Added jwt authorization to api

2024-07-15 14:07:50 +00:00 · 2024-07-15 14:07:50 +00:00 · 6c47a18675
commit 6c47a18675
parent eb8201d4a1
2 changed files with 31 additions and 8 deletions
--- a/src/app.py
+++ b/src/app.py
@ -1,18 +1,19 @@
 from flask import Flask
+from flask_jwt_extended import JWTManager
 from models import db
 from user_views import user_bp
 from task_views import task_bp
-from dotenv import load_dotenv
-import os

 if __name__ == "__main__":
    load_dotenv()
    app = Flask(__name__)
    app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URI')
    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
+    app.config['JWT_SECRET_KEY'] = 'changeme'
    app.register_blueprint(user_bp)
    app.register_blueprint(task_bp)
    db.init_app(app)
+    jwt = JWTManager(app)
    with app.app_context():
        db.create_all()
    app.run(debug=True, host='0.0.0.0')
--- a/src/user_views.py
+++ b/src/user_views.py
@ -1,21 +1,22 @@
-from flask import Blueprint, jsonify, request, abort
+from flask import Blueprint, jsonify, request, abort, make_response
+from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required
 from models import User, db
+from werkzeug.security import check_password_hash, generate_password_hash

 user_bp = Blueprint('user_bp', __name__)

-
@user_bp.route('/users', methods=['GET'])
+@jwt_required()
 def get_all_users():
    users = User.query.all()
    return jsonify([user.to_dict() for user in users])

-
@user_bp.route('/users/<int:user_id>', methods=['GET'])
+@jwt_required()
 def get_user(user_id):
    user = User.query.get_or_404(user_id)
    return jsonify(user.to_dict())

-
@user_bp.route('/users', methods=['POST'])
 def create_user():
    data = request.get_json()
@ -24,8 +25,8 @@ def create_user():
    db.session.commit()
    return jsonify(user.to_dict()), 201

-
@user_bp.route('/users/<int:user_id>', methods=['PUT'])
+@jwt_required()
 def edit_user(user_id):
    request_data = request.get_json()
    user_to_update = User.query.get_or_404(user_id)
@ -39,10 +40,31 @@ def edit_user(user_id):
    else:
        return abort(400, {'error': 'Niepełne dane użytkownika.'})

-
@user_bp.route('/users/<int:user_id>', methods=['DELETE'])
+@jwt_required()
 def remove_user(user_id):
    user_to_delete = User.query.get_or_404(user_id)
    db.session.delete(user_to_delete)
    db.session.commit()
    return jsonify({})
+
+@user_bp.route('/login', methods=['POST'])
+def user_login():
+    request_data = request.get_json()
+    username = request_data['username']
+    password = request_data['password']
+    password_hash = generate_password_hash(password)
+
+    user_from_db=User.query.filter(User.username == username).first()
+    if user_from_db is not None:
+        password_from_db = user_from_db.password
+    else:
+        return jsonify({"msg": f"User {username} failed login"})
+    
+    if password_from_db and check_password_hash(password_hash, password_from_db):
+        access_token = create_access_token(identity=username)
+        response = jsonify({"msg": f"User {username} logged in successfully."})
+        set_access_cookies(response, access_token)
+        return response
+    else:
+        return jsonify({"msg": f"User {username} failed login"})