matthias/liederwahl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor and set up authentication

Browse Source
This commit is contained in:
matsewe
2024-04-25 11:23:47 +02:00
parent bbd78faf09
commit 2185b217e1
10 changed files with 211 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,4 +1,5 @@
__pycache__ __pycache__
.venv .venv
.vscode
service_account.json service_account.json
db.sqlite db.sqlite

1
app/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
secrets.py

0
app/__init__.py Normal file
View File

6
app/dependencies.py Normal file
View File

@@ -0,0 +1,6 @@
import sqlalchemy
dbEngine = sqlalchemy.create_engine('sqlite:///db.sqlite')
def get_token_header():
pass

16
app/main.py Normal file
View File

@@ -0,0 +1,16 @@
from fastapi import FastAPI
from app.routers import admin, user
app = FastAPI()
app.include_router(admin.router)
app.include_router(user.router)
@app.get("/")
def root():
return {"message": "Hello World"}
# 1PMy17eraogNUz436w3aZKxyij39G1didaN02Ka_-45Q
# 71046222

0
models.py → app/models.py
View File

0
app/routers/__init__.py Normal file
View File

63
main.py → app/routers/admin.py
View File

@@ -1,16 +1,18 @@
from fastapi import FastAPI, HTTPException from fastapi import APIRouter, Depends, HTTPException, Security
from models import Genre, Song, GoogleFile from app.models import Genre, Song, GoogleFile
from app.dependencies import get_token_header, dbEngine
from app.routers.user import get_current_user, User
from typing import Annotated
import gspread import gspread
from types import MethodType from gspread.urls import DRIVE_FILES_API_V3_URL
from typing import Any
import pandas as pd import pandas as pd
import numpy as np import numpy as np
import sqlalchemy
router = APIRouter(
app = FastAPI() prefix="/admin",
dependencies=[Security(get_current_user, scopes=["admin"])],
dbEngine = sqlalchemy.create_engine('sqlite:///db.sqlite') responses={404: {"description": "Not found"}},
)
gc = gspread.service_account(filename="service_account.json") # type: ignore gc = gspread.service_account(filename="service_account.json") # type: ignore
@@ -20,26 +22,27 @@ spreadsheets: dict[str, gspread.Spreadsheet] = {} # type: ignore
selected_worksheets: dict[tuple[str, int], bool] = {} selected_worksheets: dict[tuple[str, int], bool] = {}
def fetch_files(): def fetch_files():
if not(google_files): if not (google_files):
for s in gc.http_client.request("get", gspread.http_client.DRIVE_FILES_API_V3_URL).json()["files"]: # type: ignore for s in gc.http_client.request("get", DRIVE_FILES_API_V3_URL).json()["files"]: #
google_files[s["id"]] = GoogleFile(file_id = s["id"], file_name = s["name"]) google_files[s["id"]] = GoogleFile(
file_id=s["id"], file_name=s["name"])
def load_spreadsheet(file_id): def load_spreadsheet(file_id):
if file_id not in spreadsheets: if file_id not in spreadsheets:
spreadsheets[file_id] = gc.open_by_key(file_id) spreadsheets[file_id] = gc.open_by_key(file_id)
@app.get("/")
def root():
return {"message": "Hello World"}
# Route to get google files (sheets) # Route to get google files (sheets)
@app.get("/admin/files") @router.get("/files")
def get_files() -> dict[str, GoogleFile]: async def get_files() -> dict[str, GoogleFile]:
fetch_files() fetch_files()
return google_files return google_files
@app.get("/admin/files/{file_id}")
@router.get("/files/{file_id}")
def get_worksheets(file_id: str) -> dict[int, str]: def get_worksheets(file_id: str) -> dict[int, str]:
fetch_files() fetch_files()
if file_id not in google_files: if file_id not in google_files:
@@ -47,21 +50,26 @@ def get_worksheets(file_id: str) -> dict[int, str]:
load_spreadsheet(file_id) load_spreadsheet(file_id)
return {ws.id : ws.title for ws in spreadsheets[file_id].worksheets()} # type: ignore # type: ignore
return {ws.id: ws.title for ws in spreadsheets[file_id].worksheets()}
@app.get("/admin/selected_worksheets")
@router.get("/selected_worksheets")
def list_selected_worksheet() -> dict[tuple[str, int], bool]: def list_selected_worksheet() -> dict[tuple[str, int], bool]:
return selected_worksheets return selected_worksheets
@app.post("/admin/selected_worksheets")
@router.post("/selected_worksheets")
def select_worksheet(file_id: str, worksheet_id: int, ignore_arrangement: bool = False): def select_worksheet(file_id: str, worksheet_id: int, ignore_arrangement: bool = False):
selected_worksheets[(file_id, worksheet_id)] = ignore_arrangement selected_worksheets[(file_id, worksheet_id)] = ignore_arrangement
@app.delete("/admin/selected_worksheets")
@router.delete("/selected_worksheets")
def deselect_worksheet(file_id: str, worksheet_id: int): def deselect_worksheet(file_id: str, worksheet_id: int):
del selected_worksheets[(file_id, worksheet_id)] del selected_worksheets[(file_id, worksheet_id)]
@app.post("/admin/process_worksheets")
@router.post("/process_worksheets")
def process_worksheets(): def process_worksheets():
fetch_files() fetch_files()
@@ -82,11 +90,6 @@ def process_worksheets():
song_list = pd.concat(song_list) song_list = pd.concat(song_list)
song_list.to_sql(name = 'songs', con = dbEngine, index = False, if_exists = 'append') song_list.to_sql(name='songs', con=dbEngine,
index=False, if_exists='append')
# song_list.to_csv("song-list.csv") # song_list.to_csv("song-list.csv")
# 1PMy17eraogNUz436w3aZKxyij39G1didaN02Ka_-45Q
# 71046222

146
app/routers/user.py Normal file
View File

@@ -0,0 +1,146 @@
from datetime import datetime, timedelta, timezone
from typing import Annotated
from fastapi import Depends, APIRouter, HTTPException, Security, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm, SecurityScopes
from jose import JWTError, jwt
from passlib.context import CryptContext
from pydantic import BaseModel, ValidationError
from app.secrets import SECRET_KEY, fake_users_db
# to get a string like this run:
# openssl rand -hex 32
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
class Token(BaseModel):
access_token: str
token_type: str
class TokenData(BaseModel):
username: str | None = None
scopes: list[str] = []
class User(BaseModel):
username: str
email: str | None = None
full_name: str | None = None
disabled: bool | None = None
class UserInDB(User):
hashed_password: str
scopes: list[str] = []
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
oauth2_scheme = OAuth2PasswordBearer(
tokenUrl="user/token",
scopes={
"admin": "Perform admin actions."
}
)
router = APIRouter(
prefix="/user"
)
def verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password):
return pwd_context.hash(password)
def get_user(db, username: str):
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
def authenticate_user(fake_db, username: str, password: str):
user = get_user(fake_db, username)
if not user:
return False
if not verify_password(password, user.hashed_password):
return False
return user
def create_access_token(data: dict, expires_delta: timedelta | None = None):
to_encode = data.copy()
if expires_delta:
expire = datetime.now(timezone.utc) + expires_delta
else:
expire = datetime.now(timezone.utc) + timedelta(minutes=15)
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
async def get_current_user(
security_scopes: SecurityScopes, token: Annotated[str, Depends(oauth2_scheme)]
):
if security_scopes.scopes:
authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
else:
authenticate_value = "Bearer"
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": authenticate_value},
)
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
username: str = payload.get("sub") # type: ignore
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
token_data = TokenData(scopes=token_scopes, username=username)
except (JWTError, ValidationError):
raise credentials_exception
user = get_user(fake_users_db, username=token_data.username or "")
if user is None:
raise credentials_exception
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not enough permissions",
headers={"WWW-Authenticate": authenticate_value},
)
return user
async def get_current_active_user(
current_user: Annotated[User, Security(get_current_user, scopes=["me"])],
):
if current_user.disabled:
raise HTTPException(status_code=400, detail="Inactive user")
return current_user
@router.post("/token")
async def login_for_access_token(
form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
) -> Token:
user = authenticate_user(
fake_users_db, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": user.scopes}, expires_delta=access_token_expires
)
return Token(access_token=access_token, token_type="bearer")

3
requirements.txt
View File

@@ -4,3 +4,6 @@ gspread
pandas pandas
numpy numpy
sqlalchemy sqlalchemy
python-jose[cryptography]
passlib[bcrypt]
python-multipart