|
from fastapi import APIRouter, HTTPException, status |
|
from .Schema import ( |
|
RegisterUserRequest, |
|
LoginUserRequest, |
|
AccessTokenResponse, |
|
ForgotPasswordRequest, |
|
VerifyResetTokenRequest, |
|
ResetPasswordRequest, |
|
BaseResponse, |
|
) |
|
from .Model import User |
|
from jose import jwt |
|
from datetime import datetime, timedelta |
|
|
|
|
|
SECRET_KEY = "your_secret_key_here" |
|
ALGORITHM = "HS256" |
|
ACCESS_TOKEN_EXPIRE_MINUTES = 30 |
|
user_router = APIRouter(tags=["User"]) |
|
|
|
|
|
def create_access_token(data: dict, expires_delta: timedelta = None): |
|
to_encode = data.copy() |
|
expire = datetime.utcnow() + ( |
|
expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) |
|
) |
|
to_encode.update({"exp": expire}) |
|
return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) |
|
|
|
|
|
@user_router.post( |
|
"/user/register", response_model=BaseResponse, status_code=status.HTTP_201_CREATED |
|
) |
|
async def register_user(request: RegisterUserRequest): |
|
existing_user = await User.filter(phoneNumber=request.phoneNumber).first() |
|
if existing_user: |
|
raise HTTPException( |
|
status_code=status.HTTP_400_BAD_REQUEST, detail="User already exists." |
|
) |
|
request.hash_password() |
|
new_user = await User.create(**request.dict()) |
|
return BaseResponse( |
|
code=200, message="User created successfully", payload={"user_id": new_user.id} |
|
) |
|
|
|
|
|
@user_router.post( |
|
"/user/login", response_model=AccessTokenResponse, status_code=status.HTTP_200_OK |
|
) |
|
async def login_user(request: LoginUserRequest): |
|
db_user = await User.filter(phoneNumber=request.phoneNumber).first() |
|
if db_user and db_user.verify_password(request.password): |
|
access_token = create_access_token(data={"sub": db_user.phoneNumber}) |
|
return AccessTokenResponse(access_token=access_token, token_type="bearer") |
|
raise HTTPException( |
|
status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials" |
|
) |
|
|
|
|
|
@user_router.post( |
|
"/user/forgot-password", response_model=BaseResponse, status_code=status.HTTP_200_OK |
|
) |
|
async def forgot_password(request: ForgotPasswordRequest): |
|
user = await User.filter(phoneNumber=request.phoneNumber).first() |
|
if not user: |
|
raise HTTPException( |
|
status_code=status.HTTP_404_NOT_FOUND, detail="User not found." |
|
) |
|
await user.initiate_password_reset() |
|
return BaseResponse(code=200, message="Password reset token sent to your phone.") |
|
|
|
|
|
@user_router.post( |
|
"/user/verify-reset-token", |
|
response_model=BaseResponse, |
|
status_code=status.HTTP_200_OK, |
|
) |
|
async def verify_reset_token(request: VerifyResetTokenRequest): |
|
user = await User.filter( |
|
phoneNumber=request.phoneNumber, reset_token=request.reset_token |
|
).first() |
|
if not user or datetime.utcnow() > user.reset_token_expiration: |
|
raise HTTPException( |
|
status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid or expired token." |
|
) |
|
return BaseResponse(code=200, message="Token verified. Proceed to reset password.") |
|
|
|
|
|
@user_router.post( |
|
"/user/reset-password", response_model=BaseResponse, status_code=status.HTTP_200_OK |
|
) |
|
async def reset_password(request: ResetPasswordRequest): |
|
user = await User.filter(phoneNumber=request.phoneNumber).first() |
|
if not user: |
|
raise HTTPException( |
|
status_code=status.HTTP_404_NOT_FOUND, detail="User not found." |
|
) |
|
if not await user.reset_password(request.reset_token, request.new_password): |
|
raise HTTPException( |
|
status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid or expired token." |
|
) |
|
return BaseResponse(code=200, message="Password has been reset successfully.") |
|
|
