#main.py from fastapi import FastAPI, Form, Depends, HTTPException, status from fastapi.requests import Request from fastapi.responses import HTMLResponse, RedirectResponse, JSONResponse from fastapi.templating import Jinja2Templates from sqlalchemy.orm import Session from auth import verify_token, oauth2_scheme, auth_views, register, UserCreate, authenticate_user, get_user_by_verification_token from database import get_db, get_user_by_email from datetime import timedelta from typing import Optional #import auth #import tts import os import asyncio my_secret_key = os.environ['my_secret_key'] app = FastAPI() #router = APIRouter() templates = Jinja2Templates(directory="templates") from google.cloud import recaptchaenterprise_v1 from google.cloud.recaptchaenterprise_v1 import Assessment def create_assessment( project_id: str, recaptcha_key: str, token: str, recaptcha_action: str ) -> Assessment: """Create an assessment to analyse the risk of a UI action. Args: project_id: Your Google Cloud project ID. recaptcha_key: The reCAPTCHA key associated with the site/app token: The generated token obtained from the client. recaptcha_action: Action name corresponding to the token. """ client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient() # Set the properties of the event to be tracked. event = recaptchaenterprise_v1.Event() event.site_key = recaptcha_key event.token = token assessment = recaptchaenterprise_v1.Assessment() assessment.event = event project_name = f"projects/{project_id}" # Build the assessment request. request = recaptchaenterprise_v1.CreateAssessmentRequest() request.assessment = assessment request.parent = project_name response = client.create_assessment(request) # Check if the token is valid. if not response.token_properties.valid: print( "The CreateAssessment call failed because the token was " + "invalid for the following reasons: " + str(response.token_properties.invalid_reason) ) return # Check if the expected action was executed. if response.token_properties.action != recaptcha_action: print( "The action attribute in your reCAPTCHA tag does" + "not match the action you are expecting to score" ) return else: # Get the risk score and the reason(s). # For more information on interpreting the assessment, see: # https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment for reason in response.risk_analysis.reasons: print(reason) print( "The reCAPTCHA score for this token is: " + str(response.risk_analysis.score) ) # Get the assessment name (ID). Use this to annotate the assessment. assessment_name = client.parse_assessment_path(response.name).get("assessment") print(f"Assessment name: {assessment_name}") return response # Dependency for verifying the user's token def get_current_user(token: str = Depends(verify_token)): if not token: raise HTTPException(status_code=401, detail="Token not valid") return token # Route for the landing page @app.get("/", response_class=HTMLResponse) async def landing(request: Request): return templates.TemplateResponse("landing.html", {"request": request}) # Your other routes and app configuration go here @app.get("/login", response_class=HTMLResponse) async def login(request: Request): return templates.TemplateResponse("login.html", {"request": request}) @app.post("/login") async def login_post( request: Request, email: str = Form(...), password: str = Form(...), db: Session = Depends(get_db) ): if not email or not password: raise HTTPException(status_code=400, detail="Invalid email or password") user = authenticate_user(db, email, password) if user and user.is_verified: # Check if user is verified access_token = auth_views.create_access_token( data={"sub": user.email}, expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES) ) # Redirect the user to the protected route with the token in the URL url = app.url_path_for("get_protected") # Ensure you have a name="get_protected" in your app.get("/protected") decorator #return RedirectResponse(url=f"/protected?token={access_token}", status_code=status.HTTP_303_SEE_OTHER) #return RedirectResponse(f"{url}?token={access_token}") response = RedirectResponse(f"{url}?token={access_token}", status_code=status.HTTP_303_SEE_OTHER) response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True) # response.set_cookie(key="access_token", value=access_token, httponly=True) return response elif user and not user.is_verified: # User is not verified raise HTTPException( status_code=400, detail="You must verify your email before accessing this resource." ) else: # If authentication fails, return to the login page with an error message return templates.TemplateResponse( "login.html", {"request": request, "error_message": "Invalid email or password"} ) @app.get("/register", response_class=HTMLResponse) async def register_get(request: Request): return templates.TemplateResponse("register.html", {"request": request}) @app.post("/register", response_class=HTMLResponse) async def register_post( request: Request, username: str = Form(...), email: str = Form(...), password: str = Form(...), confirm_password: str = Form(...), recaptcha_token: str = Form(...), # Add this line to accept the reCAPTCHA token db: Session = Depends(get_db) ): # Perform reCAPTCHA verification first project_id = 'login-auth-1699381988574' # Replace with your project ID recaptcha_key = '6LdMjQcpAAAAAGtbNZkL17ry1scsQjp1HSEhkLNl' # Replace with your site key recaptcha_action = 'submit' # The action you're expecting recaptcha_secret = '6LdMjQcpAAAAAGtbNZkL17ry1scsQjp1HSEhkLNl' # Replace with your reCAPTCHA secret key recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify' recaptcha_data = { 'secret': recaptcha_secret, 'response': recaptcha_token } recaptcha_response = requests.post(recaptcha_url, data=recaptcha_data) recaptcha_result = recaptcha_response.json() if not recaptcha_result.get('success', False): raise HTTPException(status_code=400, detail="reCAPTCHA validation failed.") # Call the create_assessment function to validate the token # assessment = await create_assessment( project_id, recaptcha_key, token, recaptcha_action ) # loop = asyncio.get_running_loop() # assessment = await loop.run_in_executor( # None, create_assessment, project_id, recaptcha_key, token, recaptcha_action # ) # Check the assessment result # if not assessment or assessment.risk_analysis.score < 0.5: # Use an appropriate risk score threshold # return templates.TemplateResponse("register.html", { # "request": request, # "error_message": "Captcha validation failed." # }) if password != confirm_password: # Return to the registration page with an error return templates.TemplateResponse("register.html", { "request": request, "error_message": "Passwords do not match." }) try: user = UserCreate(username=username, email=email, password=password, confirm_password=confirm_password) register(user, db) # If this function raises an HTTPException, it should be handled except HTTPException as e: # Return to the registration page with the error detail return templates.TemplateResponse("register.html", { "request": request, "error_message": e.detail }) # Redirect to the successful registration page response = RedirectResponse("/registration_successful", status_code=status.HTTP_302_FOUND) return response @app.get("/registration_successful", response_class=HTMLResponse) async def registration_successful(request: Request): # Render the successful registration page return templates.TemplateResponse("registration_successful.html", {"request": request}) @app.get("/verify/{verification_token}", response_class=HTMLResponse) async def verify_email(verification_token: str, db: Session = Depends(get_db)): user = get_user_by_verification_token(db, verification_token) if not user: raise HTTPException(status_code=400, detail="Invalid verification token") if user.is_verified: raise HTTPException(status_code=400, detail="Email already verified") user.is_verified = True user.email_verification_token = None # Clear the verification token db.commit() # Create access token for the user after successful verification access_token = auth_views.create_access_token(data={"sub": user.email}, expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES)) # Redirect to the protected route with the token as a query parameter (or as required by your front-end/client) return RedirectResponse(url=f"/protected?token={access_token}") #from jwt import decode, PyJWTError # make sure jwt is imported @app.get("/protected", response_class=HTMLResponse) async def get_protected( request: Request, db: Session = Depends(get_db), token: Optional[str] = None # token is Optional because it may come from the cookie ): # Try to get the token from the query parameter first, then fall back to the cookie token = token or request.cookies.get("access_token") if not token: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated") # Here verify_token is used directly in the endpoint # If the token is invalid, verify_token will raise an HTTPException and the following lines will not be executed user_email = verify_token(token) # Assuming that verify_token returns the user's email if the token is valid # Get the user from the database db_user = get_user_by_email(db, user_email) if db_user is None or not db_user.is_verified: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found or not verified in the database") # Render a template response return templates.TemplateResponse("protected.html", {"request": request, "user": db_user.username}) #@app.get("/protected", response_class=HTMLResponse) #async def get_protected(request: Request, token: Optional[str] = None, db: Session = Depends(get_db)): # Try to get the token from the query parameter first, then fall back to the cookie # token = token or request.cookies.get("access_token") # if not token: # raise HTTPException(status_code=401, detail="Not authenticated") # try: # payload = decode(token, auth_views.SECRET_KEY, algorithms=[auth_views.ALGORITHM]) # user_email = payload.get("sub") # if user_email is None: # raise HTTPException(status_code=401, detail="Not authenticated") # except PyJWTError: # raise HTTPException(status_code=401, detail="Could not validate credentials") # db_user = get_user_by_email(db, user_email) # if db_user is None or not db_user.is_verified: # raise HTTPException(status_code=401, detail="User not found or not verified in the database") # return templates.TemplateResponse("protected.html", {"request": request, "user": db_user.username}) #async def get_protected( # request: Request, # token: str = Query(None), # Accept token from query parameters # db: Session = Depends(get_db) #): # Now pass both the request and token to the protected_route function # return await protected_route(request, token, db)