diff options
| author | Parker <contact@pkrm.dev> | 2024-11-04 23:01:13 -0600 |
|---|---|---|
| committer | Parker <contact@pkrm.dev> | 2024-11-04 23:01:13 -0600 |
| commit | 3f8e39cc86ca22c3e94f52d693c90553ef1dfd57 (patch) | |
| tree | 0bf2ef55e3250d059f1bdaf8546f2c1f2773ad52 /app/routes/token_route.py | |
| parent | 5a0777033f6733c33fbd6119ade812e0c749be44 (diff) | |
Major consolidation and upgrades
Diffstat (limited to 'app/routes/token_route.py')
| -rw-r--r-- | app/routes/token_route.py | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/app/routes/token_route.py b/app/routes/token_route.py new file mode 100644 index 0000000..8000616 --- /dev/null +++ b/app/routes/token_route.py @@ -0,0 +1,54 @@ +from fastapi import APIRouter, status, Depends, HTTPException +from fastapi.responses import JSONResponse, Response +from typing import Annotated +from datetime import timedelta +from typing import Annotated +from fastapi.security import OAuth2PasswordRequestForm + +from app.util.db_dependency import get_db +from app.util.authentication import ( + authenticate_user, + create_access_token, +) +from app.schemas.auth_schemas import Token + + +router = APIRouter(prefix="/token", tags=["token"]) + + +@router.post("/") +async def login_for_access_token( + form_data: Annotated[OAuth2PasswordRequestForm, Depends()], + response: Response, + db=Depends(get_db), +) -> Token: + """ + Return an access token for the user, if the given authentication details are correct + """ + user = authenticate_user(db, form_data.username, form_data.password) + if not user: + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail="Incorrect username or password", + headers={"WWW-Authenticate": "Bearer"}, + ) + access_token_expires = timedelta(minutes=15) + access_token = create_access_token( + data={"sub": user.username, "refresh": False}, + expires_delta=access_token_expires, + ) + # Create a refresh token - just an access token with a longer expiry + # and more restrictions ("refresh" is True) + refresh_token_expires = timedelta(days=1) + refresh_token = create_access_token( + data={"sub": user.username, "refresh": True}, + expires_delta=refresh_token_expires, + ) + response = JSONResponse(content={"success": True}) + response.set_cookie( + key="access_token", value=access_token, httponly=True, samesite="lax" + ) + response.set_cookie( + key="refresh_token", value=refresh_token, httponly=True, samesite="lax" + ) + return response |