mirror
/
moonstream
kopia lustrzana https://github.com/bugout-dev/moonstream
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Handlers for passwords and fixed misstakes

pull/9/head
kompotkot 2021-07-21 14:53:59 +00:00
rodzic 24b9266807
commit c1e6110e4c
2 zmienionych plików z 86 dodań i 18 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
backend/moonstream/middleware.py
Wyświetl plik

@ -1,12 +1,12 @@
import logging import logging
from typing import Awaitable, Callable, Dict, List, Optional from typing import Awaitable, Callable, Dict, Optional
from bugout.data import BugoutUser from bugout.data import BugoutUser
from bugout.exceptions import BugoutResponseException from bugout.exceptions import BugoutResponseException
from starlette.middleware.base import BaseHTTPMiddleware from starlette.middleware.base import BaseHTTPMiddleware
from fastapi import Request, Response from fastapi import Request, Response
from .settings import bugout_client as bc from .settings import MOONSTREAM_APPLICATION_ID, bugout_client as bc
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -52,6 +52,10 @@ class BroodAuthMiddleware(BaseHTTPMiddleware):
status_code=403, status_code=403,
content="Only verified accounts can access journals", content="Only verified accounts can access journals",
) )
if str(user.application_id) != str(MOONSTREAM_APPLICATION_ID):
return Response(
status_code=403, content="User does not belong to this application"
)
except BugoutResponseException as e: except BugoutResponseException as e:
return Response(status_code=e.status_code, content=e.detail) return Response(status_code=e.status_code, content=e.detail)
except Exception as e: except Exception as e:

96
backend/moonstream/routes/users.py
Wyświetl plik

@ -52,7 +52,14 @@ app.add_middleware(
whitelist_paths: Dict[str, str] = {} whitelist_paths: Dict[str, str] = {}
whitelist_paths.update(DOCS_PATHS) whitelist_paths.update(DOCS_PATHS)
whitelist_paths.update({"/users": "POST", "/users/tokens": "POST"}) whitelist_paths.update(
{
"/users": "POST",
"/users/token": "POST",
"/users/password/restore": "POST",
"/users/password/reset": "POST",
}
)
app.add_middleware(BroodAuthMiddleware, whitelist=whitelist_paths) app.add_middleware(BroodAuthMiddleware, whitelist=whitelist_paths)
@ -62,47 +69,104 @@ async def create_user_handler(
) -> BugoutUser: ) -> BugoutUser:
try: try:
user: BugoutUser = bc.create_user( user: BugoutUser = bc.create_user(
username, email, password, MOONSTREAM_APPLICATION_ID username=username,
email=email,
password=password,
application_id=MOONSTREAM_APPLICATION_ID,
) )
except BugoutResponseException as e: except BugoutResponseException as e:
return HTTPException(status_code=e.status_code, detail=e.detail) raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e: except Exception as e:
return HTTPException(status_code=500) raise HTTPException(status_code=500)
return user return user
@app.get("/", tags=["users"], response_model=BugoutUser) @app.get("/", tags=["users"], response_model=BugoutUser)
async def get_user_handler(request: Request) -> BugoutUser: async def get_user_handler(request: Request) -> BugoutUser:
user: BugoutUser = request.state.user user: BugoutUser = request.state.user
if str(user.application_id) != str(MOONSTREAM_APPLICATION_ID):
raise HTTPException(
status_code=403, detail="User does not belong to this application"
)
return user return user
@app.post("/tokens", tags=["tokens"], response_model=BugoutToken) @app.post("/password/restore", tags=["users"], response_model=Dict[str, Any])
async def restore_password_handler(request: Request) -> Dict[str, Any]:
user = request.state.user
try:
response = bc.restore_password(email=user.email)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return response
@app.post("/password/reset", tags=["users"], response_model=BugoutUser)
async def reset_password_handler(
reset_id: str = Form(...), new_password: str = Form(...)
) -> BugoutUser:
try:
response = bc.reset_password(reset_id=reset_id, new_password=new_password)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return response
@app.post("/password/change", tags=["users"], response_model=BugoutUser)
async def change_password_handler(
request: Request, current_password: str = Form(...), new_password: str = Form(...)
) -> BugoutUser:
token = request.state.token
try:
user = bc.change_password(
token=token, current_password=current_password, new_password=new_password
)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return user
@app.delete("/", tags=["users"], response_model=BugoutUser)
async def delete_user_handler(
request: Request, password: str = Form(...)
) -> BugoutUser:
user = request.state.user
token = request.state.token
try:
user = bc.delete_user(token=token, user_id=user.id, password=password)
except BugoutResponseException as e:
raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e:
raise HTTPException(status_code=500)
return user
@app.post("/token", tags=["tokens"], response_model=BugoutToken)
async def login_handler( async def login_handler(
username: str = Form(...), password: str = Form(...) username: str = Form(...), password: str = Form(...)
) -> BugoutToken: ) -> BugoutToken:
try: try:
token: BugoutToken = bc.create_token( token: BugoutToken = bc.create_token(
username, password, MOONSTREAM_APPLICATION_ID username=username,
password=password,
application_id=MOONSTREAM_APPLICATION_ID,
) )
except BugoutResponseException as e: except BugoutResponseException as e:
return HTTPException(status_code=e.status_code) raise HTTPException(status_code=e.status_code)
except Exception as e: except Exception as e:
return HTTPException(status_code=500) raise HTTPException(status_code=500)
return token return token
@app.delete("/tokens", tags=["tokens"], response_model=uuid.UUID) @app.delete("/token", tags=["tokens"], response_model=uuid.UUID)
async def logout_handler(request: Request) -> uuid.UUID: async def logout_handler(request: Request) -> uuid.UUID:
token = request.state.token token = request.state.token
try: try:
token_id: uuid.UUID = bc.revoke_token(token) token_id: uuid.UUID = bc.revoke_token(token=token)
except BugoutResponseException as e: except BugoutResponseException as e:
return HTTPException(status_code=e.status_code, detail=e.detail) raise HTTPException(status_code=e.status_code, detail=e.detail)
except Exception as e: except Exception as e:
return HTTPException(status_code=500) raise HTTPException(status_code=500)
return token_id return token_id