Blorg
/
Blorg-Backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More helper functions related to token handler, implement API endpoint to check userID belonging to a valid token

This commit is contained in:
Curt Spark 2024-04-22 17:16:16 +01:00
parent 63bc8b2b69
commit 180cfba7c1
5 changed files with 53 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
main.py
View File

@ -1,11 +1,11 @@
import sys import sys
import atexit import atexit
import signal import signal
from typing import Union from typing import Union, Annotated
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from fastapi import FastAPI, Request from fastapi import FastAPI, Request, Header
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from pydantic import BaseModel from pydantic import BaseModel
@ -110,16 +110,46 @@ def postlogin(body: loginBody, request: Request):
try: try:
if userHandler.checkUserExistence(dbConnection, body.username): if userHandler.checkUserExistence(dbConnection, body.username):
userID = userHandler.getIDByUsername(dbConnection, body.username) userID = userHandler.getIDByUsername(dbConnection, body.username)
if securityHandler.handlePassword(dbConnection, body.password, userID): if securityHandler.handlePasswordVerification(dbConnection, body.password, userID):
return {"success": True, "authToken": tokenHandler.createToken(dbConnection, userID, body.rememberMe, request.client.host), "message": "User login success!"} return {"success": True, "authToken": tokenHandler.createToken(dbConnection, userID, body.rememberMe, request.client.host), "message": "User login success!"}
else: else:
return {"success": False, "authToken": "none", "message": "User login failed! Please check your password."} return {"success": False, "authToken": None, "message": "User login failed! Please check your password."}
else: else:
return {"success": False, "authToken": "none", "message": "User login failed! User does not exist."} return {"success": False, "authToken": None, "message": "User login failed! User does not exist."}
except Exception as error: except Exception as error:
msg = "User login failed! Unexpected server error. " + repr(error) msg = "User login failed! Unexpected server error. " + repr(error)
print(msg) print(msg)
return {"success": False, "authToken": "none", "message": msg} return {"success": False, "authToken": None, "message": msg}
@app.get("/api/userIDByAuthToken")
def getuserIDByAuthToken(authToken: Annotated[str | None, Header()] = None):
try:
if tokenHandler.validateTokenExistence(dbConnection, authToken):
userID = userHandler.getIDByAuthToken(dbConnection, authToken)
return {"success": True, "userID": userID, "message": "Get userID by authToken succeeded!"}
else:
return {"success": False, "userID": None, "message": "Get userID by authToken failed! authToken provided is not valid."}
except Exception as error:
msg = "Get userID by authToken failed! Unexpected server error. " + repr(error)
print(msg)
return {"success": False, "authToken": None, "message": msg}
# GET
# /api/userByAuthToken
# - userID
# /api/publicInfo/{userID}
# - username
# - firstname
# - lastname
# - profile picture
# - location
# - public email (For contact)
# /api/privateInfo/{userID}
# - private email (For authentication/login)
# POST
# /api/changeInfo/{infotype}
@app.get("/api") @app.get("/api")
def getapi(): def getapi():

4
requirements.txt
View File

@ -1,10 +1,14 @@
annotated-types==0.6.0 annotated-types==0.6.0
anyio==4.3.0 anyio==4.3.0
argon2-cffi==23.1.0
argon2-cffi-bindings==21.2.0
cffi==1.16.0
click==8.1.7 click==8.1.7
fastapi==0.110.1 fastapi==0.110.1
h11==0.14.0 h11==0.14.0
idna==3.7 idna==3.7
psycopg2-binary==2.9.9 psycopg2-binary==2.9.9
pycparser==2.22
pydantic==2.7.0 pydantic==2.7.0
pydantic_core==2.18.1 pydantic_core==2.18.1
sniffio==1.3.1 sniffio==1.3.1

2
securityHandler.py
View File

@ -34,7 +34,7 @@ def verifyRehash(hash: str) -> bool:
except: except:
return False return False
def handlePassword(dbConnection: psycopg2.extensions.connection, password: str, userID: int) -> bool: def handlePasswordVerification(dbConnection: psycopg2.extensions.connection, password: str, userID: int) -> bool:
hash = userHandler.getHashValueByUserID(dbConnection, userID) hash = userHandler.getHashValueByUserID(dbConnection, userID)
userIDstr = str(userID) userIDstr = str(userID)
debugPrint("Now verifying password against hash for user ID " + userIDstr + "...") debugPrint("Now verifying password against hash for user ID " + userIDstr + "...")

3
tokenHandler.py
View File

@ -11,6 +11,9 @@ def debugPrint(msg: str) -> None:
if debug: if debug:
print("(TOKEN HANDLER) PRINT: " + msg) print("(TOKEN HANDLER) PRINT: " + msg)
def validateTokenExistence(dbConnection: psycopg2.extensions.connection, authToken: str) -> bool:
return dbHandler.checkFieldValueExistence(dbConnection, "authtokens", "token", authToken)
def createToken(dbConnection: psycopg2.extensions.connection, userID: int, rememberMe: bool, locationIP: str) -> str: def createToken(dbConnection: psycopg2.extensions.connection, userID: int, rememberMe: bool, locationIP: str) -> str:
debugPrint("Now initialising new token with following attributes : userID = " + str(userID) + ", rememberMe = " + str(rememberMe) + ", locationIP = " + locationIP + "...") debugPrint("Now initialising new token with following attributes : userID = " + str(userID) + ", rememberMe = " + str(rememberMe) + ", locationIP = " + locationIP + "...")
randToken = secrets.token_hex(1023) randToken = secrets.token_hex(1023)

9
userHandler.py
View File

@ -31,3 +31,12 @@ def getIDByUsername(dbConnection: psycopg2.extensions.connection, username: str)
username=sql.Literal(username) username=sql.Literal(username)
) )
return int(dbHandler._execQuery(dbConnection, sanitisedQuery)[0][0]) return int(dbHandler._execQuery(dbConnection, sanitisedQuery)[0][0])
def getIDByAuthToken(dbConnection: psycopg2.extensions.connection, authToken: str) -> int:
debugPrint("Attempting to get ID from authToken...")
sanitisedQuery = sql.SQL("""
SELECT ownerid FROM authtokens WHERE "token" = {authToken}
""").format(
authToken=sql.Literal(authToken)
)
return int(dbHandler._execQuery(dbConnection, sanitisedQuery)[0][0])