Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HAN-104: auth service #13

Closed
wants to merge 3 commits into from
Closed

HAN-104: auth service #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f1968bb
implement auth service
violetaperezandrade Apr 19, 2024
e4b84a1
Merge branch 'master' into HAN-87
violetaperezandrade Apr 20, 2024
3858cef
change patch endpoint
violetaperezandrade Apr 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions app/controller/Users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from fastapi import status
from fastapi import status, Request
from fastapi.encoders import jsonable_encoder
from fastapi.responses import JSONResponse
from service.Users import UsersService
Expand Down Expand Up @@ -51,7 +51,8 @@ def handle_login(self, auth_code: str):
},
)

def handle_update_user(self, user_id: int, update_data: dict):
def handle_update_user(self, update_data: dict, request: Request):
user_id = self.users_service.retrieve_user_id(request)
self.users_service.update_user(user_id, update_data)
return {
"message": "User updated successfully",
Expand Down
14 changes: 14 additions & 0 deletions app/exceptions/UserException.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,17 @@ class InvalidURL(HTTPException):
def __init__(self, detail: str):
status_code = status.HTTP_400_BAD_REQUEST
super().__init__(status_code=status_code, detail=detail)


class ForbiddenUser(HTTPException):
def __init__(self):
status_code = status.HTTP_403_FORBIDDEN
detail = "User is not authorized"
super().__init__(status_code=status_code, detail=detail)


class UnauthorizedUser(HTTPException):
def __init__(self):
status_code = status.HTTP_401_UNAUTHORIZED
detail = "Invalid credentials"
super().__init__(status_code=status_code, detail=detail)
10 changes: 6 additions & 4 deletions app/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from fastapi import FastAPI
from fastapi import FastAPI, Request
from controller.Users import UsersController
from service.Users import UsersService
from repository.Users import UsersRepository
Expand Down Expand Up @@ -37,6 +37,8 @@ def login_with_google(request: LoginRequest):
return users_controller.handle_login(request.auth_code)


@app.patch("/users/{user_id}")
def update_user(user_id: int, update_data: UpdateUserSchema):
return users_controller.handle_update_user(user_id, update_data.dict())
@app.patch("/users/me")
async def update_user(update_data: UpdateUserSchema,
request: Request):
return users_controller.handle_update_user(update_data.dict(),
request)
21 changes: 18 additions & 3 deletions app/service/Users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
import re
import jwt

TOKEN_FIELD_NAME = "x-access-token"


class UsersService:
def __init__(self, user_repository: UsersRepository):
Expand All @@ -32,9 +34,6 @@ def create_user(self, user_data: dict):
raise e

def update_user(self, user_id: int, update_data: dict):
# TODO: aca habria que chequear a partir del token, session o algo que
# es el propio usuario editando sus datos y no permitir
# que un usuario edite los de un tercero
self.get_user(user_id)
filtered_update_data = {k: v for k, v in update_data.items()
if v is not None}
Expand Down Expand Up @@ -106,3 +105,19 @@ def _validate_location(self, location):
-180 <= location["long"] <= 180:
return True
return False

def retrieve_user_id(self, request):
token = self.__get_token(request.headers)
payload = jwt.decode(token,
os.environ["JWT_SECRET"],
algorithms=["HS256"])
return int(payload.get("user_id"))

def __get_token(self, headers: dict):
keyName = None
for key in headers.keys():
if key.lower() == TOKEN_FIELD_NAME:
keyName = key
if not keyName:
return None
return headers.get(keyName)
Loading