From 6c47a18675dffa9ba4d2b3d1fad86512eb8ebb35 Mon Sep 17 00:00:00 2001
From: Marcin-Ramotowski <marcin00.mr@gmail.com>
Date: Mon, 15 Jul 2024 14:07:50 +0000
Subject: [PATCH] Added jwt authorization to api

---
 src/app.py        |  5 +++--
 src/user_views.py | 34 ++++++++++++++++++++++++++++------
 2 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/src/app.py b/src/app.py
index c928785..782937a 100644
--- a/src/app.py
+++ b/src/app.py
@@ -1,18 +1,19 @@
 from flask import Flask
+from flask_jwt_extended import JWTManager
 from models import db
 from user_views import user_bp
 from task_views import task_bp
-from dotenv import load_dotenv
-import os
 
 if __name__ == "__main__":
     load_dotenv()
     app = Flask(__name__)
     app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URI')
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
+    app.config['JWT_SECRET_KEY'] = 'changeme'
     app.register_blueprint(user_bp)
     app.register_blueprint(task_bp)
     db.init_app(app)
+    jwt = JWTManager(app)
     with app.app_context():
         db.create_all()
     app.run(debug=True, host='0.0.0.0')
diff --git a/src/user_views.py b/src/user_views.py
index 349b35c..8a67687 100644
--- a/src/user_views.py
+++ b/src/user_views.py
@@ -1,21 +1,22 @@
-from flask import Blueprint, jsonify, request, abort
+from flask import Blueprint, jsonify, request, abort, make_response
+from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required
 from models import User, db
+from werkzeug.security import check_password_hash, generate_password_hash
 
 user_bp = Blueprint('user_bp', __name__)
 
-
 @user_bp.route('/users', methods=['GET'])
+@jwt_required()
 def get_all_users():
     users = User.query.all()
     return jsonify([user.to_dict() for user in users])
 
-
 @user_bp.route('/users/<int:user_id>', methods=['GET'])
+@jwt_required()
 def get_user(user_id):
     user = User.query.get_or_404(user_id)
     return jsonify(user.to_dict())
 
-
 @user_bp.route('/users', methods=['POST'])
 def create_user():
     data = request.get_json()
@@ -24,8 +25,8 @@ def create_user():
     db.session.commit()
     return jsonify(user.to_dict()), 201
 
-
 @user_bp.route('/users/<int:user_id>', methods=['PUT'])
+@jwt_required()
 def edit_user(user_id):
     request_data = request.get_json()
     user_to_update = User.query.get_or_404(user_id)
@@ -39,10 +40,31 @@ def edit_user(user_id):
     else:
         return abort(400, {'error': 'Niepełne dane użytkownika.'})
 
-
 @user_bp.route('/users/<int:user_id>', methods=['DELETE'])
+@jwt_required()
 def remove_user(user_id):
     user_to_delete = User.query.get_or_404(user_id)
     db.session.delete(user_to_delete)
     db.session.commit()
     return jsonify({})
+
+@user_bp.route('/login', methods=['POST'])
+def user_login():
+    request_data = request.get_json()
+    username = request_data['username']
+    password = request_data['password']
+    password_hash = generate_password_hash(password)
+
+    user_from_db=User.query.filter(User.username == username).first()
+    if user_from_db is not None:
+        password_from_db = user_from_db.password
+    else:
+        return jsonify({"msg": f"User {username} failed login"})
+    
+    if password_from_db and check_password_hash(password_hash, password_from_db):
+        access_token = create_access_token(identity=username)
+        response = jsonify({"msg": f"User {username} logged in successfully."})
+        set_access_cookies(response, access_token)
+        return response
+    else:
+        return jsonify({"msg": f"User {username} failed login"})
\ No newline at end of file