update apis

Lopkop · Mar 28, 2024 · 1a3af50 · 1a3af50
1 parent 9eac917
commit 1a3af50
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 32 deletions.
diff --git a/backend/auth/api.py b/backend/auth/api.py
@@ -7,7 +7,7 @@
 import auth.schemas as schemas
 import db.schemas as db_schemas
 from db.dbapi import DatabaseService
-from auth.security import authenticate_user, create_access_token, token_expired_check
+from auth.security import authenticate_user, create_access_token, token_expired, verify_user
 from auth.exceptions import LoginFailed, UserExpired
 
 db = DatabaseService()
@@ -47,7 +47,6 @@ async def sign_up(self, user: db_schemas.UserModel, response: Response):
     async def login(self, user: db_schemas.UserModel, response: Response):
         try:
             user = authenticate_user(self.session, user.name, user.password)
-            token_expired_check(self.session, user.name)
         except LoginFailed:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
@@ -73,30 +72,10 @@ async def get_user(self, access_token: str = Cookie(None)):
         if not access_token:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Incorrect username or password",
-                headers={"WWW-Authenticate": "Bearer"},
-            )
-        user = db.fetch_user_by_access_token(self.session, access_token)
-        if not user:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Incorrect username or password",
+                detail="Token was not provided",
                 headers={"WWW-Authenticate": "Bearer"},
             )
+        user = verify_user(self.session, access_token)
         user_expires_in = (user.lifetime - datetime.now()).total_seconds() // 60
         user_model = db_schemas.UserModel(name=user.name, password=None, lifetime=user_expires_in)
-        try:
-            token_expired_check(self.session, user.name)
-        except LoginFailed:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Incorrect username or password",
-                headers={"WWW-Authenticate": "Bearer"},
-            )
-        except UserExpired:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Your account was deleted",
-                headers={"WWW-Authenticate": "Bearer"},
-            )
         return user_model
diff --git a/backend/chatroom/api.py b/backend/chatroom/api.py
@@ -1,11 +1,12 @@
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException, status, Cookie
 from fastapi_utils.inferring_router import InferringRouter
 from sqlalchemy.orm import scoped_session
 from fastapi_utils.cbv import cbv
 
 from .utils import RandomIdGenerator, create_and_get_chatroom
 from chatroom.schemas import ChatRequest
 from db.dbapi import DatabaseService
+from auth import security
 
 db = DatabaseService()
 chat_router = InferringRouter()
@@ -16,8 +17,14 @@ class ChatCBV:
     session: scoped_session = Depends(db.get_db)
 
     @chat_router.post('/create-chat')
-    async def create_chat(self, username):
+    async def create_chat(self, username, access_token: str = Cookie(None)):
         """Create chatroom and save to db"""
+        if not security.verify_user(self.session, access_token):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Incorrect username or password",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
         if not db.fetch_user_by_name(self.session, username):
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
@@ -34,15 +41,26 @@ async def create_chat(self, username):
         return {"status": 201, "chatroom": chat}
 
     @chat_router.post('/connect-to-chat')
-    async def connect_to_chat(self, req: ChatRequest):
-        user = db.fetch_user_by_name(self.session, req.username)
+    async def connect_to_chat(self, req: ChatRequest, access_token: str = Cookie(None)):
+        if not (user := security.verify_user(self.session, access_token)):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Incorrect username or password",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
         if not (chat := db.fetch_chat_by_name(self.session, req.chatname)):
             return {"status": 400, "chatname": req.chatname}
-        if not user:
-            return {"status": 400, "chatname": req.chatname}
+        if user.name in {usr.user for usr in chat.users}:
+            return {"status": 420, "chatname": chat.name}
         db.add_user_to_chatroom(self.session, chatroom_name=chat.name, username=user.name)
         return {"status": 200, "chatname": chat.name}
 
-    @chat_router.get('/get-messages')
-    def get_messages(self, chatroom_name):
+    @chat_router.get('/get-messages/{chatroom_name}')
+    def get_messages(self, chatroom_name, access_token: str = Cookie(None)):
+        if not security.verify_user(self.session, access_token):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Incorrect username or password",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
         return db.fetch_chatroom_messages(self.session, chatroom_name)