
# access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
# access_token = create_access_token(
|
||||
# data={"sub": user["username"]}, expires_delta=access_token_expires
|
||||
# )
|
||||
# await db["users"].update_one({"username": body.username}, {"$set": {
|
||||
# "last_login": datetime.now().strftime("%m/%d/%y %H:%M:%S"),
|
||||
# "is_active": "true"
|
||||
# }})
|
||||
|
||||
return {"access_token": user["access_token"], "token_type": "bearer"}
|
||||
|
||||
return {"access_token": access_token, "token_type": "bearer"}
|
||||
|
||||
@router.get(
|
||||
"/list", response_description="List all users", response_model=List[ShowUserModel]
|
||||
)
|
||||
async def list_users(current_user: ShowUserModel = Depends(get_current_user)):
|
||||
async def list_users():
|
||||
users = await db["users"].find().to_list(1000)
|
||||
for user in users:
|
||||
user["is_active"] = "false"
|
||||
try:
|
||||
last_login = datetime.strptime(user["last_login"], "%m/%d/%y %H:%M:%S")
|
||||
last_login = datetime.strptime(
|
||||
user["last_login"], "%m/%d/%y %H:%M:%S")
|
||||
my_delta = datetime.now() - last_login
|
||||
if my_delta <= timedelta(days=30):
|
||||
user["is_active"] = "true"
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
return users
|
||||
|
||||
@router.post("/current", response_description="Current User")
|
||||
async def current_user(token: TokenModel):
|
||||
try:
|
||||
url = "https://sandboxapi.ebacsi.com.vn/auth/oauth/check_token"
|
||||
payload = {'token': token.token}
|
||||
headers = {
|
||||
'Authorization': 'Basic RGljdGlvbmFyeU1lZGlob21lOlJ4aXR6ZnZvaWFmZmNtb2l0ZW0='
|
||||
}
|
||||
response = requests.request(
|
||||
"POST", url, headers=headers, data=payload)
|
||||
data_output = json.loads(response.text)
|
||||
data = data_output.get("user_name", None)
|
||||
if data == None:
|
||||
return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content={"message": "UNAUTHORIZED"})
|
||||
else:
|
||||
return json.loads(response.text)
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
|
||||
|
||||
@router.get("/current", response_description="Current User", response_model=ShowUserModel)
|
||||
async def current_user(current_user: ShowUserModel = Depends(get_current_user)):
|
||||
return current_user
|
||||
# @router.get("/current", response_description="Current User", response_model=ShowUserModel)
|
||||
# async def current_user(current_user: ShowUserModel = Depends(get_current_user)):
|
||||
# return current_user
|
||||
|
||||
|
||||
@router.post("/refresh_token", response_description="refresh token")
|
||||
async def refresh_token(refresh_token: TokenModel):
|
||||
url = "https://sandboxapi.ebacsi.com.vn/auth/oauth/token"
|
||||
|
||||
payload = {'refresh_token': refresh_token.refresh_token,
|
||||
'grant_type': refresh_token.grant_type}
|
||||
files = [
|
||||
]
|
||||
headers = {
|
||||
'Authorization': 'Basic RGljdGlvbmFyeU1lZGlob21lOlJ4aXR6ZnZvaWFmZmNtb2l0ZW0=',
|
||||
'Cookie': 'JSESSIONID=node0oxtulscdyhrr1ij9hfhpjl76825093.node0; XSRF-TOKEN=79789f05-27c4-4b2a-a0dc-4491894046ec'
|
||||
}
|
||||
response = requests.request(
|
||||
"POST", url, headers=headers, data=payload, files=files)
|
||||
return json.loads(response.text)
|
||||
|
||||
|
||||
@router.put("/admin/{user_id}", response_description="Update a user", response_model=UpdateUserModel)
|
||||
async def update_user(user_id: str, user: UpdateUserModel, current_user: UserModel = Depends(get_current_user)):
|
||||
async def update_user(user_id: str, user: UpdateUserModel):
|
||||
if current_user["role"] == "admin":
|
||||
user = {k: v for k, v in user.dict().items() if v is not None}
|
||||
|
||||
|
||||
if len(user) >= 1:
|
||||
update_result = await db["users"].update_one({"_id": user_id}, {"$set": user})
|
||||
|
||||
if update_result.modified_count == 1:
|
||||
if (
|
||||
updated_user := await db["users"].find_one({"_id": user_id})
|
||||
) is not None:
|
||||
return updated_user
|
||||
|
||||
if (existing_user := await db["users"].find_one({"_id": user_id})) is not None:
|
||||
return existing_user
|
||||
|
||||
raise HTTPException(status_code=404, detail=f"User {user_id} not found")
|
||||
raise HTTPException(
|
||||
status_code=404, detail=f"User {user_id} not found")
|
||||
else:
|
||||
raise HTTPException(status_code=403, detail=f"Not having sufficient rights to modify the content")
|
||||
|
||||
raise HTTPException(
|
||||
status_code=403, detail=f"Not having sufficient rights to modify the content")
|
||||
|
||||
|
||||
@router.delete("/delete_user/{user_id}", response_description="Delete a user")
|
||||
async def delete_user(user_id: str, current_user: ShowUserModel = Depends(get_current_user)):
|
||||
async def delete_user(user_id: str):
|
||||
delete_result = await db["users"].delete_one({"_id": user_id})
|
||||
if delete_result.deleted_count == 1:
|
||||
return JSONResponse(status_code=status.HTTP_204_NO_CONTENT)
|
||||
|
||||
Reference in New Issue
Block a user