-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
112 lines (89 loc) · 3.56 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
"""
This module will house the entirety of this sample project.
=== E.Cope | January 2022 ===
"""
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel, EmailStr
fake_users_db = {
"johndoe": {
"username": "johndoe",
"full_name": "John Doe",
"email": "[email protected]",
"hashed_password": "fakehashedsecret",
"disabled": False,
},
"alice": {
"username": "alice",
"full_name": "Alice Wonderson",
"email": "[email protected]",
"hashed_password": "fakehashedsecret2",
"disabled": True,
},
}
# ----------------------------------------------------------------------------
app = FastAPI()
oauth2 = OAuth2PasswordBearer(tokenUrl="token")
# ----------------------------------------------------------------------------
class User(BaseModel):
"""An example basic user model for demonstrating authentication. """
username: str
email: EmailStr | None = None
full_name: str | None = None
disabled: bool | None = None
class UserInDB(User):
"""An extension model of User, used to simulate storing the user in
a database. """
hashed_password: str
def get_user(db, username: str):
"""Retrieves the user from the fake database. """
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
def fake_hash_password(password: str):
"""Fake password hashing function. """
return "fakehashed" + password
def fake_decode_token(token: str):
"""A fake token decoder function, in reality this would be using some
implementation of JWT. """
user = get_user(fake_users_db, token)
return user
async def get_current_user(token: str = Depends(oauth2)):
"""Retrieves the current user based on the token provided. """
user = fake_decode_token(token)
if not user:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials",
headers={"WWW-Authenticate": "Bearer"})
return user
async def get_current_active_user(current_user:
User = Depends(get_current_user)):
"""Validates that the current user is active. """
if current_user.disabled:
raise HTTPException(status_code=400,
detail="Inactive user")
return current_user
# ----------------------------------------------------------------------------
@app.post("/token")
async def login(form_data: OAuth2PasswordRequestForm = Depends()):
"""Handles the login process. """
user_dict = fake_users_db.get(form_data.username)
# [CHECK] Check if the user exists in fake DB:
if not user_dict:
raise HTTPException(status_code=400,
detail="Incorrect username or password")
user = UserInDB(**user_dict)
hashed_password = fake_hash_password(form_data.password)
# [CHECK] Fake password hashes match.
if not user.hashed_password == hashed_password:
raise HTTPException(status_code=400,
detail="Incorrect username or password")
return {"access_token": user.username, "token_type": "bearer"}
# ----------------------------------------------------------------------------
@app.get("/")
async def root():
return {"message": "Hello World"}
@app.get("/users/me")
async def read_users_me(current_user:
User = Depends(get_current_active_user)):
return current_user