From 7e41576035cd9f0004255a7490e6691c6d989ff6 Mon Sep 17 00:00:00 2001 From: tycfuvgibhoinjok Date: Tue, 31 Mar 2026 13:46:18 +0300 Subject: add jwt --- app/auth/jwt.py | 71 ++++++++++++++++++++++++++++++++++++++++++++++ app/auth/login.py | 0 app/auth/register.py | 32 --------------------- app/main.py | 21 +------------- app/models/models.py | 0 app/models/user.py | 26 +++++++++++++++++ app/routes/__init__.py | 12 ++++++++ app/routes/auth.py | 37 ++++++++++++++++++++++++ app/routes/me.py | 48 +++++++++++++++++++++++++++++++ app/routes/register.py | 2 +- app/routes/routes.py | 6 ---- app/schemas/schemas.py | 0 app/schemas/user.py | 4 +-- app/utils/create_tables.py | 1 - app/utils/db.py | 3 +- 15 files changed, 199 insertions(+), 64 deletions(-) delete mode 100644 app/auth/login.py delete mode 100644 app/auth/register.py delete mode 100644 app/models/models.py create mode 100644 app/routes/auth.py create mode 100644 app/routes/me.py delete mode 100644 app/routes/routes.py delete mode 100644 app/schemas/schemas.py (limited to 'app') diff --git a/app/auth/jwt.py b/app/auth/jwt.py index e69de29..2d2aac5 100644 --- a/app/auth/jwt.py +++ b/app/auth/jwt.py @@ -0,0 +1,71 @@ +import os +from datetime import datetime, timedelta +from typing import Dict, Optional + +import jwt +from dotenv import load_dotenv + +from app.utils.logger_cfg import logger + +load_dotenv() +JWT_SECRET = os.getenv("JWT_SECRET") +if not JWT_SECRET: + logger.critical("JWT_SECRET environment variable not set! Exiting.") + raise RuntimeError("JWT_SECRET environment variable not set!") + +JWT_ALGORITHM = "HS256" +ACCESS_TOKEN_EXPIRE_MINUTES = 60 +REFRESH_TOKEN_EXPIRE_DAYS = 7 + + +def create_access_token(data: Dict, expires_delta: Optional[timedelta] = None) -> str: + try: + to_encode = data.copy() + expire = datetime.utcnow() + ( + expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) + ) + to_encode.update({"exp": expire}) + safe_payload = {k: v for k, v in to_encode.items() if k != "password"} + logger.debug(f"Creating access token with payload: {safe_payload}") + return jwt.encode(to_encode, JWT_SECRET, algorithm=JWT_ALGORITHM) + except Exception as e: + logger.exception(f"Failed to create access token: {e}") + raise RuntimeError("Failed to create access token") + + +def create_refresh_token(data: Dict, expires_delta: Optional[timedelta] = None) -> str: + try: + to_encode = data.copy() + expire = datetime.utcnow() + ( + expires_delta or timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS) + ) + to_encode.update({"exp": expire}) + logger.debug(f"Creating refresh token with payload: {to_encode}") + return jwt.encode(to_encode, JWT_SECRET, algorithm=JWT_ALGORITHM) + except Exception as e: + logger.exception(f"Failed to create refresh token: {e}") + raise RuntimeError("Failed to create refresh token") + + +def decode_token(token: str) -> Dict: + try: + logger.debug("Decoding JWT token...") + payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM]) + safe_payload = {k: v for k, v in payload.items() if k != "password"} + logger.info(f"JWT decoded successfully: {safe_payload}") + return payload + except jwt.ExpiredSignatureError: + logger.warning("JWT token has expired") + raise ValueError("Token has expired") + except jwt.InvalidSignatureError: + logger.warning("JWT token signature invalid") + raise ValueError("Invalid token signature") + except jwt.DecodeError: + logger.warning("JWT token decode failed (possibly malformed)") + raise ValueError("Malformed token") + except jwt.InvalidTokenError: + logger.warning("JWT token invalid for unknown reason") + raise ValueError("Invalid token") + except Exception as e: + logger.exception(f"Unexpected error decoding JWT: {e}") + raise RuntimeError("Unexpected error while decoding token") diff --git a/app/auth/login.py b/app/auth/login.py deleted file mode 100644 index e69de29..0000000 diff --git a/app/auth/register.py b/app/auth/register.py deleted file mode 100644 index f1c3ec3..0000000 --- a/app/auth/register.py +++ /dev/null @@ -1,32 +0,0 @@ -from app.models.auth import User -from argon2 import PasswordHasher -from fastapi import APIRouter, Depends, HTTPException, status -from sqlalchemy.ext.asyncio import AsyncSession -from sqlalchemy.future import select - -from app.schemas.auth import RegisterSchema -from app.utils.db import get_db - -router = APIRouter() -ph = PasswordHasher() - - -@router.post("/register") -async def register(user: RegisterSchema, db: AsyncSession = Depends(get_db)): - result = await db.execute( - select(User).where( - (User.username == user.username) | (User.email == user.email) - ) - ) - existing = result.scalar_one_or_none() - if existing: - raise HTTPException( - status_code=status.HTTP_400_BAD_REQUEST, - detail="Username or email already exists", - ) - - hashed = ph.hash(user.password) - new_user = User(username=user.username, email=user.email, password_hash=hashed) - db.add(new_user) - await db.commit() - return {"message": "User registered successfully"} diff --git a/app/main.py b/app/main.py index 8b7d6eb..d2925ed 100644 --- a/app/main.py +++ b/app/main.py @@ -3,7 +3,7 @@ import time from fastapi import FastAPI from sqlalchemy import text -from app.routes.routes import router as api_router +from app.routes import router as api_router from app.utils.create_tables import init_db from app.utils.db import engine from app.utils.logger_cfg import logger @@ -65,22 +65,3 @@ async def read_root(): logger.info("Root endpoint accessed") logger.debug("Processing root endpoint request") return {"message": "Hello new asyncpg ci!"} - - -@app.get("/check-db") -async def check_db(): - logger.info("Database health check endpoint called") - logger.debug("Starting database health check") - - try: - async with engine.begin() as conn: - logger.debug("Executing test query: SELECT 1") - result = await conn.execute(text("SELECT 1")) - db_result = result.scalar() - logger.info(f"Database health check successful: {db_result}") - logger.debug("Database health check query executed successfully") - return {"db_check": db_result} - - except Exception as e: - logger.exception(f"Database health check failed: {e}") - raise diff --git a/app/models/models.py b/app/models/models.py deleted file mode 100644 index e69de29..0000000 diff --git a/app/models/user.py b/app/models/user.py index de9fa98..76ba3f9 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -1,6 +1,11 @@ +from fastapi import Depends from sqlalchemy import Boolean, Integer, String +from sqlalchemy.ext.asyncio import AsyncSession +from sqlalchemy.future import select from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column +from app.utils.db import get_async_session + class Base(DeclarativeBase): pass @@ -21,3 +26,24 @@ class User(Base): premium: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False) is_banned: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False) is_moderator: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False) + + @classmethod + async def get_user_by_email( + cls, email: str, session: AsyncSession = Depends(get_async_session) + ): + result = await session.execute(select(cls).where(cls.email == email)) + return result.scalars().first() + + @classmethod + async def get_user_by_username( + cls, username: str, session: AsyncSession = Depends(get_async_session) + ): + result = await session.execute(select(cls).where(cls.username == username)) + return result.scalars().first() + + @classmethod + async def get_user_by_id( + cls, user_id: int, session: AsyncSession = Depends(get_async_session) + ): + result = await session.execute(select(cls).where(cls.id == user_id)) + return result.scalars().first() diff --git a/app/routes/__init__.py b/app/routes/__init__.py index e69de29..383ef66 100644 --- a/app/routes/__init__.py +++ b/app/routes/__init__.py @@ -0,0 +1,12 @@ +from fastapi import APIRouter + +from .auth import router as auth_router +from .me import router as me_router +from .register import router as register_router + +router = APIRouter() + +router.include_router(register_router, prefix="/auth") +router.include_router(auth_router, prefix="/auth") + +router.include_router(me_router) diff --git a/app/routes/auth.py b/app/routes/auth.py new file mode 100644 index 0000000..aa68c52 --- /dev/null +++ b/app/routes/auth.py @@ -0,0 +1,37 @@ +from fastapi import APIRouter, Depends, HTTPException +from fastapi.security import OAuth2PasswordRequestForm +from sqlalchemy.ext.asyncio import AsyncSession + +from app.utils.logger_cfg import logger + +from app.auth.jwt import create_access_token, create_refresh_token +from app.models.user import User +from app.utils.db import get_async_session +from app.utils.hash_cfg import verify_password + +router = APIRouter(tags=["auth"]) + + +@router.post("/login") +async def login( + form_data: OAuth2PasswordRequestForm = Depends(), + session: AsyncSession = Depends(get_async_session), +): + user = await User.get_user_by_email(form_data.username, session=session) + if not user: + user = await User.get_user_by_username(form_data.username, session=session) + + if not user or not verify_password(form_data.password, user.password): + logger.warning("Login failed | username/email={}", form_data.username) + raise HTTPException(status_code=401, detail="Invalid credentials") + + access_token = create_access_token({"sub": str(user.id)}) + refresh_token = create_refresh_token({"sub": str(user.id)}) + + logger.info("User logged in | id={} username={}", user.id, user.username) + + return { + "access_token": access_token, + "refresh_token": refresh_token, + "token_type": "bearer", + } diff --git a/app/routes/me.py b/app/routes/me.py new file mode 100644 index 0000000..a09453c --- /dev/null +++ b/app/routes/me.py @@ -0,0 +1,48 @@ +from fastapi import APIRouter, Depends, HTTPException +from fastapi.security import OAuth2PasswordBearer +from sqlalchemy.ext.asyncio import AsyncSession + +from app.auth.jwt import decode_token +from app.models.user import User +from app.utils.db import get_async_session +from app.utils.logger_cfg import logger + +router = APIRouter() +oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login") + + +@router.get("/me") +async def read_current_user( + token: str = Depends(oauth2_scheme), + session: AsyncSession = Depends(get_async_session), +): + + if not token: + logger.warning("No token provided in /me request") + raise HTTPException(status_code=401, detail="Unauthorized") + + try: + payload = decode_token(token) + user_id = int(payload.get("sub")) + user = await User.get_user_by_id(user_id, session=session) + + if not user: + logger.warning("User not found in /me | id={}", user_id) + raise HTTPException(status_code=404, detail="User not found") + + logger.info("User accessed /me | id={} username={}", user.id, user.username) + + user_data = { + "id": user.id, + "username": user.username, + "email": user.email, + "premium": user.premium, + "is_banned": user.is_banned, + "is_moderator": user.is_moderator, + } + logger.debug("Returning /me data: {}", user_data) + return user_data + + except ValueError as e: + logger.warning("Invalid token in /me request: {}", e) + raise HTTPException(status_code=401, detail="Invalid token") diff --git a/app/routes/register.py b/app/routes/register.py index 0134c56..fb8ec3d 100644 --- a/app/routes/register.py +++ b/app/routes/register.py @@ -11,7 +11,7 @@ from app.utils.db import get_async_session from app.utils.hash_cfg import hash_password from app.utils.logger_cfg import logger -router = APIRouter(prefix="/auth", tags=["auth"]) +router = APIRouter(tags=["auth"]) @router.post("/register", response_model=UserRead) diff --git a/app/routes/routes.py b/app/routes/routes.py deleted file mode 100644 index 7db7ec4..0000000 --- a/app/routes/routes.py +++ /dev/null @@ -1,6 +0,0 @@ -from fastapi import APIRouter - -from .register import router as register_router - -router = APIRouter() -router.include_router(register_router) diff --git a/app/schemas/schemas.py b/app/schemas/schemas.py deleted file mode 100644 index e69de29..0000000 diff --git a/app/schemas/user.py b/app/schemas/user.py index 7151d54..6644216 100644 --- a/app/schemas/user.py +++ b/app/schemas/user.py @@ -5,7 +5,7 @@ from pydantic import BaseModel, EmailStr, Field class UserCreate(BaseModel): username: str = Field(..., max_length=32) - email: Optional[EmailStr] = None + email: EmailStr password: str = Field(..., min_length=8) model_config = { @@ -16,7 +16,7 @@ class UserCreate(BaseModel): class UserRead(BaseModel): id: int username: str - email: Optional[EmailStr] = None + email: EmailStr = None google_id: Optional[str] = None avatar_file: Optional[str] = None banner_file: Optional[str] = None diff --git a/app/utils/create_tables.py b/app/utils/create_tables.py index bb9baf3..e438a03 100644 --- a/app/utils/create_tables.py +++ b/app/utils/create_tables.py @@ -1,4 +1,3 @@ -# app/utils/create_tables.py from app.models.user import Base from app.utils.db import engine diff --git a/app/utils/db.py b/app/utils/db.py index 603ff68..b823904 100644 --- a/app/utils/db.py +++ b/app/utils/db.py @@ -1,4 +1,3 @@ -# app/utils/db.py import os from dotenv import load_dotenv @@ -9,7 +8,7 @@ load_dotenv() DATABASE_URL = os.getenv("DATABASE_URL") if not DATABASE_URL: - raise ValueError("DATABASE_URL не найден в .env!") + raise ValueError("DATABASE_URL not found .env") engine = create_async_engine(DATABASE_URL, echo=True, future=True) -- cgit v1.3-3-g829e