diff options
| author | Parker <contact@pkrm.dev> | 2024-11-05 15:02:21 -0600 |
|---|---|---|
| committer | Parker <contact@pkrm.dev> | 2024-11-05 15:02:21 -0600 |
| commit | 6f7e810916fd2de39d451886bbe18167e1784315 (patch) | |
| tree | 795523eb94a00bce41475e444bab60487b31daab /app/routes/user_routes.py | |
| parent | d74ae5e11603c33a5deafbcdc202fd13e57cfe0a (diff) | |
stuff
Diffstat (limited to 'app/routes/user_routes.py')
| -rw-r--r-- | app/routes/user_routes.py | 127 |
1 files changed, 68 insertions, 59 deletions
diff --git a/app/routes/user_routes.py b/app/routes/user_routes.py index 53c8943..1c6c61e 100644 --- a/app/routes/user_routes.py +++ b/app/routes/user_routes.py @@ -14,72 +14,23 @@ from models import User as UserModel from app.util.authentication import get_current_user_from_token -router = APIRouter(prefix="/user", tags=["user"]) +router = APIRouter(prefix="/users", tags=["users"]) -# In order to help protect some anonymity/privacy, user routes -# do not use path parameters, as then people could potentially -# see if a specific username exists or not. Instead, the user -# routes will use query parameters to specify the user to act - -@router.post("/register", summary="Register a new user") -async def get_links( - login_data: LoginDataSchema, - db=Depends(get_db), -): - """ - Given the login data (username, password) process the registration of a new - user account and return either the user or an error message - """ - username = login_data.username - password = login_data.password - # Make sure the password meets all of the requirements - # if len(password) < 8: - # raise HTTPException( - # status_code=status.HTTP_400_BAD_REQUEST, - # detail="Password must be at least 8 characters", - # ) - # if not any(char.isdigit() for char in password): - # raise HTTPException( - # status_code=status.HTTP_400_BAD_REQUEST, - # detail="Password must contain at least one digit", - # ) - # if not any(char.isupper() for char in password): - # raise HTTPException( - # status_code=status.HTTP_400_BAD_REQUEST, - # detail="Password must contain at least one uppercase letter", - # ) - # Make sure the username isn't taken - user = db.query(UserModel).filter(UserModel.username == username).first() - if user: - raise HTTPException( - status_code=status.HTTP_409_CONFLICT, - detail="Username not available", - ) - # Otherwise, hash the password, create the api key, and add the new user - hashed_password = bcrypt.hashpw( - password.encode("utf-8"), bcrypt.gensalt() - ).decode("utf-8") - api_key = "".join( - random.choices(string.ascii_letters + string.digits, k=20) - ) - new_user = UserModel( - username=username, hashed_password=hashed_password, api_key=api_key - ) - db.add(new_user) - db.commit() - - return status.HTTP_201_CREATED - - -@router.get("/delete", summary="Delete a user - provided it's your own") +@router.delete("/{user_id}", summary="Delete your account") async def delete_user( + user_id: Annotated[int, Path(title="Link to delete")], current_user: Annotated[User, Depends(get_current_user_from_token)], db=Depends(get_db), ): """ Delete the user account associated with the current user """ + if user_id != current_user.id: + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail="You can only delete your own account", + ) user = db.query(UserModel).filter(UserModel.id == current_user.id).first() if not user: raise HTTPException( @@ -91,15 +42,21 @@ async def delete_user( return status.HTTP_204_NO_CONTENT -@router.put("/updatepass", summary="Update your account's password") +@router.post("/{user_id}", summary="Update your account password") async def update_pass( - current_user: Annotated[User, Depends(get_current_user_from_token)], + user_id: Annotated[int, Path(title="Link to update")], update_data: UpdatePasswordSchema, + current_user: Annotated[User, Depends(get_current_user_from_token)], db=Depends(get_db), ): """ Update the pass of the current user account """ + if user_id != current_user.id: + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail="You can only update your own account", + ) # Make sure the password meets all of the requirements # if len(update_data.new_password) < 8: # raise HTTPException( @@ -128,3 +85,55 @@ async def update_pass( ).decode("utf-8") db.commit() return status.HTTP_204_NO_CONTENT + + +@router.post("/register", summary="Register a new user") +async def get_links( + login_data: LoginDataSchema, + db=Depends(get_db), +): + """ + Given the login data (username, password) process the registration of a new + user account and return either the user or an error message + """ + username = login_data.username + password = login_data.password + print(username) + print(password) + # Make sure the password meets all of the requirements + # if len(password) < 8: + # raise HTTPException( + # status_code=status.HTTP_400_BAD_REQUEST, + # detail="Password must be at least 8 characters", + # ) + # if not any(char.isdigit() for char in password): + # raise HTTPException( + # status_code=status.HTTP_400_BAD_REQUEST, + # detail="Password must contain at least one digit", + # ) + # if not any(char.isupper() for char in password): + # raise HTTPException( + # status_code=status.HTTP_400_BAD_REQUEST, + # detail="Password must contain at least one uppercase letter", + # ) + # Make sure the username isn't taken + user = db.query(UserModel).filter(UserModel.username == username).first() + if user: + raise HTTPException( + status_code=status.HTTP_409_CONFLICT, + detail="Username not available", + ) + # Otherwise, hash the password, create the api key, and add the new user + hashed_password = bcrypt.hashpw( + password.encode("utf-8"), bcrypt.gensalt() + ).decode("utf-8") + api_key = "".join( + random.choices(string.ascii_letters + string.digits, k=20) + ) + new_user = UserModel( + username=username, hashed_password=hashed_password, api_key=api_key + ) + db.add(new_user) + db.commit() + + return status.HTTP_201_CREATED |