User routes + some updates

4 files changed, 146 insertions, 15 deletions

diff --git a/app/routes/links_route.py b/app/routes/links_routes.py
index 054508a..848c677 100644
--- a/app/routes/links_route.py
+++ b/app/routes/links_routes.py
@@ -60,11 +60,7 @@ async def create_link(
         except:
             continue
 
-    return {
-        "response": "Link successfully created",
-        "expire_date": new_link.expire_date,
-        "link": new_link.link,
-    }
+    return new_link
 
 
 @router.delete("/{link}", summary="Delete a link")
@@ -94,7 +90,7 @@ async def delete_link(
     db.delete(link)
     db.commit()
 
-    return {"response": "Link successfully deleted", "link": link.link}
+    return status.HTTP_204_NO_CONTENT
 
 
 @router.get(
@@ -152,4 +148,4 @@ async def delete_link_records(
         db.delete(record)
     db.commit()
 
-    return {"response": "Records successfully deleted", "link": link.link}
+    return status.HTTP_204_NO_CONTENT
diff --git a/app/routes/refresh_route.py b/app/routes/refresh_route.py
index 6bc8797..a8b7a5c 100644
--- a/app/routes/refresh_route.py
+++ b/app/routes/refresh_route.py
@@ -1,5 +1,4 @@
 from fastapi import Depends, APIRouter
-from fastapi.responses import RedirectResponse
 from datetime import timedelta
 from typing import Annotated
 
diff --git a/app/routes/token_route.py b/app/routes/token_route.py
index 8000616..124e0cc 100644
--- a/app/routes/token_route.py
+++ b/app/routes/token_route.py
@@ -44,11 +44,17 @@ async def login_for_access_token(
         data={"sub": user.username, "refresh": True},
         expires_delta=refresh_token_expires,
     )
-    response = JSONResponse(content={"success": True})
-    response.set_cookie(
-        key="access_token", value=access_token, httponly=True, samesite="lax"
-    )
-    response.set_cookie(
-        key="refresh_token", value=refresh_token, httponly=True, samesite="lax"
+    # response = JSONResponse(content={"success": True})
+    # response.set_cookie(
+    #     key="access_token", value=access_token, httponly=True, samesite="lax"
+    # )
+    # response.set_cookie(
+    #     key="refresh_token", value=refresh_token, httponly=True, samesite="lax"
+    # )
+
+    # For Swagger UI to work, must return the token
+    return Token(
+        access_token=access_token,
+        refresh_token=refresh_token,
+        token_type="bearer",
     )
-    return response
diff --git a/app/routes/user_routes.py b/app/routes/user_routes.py
new file mode 100644
index 0000000..30f9cdf
--- /dev/null
+++ b/app/routes/user_routes.py
@@ -0,0 +1,130 @@
+from fastapi import APIRouter, status, Path, Depends
+from fastapi.exception_handlers import HTTPException
+from typing import Annotated
+import string
+import bcrypt
+import random
+import datetime
+import validators
+
+from app.util.db_dependency import get_db
+from app.schemas.auth_schemas import User
+from app.schemas.user_schemas import *
+from models import User as UserModel
+from app.util.authentication import get_current_user_from_token
+
+
+router = APIRouter(prefix="/user", tags=["user"])
+
+# In order to help protect some anonymity/privacy, user routes
+# do not use path parameters, as then people could potentially
+# see if a specific username exists or not. Instead, the user
+# routes will use query parameters to specify the user to act
+
+
+@router.post("/register", summary="Register a new user")
+async def get_links(
+    login_data: LoginDataSchema,
+    db=Depends(get_db),
+):
+    """
+    Given the login data (username, password) process the registration of a new
+    user account and return either the user or an error message
+    """
+    username = login_data.username
+    password = login_data.password
+    # Make sure the password meets all of the requirements
+    if len(password) < 8:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must be at least 8 characters",
+        )
+    if not any(char.isdigit() for char in password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must contain at least one digit",
+        )
+    if not any(char.isupper() for char in password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must contain at least one uppercase letter",
+        )
+    # Make sure the username isn't taken
+    user = db.query(UserModel).filter(UserModel.username == username).first()
+    if user:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail="Username not available",
+        )
+    # Otherwise, hash the password, create the api key, and add the new user
+    hashed_password = bcrypt.hashpw(
+        password.encode("utf-8"), bcrypt.gensalt()
+    ).decode("utf-8")
+    api_key = "".join(
+        random.choices(string.ascii_letters + string.digits, k=20)
+    )
+    new_user = UserModel(
+        username=username, hashed_password=hashed_password, api_key=api_key
+    )
+    db.add(new_user)
+    db.commit()
+
+    return status.HTTP_201_CREATED
+
+
+@router.get("/delete", summary="Delete a user - provided it's your own")
+async def delete_user(
+    current_user: Annotated[User, Depends(get_current_user_from_token)],
+    db=Depends(get_db),
+):
+    """
+    Delete the user account associated with the current user
+    """
+    user = db.query(UserModel).filter(UserModel.id == current_user.id).first()
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found",
+        )
+    db.delete(user)
+    db.commit()
+    return status.HTTP_204_NO_CONTENT
+
+
+@router.put("/updatepass", summary="Update your account's password")
+async def update_pass(
+    current_user: Annotated[User, Depends(get_current_user_from_token)],
+    update_data: UpdatePasswordSchema,
+    db=Depends(get_db),
+):
+    """
+    Update the pass of the current user account
+    """
+    # Make sure the password meets all of the requirements
+    if len(update_data.new_password) < 8:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must be at least 8 characters",
+        )
+    if not any(char.isdigit() for char in update_data.new_password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must contain at least one digit",
+        )
+    if not any(char.isupper() for char in update_data.new_password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must contain at least one uppercase letter",
+        )
+    # Get the user and update the password
+    user = db.query(UserModel).filter(UserModel.id == current_user.id).first()
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found",
+        )
+    user.hashed_password = bcrypt.hashpw(
+        update_data.new_password.encode("utf-8"), bcrypt.gensalt()
+    ).decode("utf-8")
+    db.commit()
+    return status.HTTP_204_NO_CONTENT