(backend) fix auth

Pierre-Alexandre35 · Oct 13, 2024 · b1c7d55 · b1c7d55
1 parent 8187d36
commit b1c7d55
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 37 deletions.
diff --git a/travian/backend/src/api/v1/auth.py b/travian/backend/src/api/v1/auth.py
@@ -4,22 +4,16 @@
 from src.core.auth import sign_up_new_user, authenticate_user
 from src.core.security import create_access_token
 from src.db.utils import get_db
-from pydantic import BaseModel
 
 auth_router = auth = APIRouter()
 
-class AuthRequest(BaseModel):
-    username: str
-    password: str
-
 
 @auth.post("/register")
 async def register(
-    request: AuthRequest,
-    session=Depends(get_db)
+    session=Depends(get_db), form_data: OAuth2PasswordRequestForm = Depends()
 ):
     new_user = sign_up_new_user(
-        session, email=request.username, password=request.password
+        session, email=form_data.username, password=form_data.password
     )
     if not new_user:
         raise HTTPException(
@@ -28,19 +22,23 @@ async def register(
             headers={"WWW-Authenticate": "Bearer"},
         )
     access_token = create_access_token(
-        data={"id": new_user.id, "email": new_user.email},
+        data={"id": new_user.id, "mail": new_user.email},
         expires_delta=timedelta(minutes=30),
     )
     return {"access_token": access_token, "token_type": "bearer"}
 
+@auth.get("/me")
+async def me():
+    return "hello myself"
+
 @auth.post("/token")
 async def login(
     response: Response,
-    request: AuthRequest,
-    session=Depends(get_db)
+    session=Depends(get_db),
+    form_data: OAuth2PasswordRequestForm = Depends(),
 ):
     user = authenticate_user(
-        session, email=request.username, password=request.password
+        session, email=form_data.username, password=form_data.password
     )
     if not user:
         raise HTTPException(
@@ -50,9 +48,11 @@ async def login(
         )
     access_token = create_access_token(
         data={"id": user.id, "email": user.email},
-        expires_delta=timedelta(minutes=30),
+        expires_delta=timedelta(
+            minutes=30,
+        ),
     )
     response.set_cookie(
         key="access_token", value=f"Bearer {access_token}", httponly=True
     )  # set HttpOnly cookie in response
-    return {"access_token": access_token, "token_type": "bearer"}
+    return {"access_token": access_token, "token_type": "bearer"}
diff --git a/travian/backend/src/core/auth.py b/travian/backend/src/core/auth.py
@@ -1,7 +1,7 @@
 from jose import JWTError, jwt
-from fastapi import Depends, HTTPException, status, Request
+from fastapi import Depends
 from src.db.services.user import create_user, get_user_by_email, user_exits
-from src.db.schemas.user import UserCreate, TokenData
+from src.db.schemas.user import UserCreate, UserJWTToken
 from src.core.security import password_verify, oauth2_scheme
 from src.core.config import SECRET_KEY, AUTH_TOKEN_ALGO
 from src.db.conn import Database
@@ -26,31 +26,18 @@ def authenticate_user(session: Database, email: str, password: str) -> UserCreat
 
 
 async def get_current_user(
-    request: Request, session=Depends(get_db)
-) -> UserCreate:
-    token = request.cookies.get("access_token")
-    if not token:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Not authenticated",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    credentials_exception = HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED,
-        detail="Could not validate credentials",
-        headers={"WWW-Authenticate": "Bearer"},
-    )
+    session=Depends(get_db), token: str = Depends(oauth2_scheme)
+) -> None:
     try:
-        token = token.split(" ")[1]  # Remove "Bearer " prefix
         payload = jwt.decode(token, SECRET_KEY, algorithms=[AUTH_TOKEN_ALGO])
         email: str = payload.get("email")
         id: int = payload.get("id")
-        if email is None or id is None:
-            raise credentials_exception
-        token_data = TokenData(id=id, email=email)
-    except JWTError:
-        raise credentials_exception
+        if email is None:
+            print("credentials_exception")
+        token_data = UserJWTToken(id=id, email=email)
+    except jwt.PyJWTError:
+        print("credentials_exception")
     user = get_user_by_email(session, token_data.email)
     if user is None:
-        raise credentials_exception
+        print("credentials_exception")
     return user