a-mayb3/Kanban_clone_backend
1
1
Fork 0
mirror of https://github.com/a-mayb3/Kanban_clone_backend.git synced 2026-03-21 18:15:37 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Started implementing auth

Browse source
This commit is contained in:
Marta Borgia Leiva 2026-02-02 11:09:27 +01:00
parent e557c25789
commit b909a23fa3
7 changed files with 279 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

126
routers/auth.py Normal file
View file

@ -0,0 +1,126 @@
import os
from fastapi import APIRouter, Depends, HTTPException, status, Response
from database import db_dependency
from jose import JWTError, jwt
from datetime import datetime, timedelta, timezone
import models
import schemas.users as user_schemas
import routers.users as user_router
from pyargon2 import hash
router = APIRouter(prefix="/auth", tags=["auth"])
SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-this-in-production")
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 1440 # 24 hours
def create_access_token(data: dict, expires_delta: timedelta | None = None):
to_encode = data.copy()
if expires_delta:
expire = datetime.now(timezone.utc) + expires_delta
else:
expire = datetime.now(timezone.utc) + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
to_encode.update({"exp": expire})
to_encode.update({"iat": datetime.now(timezone.utc)})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
@router.post("/login")
def login(user_data: user_schemas.UserLogin, response: Response, db: db_dependency):
"""Login and receive JWT token in cookie"""
db_user = db.query(models.User).filter(models.User.email == user_data.email).first()
if db_user is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password"
)
if not verify_user_password(getattr(db_user, "id"), user_data.password, db):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password"
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": str(db_user.id)}, expires_delta=access_token_expires
)
# Set JWT in httpOnly cookie
response.set_cookie(
key="access_token",
value=access_token,
httponly=True,
max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
samesite="lax",
secure=False # Set to True in production with HTTPS
)
return {
"message": "Login successful",
"user": {
"id": db_user.id,
"name": db_user.name,
"email": db_user.email
}
}
@router.post("/logout")
def logout(response: Response):
"""Logout by clearing the JWT cookie"""
response.delete_cookie(key="access_token")
return {"message": "Logout successful"}
def verify_jwt_token(token: str):
"""Verify and decode a JWT token"""
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
)
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
user_id = payload.get("sub")
if user_id is None:
raise credentials_exception
return user_id
except JWTError:
raise credentials_exception
def get_current_user(request, db: db_dependency):
"""Get current authenticated user from cookie"""
token = request.cookies.get("access_token")
if not token:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not authenticated"
)
user_id = verify_jwt_token(token)
user = db.query(models.User).filter(models.User.id == int(user_id)).first()
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User not found"
)
return user
def verify_user_password(user_id: int, password: str, db: db_dependency) -> bool:
"""Verify user's password"""
db_user = db.query(models.User).filter(models.User.id == user_id).first()
if db_user is None:
return False
hashed_password = hash(password=password, salt=str(getattr(db_user,"password_salt")), variant="id")
if hashed_password != db_user.password_hash:
return False
return True