Spaces:

Gregniuki
/

Loginauth

Running

App Files Files Community

Gregniuki commited on Nov 7, 2023

Commit

7c0b4d6

•

1 Parent(s): 5ed4a12

Update main.py

Browse files

Files changed (1) hide show

main.py +24 -36

main.py CHANGED Viewed

@@ -40,44 +40,29 @@ async def login(request: Request):
     return templates.TemplateResponse("login.html", {"request": request})
-@app.post("/login", response_class=HTMLResponse)
 async def login_post(
     request: Request,
     email: str = Form(...),
     password: str = Form(...),
-    db: Session = Depends(get_db),
- #   token: str = Depends(oauth2_scheme)  # Check if the user has a valid token
 ):
- #   if token:
-        # If the user already has a valid token, redirect to protected.html
- #       return templates.TemplateResponse("protected.html", {"request": request, "user": token})
-    # Validate the email and password
     if not email or not password:
         raise HTTPException(status_code=400, detail="Invalid email or password")
-    # Check user authentication using the provided email and password
     user = authenticate_user(db, email, password)
-    if user is not None:
-        # Authentication succeeded
-        # Create an access token and handle login success
         access_token = auth_views.create_access_token(
             data={"sub": user.email},
-            expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES),
         )
-        # Set the access_token (if desired)
-        user.token = access_token
-        # Commit the changes to the database
-        db.commit()
-        # Handle the login success as needed
-        return templates.TemplateResponse("protected.html", {"request": request, "user": user.username})
     else:
-        # Authentication failed
-        # Handle login failure, e.g., display an error message
         return templates.TemplateResponse("login.html", {"request": request, "error_message": "Invalid email or password"})
 @app.get("/register", response_class=HTMLResponse)
@@ -141,19 +126,22 @@ async def verify_email(verification_token: str, db: Session = Depends(get_db)):
     # Redirect to the protected route with the token as a query parameter (or as required by your front-end/client)
     return RedirectResponse(url=f"/protected?token={access_token}")
-# User authentication (protected route)
-@app.post("/protected", response_class=HTMLResponse)  # Specify response_class as HTMLResponse
-async def protected_route(request: Request, token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
-    # Verify the access token
-    user = verify_token(token, my_secret_key, "HS256")
-    if user is None:
-        raise HTTPException(status_code=401, detail="Invalid or expired token")
-    # Check if the user exists in the database
-    db_user = get_user_by_email(db, user)  # Modify this to match your database query
     if db_user is None:
         raise HTTPException(status_code=401, detail="User not found in the database")
-    # The user exists in the database, and you can render the protected route template
-    return templates.TemplateResponse("protected.html", {"request": request, "user": user.email})

     return templates.TemplateResponse("login.html", {"request": request})
+from fastapi.responses import RedirectResponse
+@app.post("/login")
 async def login_post(
     request: Request,
     email: str = Form(...),
     password: str = Form(...),
+    db: Session = Depends(get_db)
 ):
     if not email or not password:
         raise HTTPException(status_code=400, detail="Invalid email or password")
     user = authenticate_user(db, email, password)
+    if user:
         access_token = auth_views.create_access_token(
             data={"sub": user.email},
+            expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES)
         )
+        response = RedirectResponse(url="/protected", status_code=status.HTTP_303_SEE_OTHER)
+        response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True)
+        return response
     else:
         return templates.TemplateResponse("login.html", {"request": request, "error_message": "Invalid email or password"})
 @app.get("/register", response_class=HTMLResponse)
     # Redirect to the protected route with the token as a query parameter (or as required by your front-end/client)
     return RedirectResponse(url=f"/protected?token={access_token}")
+@app.get("/protected", response_class=HTMLResponse)
+async def protected_route(request: Request, db: Session = Depends(get_db)):
+    token = request.cookies.get("access_token")
+    if not token:
+        raise HTTPException(status_code=401, detail="Not authenticated")
+    try:
+        payload = jwt.decode(token.split(" ")[1], auth_views.SECRET_KEY, algorithms=[auth_views.ALGORITHM])
+        user_email = payload.get("sub")
+        if user_email is None:
+            raise HTTPException(status_code=401, detail="Not authenticated")
+    except jwt.PyJWTError:
+        raise HTTPException(status_code=401, detail="Not authenticated")
+    db_user = get_user_by_email(db, user_email)
     if db_user is None:
         raise HTTPException(status_code=401, detail="User not found in the database")
+    return templates.TemplateResponse("protected.html", {"request": request, "user": db_user})