pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added jwt authorization to api

Browse Source
This commit is contained in:
Marcin-Ramotowski 2024-07-15 14:07:50 +00:00
parent eb8201d4a1
commit 6c47a18675
2 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/app.py
View File

@ -1,18 +1,19 @@
from flask import Flask from flask import Flask
from flask_jwt_extended import JWTManager
from models import db from models import db
from user_views import user_bp from user_views import user_bp
from task_views import task_bp from task_views import task_bp
from dotenv import load_dotenv
import os
if __name__ == "__main__": if __name__ == "__main__":
load_dotenv() load_dotenv()
app = Flask(__name__) app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URI') app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URI')
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
app.config['JWT_SECRET_KEY'] = 'changeme'
app.register_blueprint(user_bp) app.register_blueprint(user_bp)
app.register_blueprint(task_bp) app.register_blueprint(task_bp)
db.init_app(app) db.init_app(app)
jwt = JWTManager(app)
with app.app_context(): with app.app_context():
db.create_all() db.create_all()
app.run(debug=True, host='0.0.0.0') app.run(debug=True, host='0.0.0.0')

34
src/user_views.py
View File

@ -1,21 +1,22 @@
from flask import Blueprint, jsonify, request, abort from flask import Blueprint, jsonify, request, abort, make_response
from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required
from models import User, db from models import User, db
from werkzeug.security import check_password_hash, generate_password_hash
user_bp = Blueprint('user_bp', __name__) user_bp = Blueprint('user_bp', __name__)
@user_bp.route('/users', methods=['GET']) @user_bp.route('/users', methods=['GET'])
@jwt_required()
def get_all_users(): def get_all_users():
users = User.query.all() users = User.query.all()
return jsonify([user.to_dict() for user in users]) return jsonify([user.to_dict() for user in users])
@user_bp.route('/users/<int:user_id>', methods=['GET']) @user_bp.route('/users/<int:user_id>', methods=['GET'])
@jwt_required()
def get_user(user_id): def get_user(user_id):
user = User.query.get_or_404(user_id) user = User.query.get_or_404(user_id)
return jsonify(user.to_dict()) return jsonify(user.to_dict())
@user_bp.route('/users', methods=['POST']) @user_bp.route('/users', methods=['POST'])
def create_user(): def create_user():
data = request.get_json() data = request.get_json()
@ -24,8 +25,8 @@ def create_user():
db.session.commit() db.session.commit()
return jsonify(user.to_dict()), 201 return jsonify(user.to_dict()), 201
@user_bp.route('/users/<int:user_id>', methods=['PUT']) @user_bp.route('/users/<int:user_id>', methods=['PUT'])
@jwt_required()
def edit_user(user_id): def edit_user(user_id):
request_data = request.get_json() request_data = request.get_json()
user_to_update = User.query.get_or_404(user_id) user_to_update = User.query.get_or_404(user_id)
@ -39,10 +40,31 @@ def edit_user(user_id):
else: else:
return abort(400, {'error': 'Niepełne dane użytkownika.'}) return abort(400, {'error': 'Niepełne dane użytkownika.'})
@user_bp.route('/users/<int:user_id>', methods=['DELETE']) @user_bp.route('/users/<int:user_id>', methods=['DELETE'])
@jwt_required()
def remove_user(user_id): def remove_user(user_id):
user_to_delete = User.query.get_or_404(user_id) user_to_delete = User.query.get_or_404(user_id)
db.session.delete(user_to_delete) db.session.delete(user_to_delete)
db.session.commit() db.session.commit()
return jsonify({}) return jsonify({})
@user_bp.route('/login', methods=['POST'])
def user_login():
request_data = request.get_json()
username = request_data['username']
password = request_data['password']
password_hash = generate_password_hash(password)
user_from_db=User.query.filter(User.username == username).first()
if user_from_db is not None:
password_from_db = user_from_db.password
else:
return jsonify({"msg": f"User {username} failed login"})
if password_from_db and check_password_hash(password_hash, password_from_db):
access_token = create_access_token(identity=username)
response = jsonify({"msg": f"User {username} logged in successfully."})
set_access_cookies(response, access_token)
return response
else:
return jsonify({"msg": f"User {username} failed login"})