From 5c4afb8b4ed28fba30835012cfb208a8460af0f9 Mon Sep 17 00:00:00 2001
From: Mark <lopkophacked@protonmail.com>
Date: Thu, 14 Mar 2024 14:20:13 +0300
Subject: [PATCH] update security file

---
 backend/{ => auth}/security.py | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)
 rename backend/{ => auth}/security.py (57%)

diff --git a/backend/security.py b/backend/auth/security.py
similarity index 57%
rename from backend/security.py
rename to backend/auth/security.py
index bbedd0c..859dbc4 100644
--- a/backend/security.py
+++ b/backend/auth/security.py
@@ -1,24 +1,32 @@
+from datetime import datetime
+
 from passlib.context import CryptContext
 from jose import JWTError, jwt
-from config import settings
 
+from config import settings
 from db.dbapi import DatabaseService
+from auth.exceptions import LoginFailed, UserExpired
 
 db = DatabaseService()
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-ALGORITHM = "HS256"
 
 
 def authenticate_user(session, name: str, password: str):
     user = db.fetch_user_by_name(session, name)
-    if not user:
-        return False
-    if not verify_password(password, user.hashed_password):
-        return False
+    if not (user and verify_password(password, user.hashed_password)):
+        raise LoginFailed("Either username or password is incorrect")
     return user
 
 
+def token_expired_check(session, username):
+    user = db.fetch_user_by_name(session, username)
+    access_token = db.fetch_token_by_username(session, username)
+    if (access_token.expires_at - datetime.now()).total_seconds() < 0:
+        db.remove_user(session, user)
+        raise UserExpired("Token has expired")
+
+
 def verify_password(plain_password, hashed_password):
     return pwd_context.verify(plain_password, hashed_password)
 
@@ -28,11 +36,10 @@ def hash_password(password):
 
 
 def create_access_token(data: dict):
-    encoded_jwt = jwt.encode(data, settings.SECRET_KEY, algorithm=ALGORITHM)
+    encoded_jwt = jwt.encode(data, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
     return encoded_jwt
 
 
 def decode_access_token(token: str):
-    decoded = jwt.decode(token, key=settings.SECRET_KEY, algorithms=ALGORITHM)
-    print(decoded)
+    decoded = jwt.decode(token, key=settings.SECRET_KEY, algorithms=settings.ALGORITHM)
     return decoded