mirror
/
moonstream
kopia lustrzana https://github.com/bugout-dev/moonstream
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Handlers for passwords and fixed misstakes

pull/9/head
kompotkot 2021-07-21 14:53:59 +00:00
rodzic 24b9266807
commit c1e6110e4c
2 zmienionych plików z 86 dodań i 18 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
backend/moonstream/middleware.py
Wyświetl plik

@ -1,12 +1,12 @@
import logging
from typing import Awaitable, Callable, Dict, List, Optional
from typing import Awaitable, Callable, Dict, Optional
from bugout.data import BugoutUser
from bugout.exceptions import BugoutResponseException
from starlette.middleware.base import BaseHTTPMiddleware
from fastapi import Request, Response
from .settings import bugout_client as bc
from .settings import MOONSTREAM_APPLICATION_ID, bugout_client as bc
logger = logging.getLogger(__name__)
@ -52,6 +52,10 @@ class BroodAuthMiddleware(BaseHTTPMiddleware):
status_code=403,
content="Only verified accounts can access journals",
)
if str(user.application_id) != str(MOONSTREAM_APPLICATION_ID):
return Response(
status_code=403, content="User does not belong to this application"
)
except BugoutResponseException as e:
return Response(status_code=e.status_code, content=e.detail)
except Exception as e:

96
backend/moonstream/routes/users.py
Wyświetl plik

@ -52,7 +52,14 @@ app.add_middleware(
whitelist_paths: Dict[str, str] = {}
whitelist_paths.update(DOCS_PATHS)
whitelist_paths.update({"/users": "POST", "/users/tokens": "POST"})
whitelist_paths.update(
{
"/users": "POST",
"/users/token": "POST",
"/users/password/restore": "POST",
"/users/password/reset": "POST",
}
)
app.add_middleware(BroodAuthMiddleware, whitelist=whitelist_paths)
@ -62,47 +69,104 @@ async def create_user_handler(
) -> BugoutUser:
try:
user: BugoutUser = bc.create_user(
username, email, password, MOONSTREAM_APPLICATION_ID
username=username,
email=email,
password=password,
application_id=MOONSTREAM_APPLICATION_ID,
)
except BugoutResponseException as e:
return HTTPException(status_code=e.status_code, detail=e.detail)
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
return HTTPException(status_code=500)
raise HTTPException(status_code=500)
return user
@app.get("/", tags=["users"], response_model=BugoutUser)
async def get_user_handler(request: Request) -> BugoutUser:
user: BugoutUser = request.state.user
if str(user.application_id) != str(MOONSTREAM_APPLICATION_ID):
raise HTTPException(
status_code=403, detail="User does not belong to this application"
)
return user
@app.post("/tokens", tags=["tokens"], response_model=BugoutToken)
@app.post("/password/restore", tags=["users"], response_model=Dict[str, Any])
async def restore_password_handler(request: Request) -> Dict[str, Any]:
user = request.state.user
try:
response = bc.restore_password(email=user.email)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return response
@app.post("/password/reset", tags=["users"], response_model=BugoutUser)
async def reset_password_handler(
reset_id: str = Form(...), new_password: str = Form(...)
) -> BugoutUser:
try:
response = bc.reset_password(reset_id=reset_id, new_password=new_password)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return response
@app.post("/password/change", tags=["users"], response_model=BugoutUser)
async def change_password_handler(
request: Request, current_password: str = Form(...), new_password: str = Form(...)
) -> BugoutUser:
token = request.state.token
try:
user = bc.change_password(
token=token, current_password=current_password, new_password=new_password
)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return user
@app.delete("/", tags=["users"], response_model=BugoutUser)
async def delete_user_handler(
request: Request, password: str = Form(...)
) -> BugoutUser:
user = request.state.user
token = request.state.token
try:
user = bc.delete_user(token=token, user_id=user.id, password=password)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return user
@app.post("/token", tags=["tokens"], response_model=BugoutToken)
async def login_handler(
username: str = Form(...), password: str = Form(...)
) -> BugoutToken:
try:
token: BugoutToken = bc.create_token(
username, password, MOONSTREAM_APPLICATION_ID
username=username,
password=password,
application_id=MOONSTREAM_APPLICATION_ID,
)
except BugoutResponseException as e:
return HTTPException(status_code=e.status_code)
raise HTTPException(status_code=e.status_code)
except Exception as e:
return HTTPException(status_code=500)
raise HTTPException(status_code=500)
return token
@app.delete("/tokens", tags=["tokens"], response_model=uuid.UUID)
@app.delete("/token", tags=["tokens"], response_model=uuid.UUID)
async def logout_handler(request: Request) -> uuid.UUID:
token = request.state.token
try:
token_id: uuid.UUID = bc.revoke_token(token)
token_id: uuid.UUID = bc.revoke_token(token=token)
except BugoutResponseException as e:
return HTTPException(status_code=e.status_code, detail=e.detail)
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
return HTTPException(status_code=500)
raise HTTPException(status_code=500)
return token_id