1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
from fastapi import APIRouter, Body, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from app.auth.dependencies import get_current_user, get_optional_user
from app.models.user import User
from app.schemas.profile import DescriptionUpdate
from app.schemas.user import (
ChangeEmail,
ChangePassword,
ChangeUsername,
MeResponse,
SetPassword,
UserRead,
)
from app.utils.db import get_async_session
from app.utils.hash_cfg import hash_password, verify_password
router = APIRouter(prefix="/users", tags=["users"])
@router.get("/me", response_model=MeResponse)
async def me(
user: User | None = Depends(get_optional_user),
):
return MeResponse(
authenticated=user is not None,
user=UserRead.model_validate(user) if user else None,
)
@router.get("/{username}", response_model=UserRead)
async def get_user(
username: str,
session: AsyncSession = Depends(get_async_session),
):
user = await User.get_user_by_username(username, session=session)
if not user:
raise HTTPException(status_code=404, detail="User not found")
return UserRead.model_validate(user)
@router.patch("/description")
async def update_description(
payload: DescriptionUpdate,
user: User = Depends(get_current_user),
session: AsyncSession = Depends(get_async_session),
):
profile = user.profile
if not profile:
raise HTTPException(status_code=404, detail="Profile not found")
profile.description = payload.description
session.add(profile)
await session.commit()
await session.refresh(profile)
return {"description": profile.description}
@router.patch("/email")
async def change_email(
data: ChangeEmail = Body(...),
user: User = Depends(get_current_user),
session: AsyncSession = Depends(get_async_session),
):
user.email = data.email
session.add(user)
await session.commit()
await session.refresh(user)
return {"email": user.email}
@router.patch("/password")
async def change_password(
data: ChangePassword = Body(...),
user: User = Depends(get_current_user),
session: AsyncSession = Depends(get_async_session),
):
if not user.password:
raise HTTPException(status_code=400, detail="User has no password set")
if not verify_password(data.current_password, user.password):
raise HTTPException(
status_code=400,
detail="Invalid current password",
)
if verify_password(data.new_password, user.password):
raise HTTPException(
status_code=400,
detail="New password must be different from current password",
)
hashed = hash_password(data.new_password)
user.password = hashed
session.add(user)
await session.commit()
await session.refresh(user)
return {
"success": True,
"message": "Password updated successfully",
}
@router.post("/password/set")
async def set_password(
data: SetPassword,
user: User = Depends(get_current_user),
session: AsyncSession = Depends(get_async_session),
):
if user.password:
raise HTTPException(status_code=400, detail="Password already set")
if data.new_password != data.repeat_password:
raise HTTPException(status_code=400, detail="Passwords do not match")
user.password = hash_password(data.new_password)
session.add(user)
await session.commit()
await session.refresh(user)
return {"success": True}
@router.patch("/change-username")
async def change_username(
data: ChangeUsername,
user: User = Depends(get_current_user),
session: AsyncSession = Depends(get_async_session),
):
if len(data.username) < 3:
raise HTTPException(status_code=400, detail="Username too short")
user.username = data.username
await session.commit()
await session.refresh(user)
return {
"success": True,
"username": user.username,
}
|
