Skip to content

GitLab

"vscode:/vscode.git/clone" did not exist on "3e95aa1a09561b0793519159cf64f808caf7e7a2"
Switch branch/tag
Find file Normal viewHistoryPermalink
utils.py 2.19 KB
Newer Older
Anuraag Jain's avatar
refac: use dependencies to verify token  
Anuraag Jain committed
1
2
3 
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from fastapi import HTTPException, status, Depends
from apps.web.models.users import Users
Timothy J. Baek's avatar
feat: multi-user support w/ RBAC  
Timothy J. Baek committed
4
5 
from pydantic import BaseModel
from typing import Union, Optional
Anuraag Jain's avatar
refac: use dependencies to verify token  
Anuraag Jain committed
6 
from constants import ERROR_MESSAGES
Timothy J. Baek's avatar
feat: multi-user support w/ RBAC  
Timothy J. Baek committed
7
8
9
10
11
12
13 
from passlib.context import CryptContext
from datetime import datetime, timedelta
import requests
import jwt

import config
Timothy J. Baek's avatar
feat: set first user to admin by default  
Timothy J. Baek committed
14 
JWT_SECRET_KEY = config.WEBUI_JWT_SECRET_KEY
Timothy J. Baek's avatar
feat: multi-user support w/ RBAC  
Timothy J. Baek committed
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57 
ALGORITHM = "HS256"

##############
# Auth Utils
##############

bearer_scheme = HTTPBearer()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")


def verify_password(plain_password, hashed_password):
    return (
        pwd_context.verify(plain_password, hashed_password) if hashed_password else None
    )


def get_password_hash(password):
    return pwd_context.hash(password)


def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> str:
    payload = data.copy()

    if expires_delta:
        expire = datetime.utcnow() + expires_delta
        payload.update({"exp": expire})

    encoded_jwt = jwt.encode(payload, JWT_SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt


def decode_token(token: str) -> Optional[dict]:
    try:
        decoded = jwt.decode(token, JWT_SECRET_KEY, options={"verify_signature": False})
        return decoded
    except Exception as e:
        return None


def extract_token_from_auth_header(auth_header: str):
    return auth_header[len("Bearer ") :]
Anuraag Jain's avatar
refac: use dependencies to verify token  
Anuraag Jain committed
58
59
60
61
62
63
64
65 
def verify_auth_token(auth_token: HTTPAuthorizationCredentials = Depends(HTTPBearer())):
    data = decode_token(auth_token.credentials)
    if data != None and "email" in data:
        user = Users.get_user_by_email(data["email"])
        if user is None:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail=ERROR_MESSAGES.INVALID_TOKEN,
Timothy J. Baek's avatar
feat: multi-user support w/ RBAC  
Timothy J. Baek committed
66 
            )
Anuraag Jain's avatar
refac: use dependencies to verify token  
Anuraag Jain committed
67
68
69
70
71
72
73
74
75
76
77 
        return
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.UNAUTHORIZED,
        )


def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(HTTPBearer())):
    data = decode_token(auth_token.credentials)
    return Users.get_user_by_email(data["email"])