75 lines
2.8 KiB
Python
75 lines
2.8 KiB
Python
from datetime import timedelta
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Response, status
|
|
from fastapi.security import OAuth2PasswordRequestForm
|
|
from src.core.config import settings
|
|
from src.core.log_conf import logger
|
|
from src.core.security import (
|
|
authenticate_user_by_email,
|
|
authenticate_user_by_username,
|
|
create_access_token,
|
|
)
|
|
from src.schema.admin.login import LoginRequest
|
|
from src.schema.admin.token import Token
|
|
from src.webapps.auth.forms import LoginForm
|
|
|
|
login_router = APIRouter()
|
|
|
|
|
|
@login_router.post(
|
|
"/login",
|
|
tags=["login"],
|
|
summary="Login and get token",
|
|
response_description="Return HTTP status code 200 (OK)",
|
|
status_code=status.HTTP_200_OK,
|
|
)
|
|
def login(request: LoginRequest) -> Token:
|
|
logger.info("login with %s", request.email)
|
|
user = authenticate_user_by_email(str(request.email), str(request.password))
|
|
scopes = ["admin", "read"]
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect username or password",
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
)
|
|
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
access_token = create_access_token(
|
|
data={"sub": user.email, "scope": " ".join(scopes)},
|
|
expires_delta=access_token_expires,
|
|
)
|
|
return Token(access_token=access_token, token_type="bearer")
|
|
|
|
|
|
@login_router.post("/token", tags=["login"], summary="Login for access token")
|
|
# async def login_for_access_token(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]) -> Token:
|
|
async def login_for_access_token(
|
|
form_data: OAuth2PasswordRequestForm = Depends(),
|
|
) -> Token:
|
|
user = authenticate_user_by_username(form_data.username, form_data.password)
|
|
if not user:
|
|
raise HTTPException(status_code=400, detail="Incorrect username or password")
|
|
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
access_token = create_access_token(
|
|
data={"sub": user.user_name, "scope": " ".join(form_data.scopes)},
|
|
expires_delta=access_token_expires,
|
|
)
|
|
return Token(access_token=access_token, token_type="bearer")
|
|
|
|
|
|
def login_for_token_cookie(response: Response, form_data: LoginForm = Depends()):
|
|
user = authenticate_user_by_email(str(form_data.username), str(form_data.password))
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect username or password",
|
|
)
|
|
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
access_token = create_access_token(
|
|
data={"sub": user.email}, expires_delta=access_token_expires
|
|
)
|
|
response.set_cookie(
|
|
key="access_token", value=f"Bearer {access_token}", httponly=True
|
|
)
|
|
return {"access_token": access_token, "token_type": "bearer"}
|