feat: added endpoints: auth, pofile, account, keyring

api/api/endpoints/auth.py

@@ -0,0 +1,143 @@
+from datetime import datetime, timedelta, timezone
+
+from fastapi import (
+    APIRouter,
+    Body,
+    Depends,
+    Form,
+    HTTPException,
+    Request,
+    Response,
+    status,
+)
+
+
+from loguru import logger
+from pydantic.main import BaseModel
+from fastapi_jwt_auth import AuthJWT
+
+from pydantic import BaseModel
+
+from sqlalchemy.ext.asyncio import AsyncConnection
+
+from api.config import get_settings
+from api.db.connection.session import get_connection_dep
+from api.services.auth import authenticate_user
+
+from api.db.logic.auth import add_new_refresh_token,upgrade_old_refresh_token
+
+from api.schemas.endpoints.auth import Auth
+
+api_router = APIRouter(
+    prefix="/auth",
+    tags=["User auth"],
+)
+
+
+class Settings(BaseModel):
+    authjwt_secret_key: str = get_settings().SECRET_KEY
+    # Configure application to store and get JWT from cookies
+    authjwt_token_location: set = {"headers", "cookies"}
+    authjwt_cookie_domain: str = get_settings().DOMAIN
+
+    # Only allow JWT cookies to be sent over https
+    authjwt_cookie_secure: bool = get_settings().ENV == "prod"
+    # Enable csrf double submit protection. default is True
+    authjwt_cookie_csrf_protect: bool = False
+    authjwt_cookie_samesite: str = "lax"
+
+
+@AuthJWT.load_config
+def get_config():
+    return Settings()
+
+
+@api_router.post("/")
+async def login_for_access_token(
+    user: Auth,
+    response: Response,
+    connection: AsyncConnection = Depends(get_connection_dep),
+    Authorize: AuthJWT = Depends(),
+):
+
+    """Авторизирует, выставляет токены в куки."""
+
+    user = await authenticate_user(connection, user.login, user.password)
+
+    print("login_for_access_token", user)
+
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password",
+            # headers={"WWW-Authenticate": "Bearer"},
+
+        )
+    access_token_expires = timedelta(
+        minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
+
+    refresh_token_expires = timedelta(
+        days=get_settings().REFRESH_TOKEN_EXPIRE_DAYS
+    )
+
+    logger.debug(f"refresh_token_expires {refresh_token_expires}")
+
+    access_token = Authorize.create_access_token(
+        subject=user.login, expires_time=access_token_expires
+    )
+    refresh_token = Authorize.create_refresh_token(
+        subject=user.login, expires_time=refresh_token_expires
+    )
+
+    refresh_token_expires_time = datetime.now(timezone.utc) + refresh_token_expires
+
+    await upgrade_old_refresh_token(connection,user)
+
+    await add_new_refresh_token(connection,refresh_token,refresh_token_expires_time,user)
+
+    Authorize.set_refresh_cookies(refresh_token)
+
+
+    return {
+            "access_token": access_token,
+            # "access_token_expires": access_token_expires_time,
+            # "refresh_token": refresh_token,
+            # "refresh_token_expires": refresh_token_expires_time
+            }
+
+
+@api_router.post("/refresh")
+def refresh(
+    request: Request,
+    Authorize: AuthJWT = Depends()):
+    """Обновляет access токен."""
+
+    refresh_token = request.cookies.get("refresh_token_cookie")
+    print("Refresh Token:", refresh_token)
+
+
+    if not refresh_token:
+        raise HTTPException(status_code=401, detail="Refresh token is missing")
+
+    try:
+
+        Authorize.jwt_refresh_token_required()
+
+    except Exception as e:
+        raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid refresh token",
+            )
+
+
+    current_user = Authorize.get_jwt_subject()
+
+    access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
+
+    new_access_token = Authorize.create_access_token(
+        subject=current_user, expires_time=access_token_expires
+    )
+
+    Authorize.set_access_cookies(new_access_token)
+
+    return {"msg": "The token has been refresh"}