o Ah)@sddlmZmZmZmZmZddlmZmZddl m Z ddl m Z ddl m Z mZddlmZddlZddlZddlmZdd lmZdd lmZddlZddlZdd lmZd d lmZm Z m!Z!eeZ"edgddZ#ej$%dZ&dZ'dZ(dZ)eddZ*e+e,Z-GdddeZ.GdddeZ/GdddeZ0d:de1defdd Z2d!e3d"e j4d#e1fd$d%Z5ee j6fd&ed"e j4fd'd(Z7d&efd)d*Z8ee*fd!e3fd+d,Z9ee9fd-e:d.e1fd/d0Z;d ee9fd1e:d.e1fd2d3ZGd8d9d9eZ?dS);)Depends HTTPExceptionstatusRequest APIRouter) BaseModelEmailStr)database) get_database)datetime timedelta) CryptContextN)OAuth2PasswordBearer)BaseHTTPMiddleware)Response) load_dotenv)PROTECTED_ROUTESUNPROTECTED_ROUTESOPEN_CORS_ROUTESbcryptauto)schemes deprecatedJWT_SECRET_KEYHS256usersz /auth/login)tokenUrlc@seZdZUeed<eed<dS) UserLoginemailpasswordN)__name__ __module__ __qualname__r__annotations__strr'r'4/var/www/html/moveengine/app/v1/dependencies/auth.pyr  rc@seZdZUeed<eed<dS)Token access_token token_typeNr"r#r$r&r%r'r'r'r(r*"r)r*c@seZdZUeed<dS) TokenDatar Nr-r'r'r'r(r.&s r.data expires_deltacCsN|}|r t|}n tttd}|d|itj|tt d}|S)N)hoursexp) algorithm) copyr utcnowr TOKEN_EXPIRE_HOURSupdatepyjwtencode SECRET_KEY ALGORITHM)r/r0 to_encodeexpire encoded_jwtr'r'r(create_access_token*sr?tokendbreturncCsztj|ttgddid}|d}|durttjddWntjy-ttjddw|t  d|i}t |d |d <|durJttj d d|S) N verify_expT) algorithmsoptionssubCould not validate credentials status_codedetailz3Could not validate credentials or token has expiredr _ididzUser not found) r8decoder:r;getrrHTTP_401_UNAUTHORIZEDInvalidSignatureErrorCOLLECTION_NAMEfind_oner&HTTP_404_NOT_FOUND)r@rApayloadr userr'r'r( verify_token5s rVrequestcCst|jj|}||j_|jjSN)rVstater@ current_user)rWrArUr'r'r(get_current_userdetailsFsr[cCs|jjSrX)rYrZ)rWr'r'r(get_current_userdetails_oldKsr\cCsNttjdddid}ztj|ttgd}|d}|dur|W|S|)NrGzWWW-AuthenticateBearer)rIrJheaders)rDrF)rrrOr8rMr:r;rN)r@credentials_exceptionrTr r'r'r(get_current_userNs r` account_idrZcCs|d|kr ttjdd|S)NrazNo access to this account datarH)rrrO)rarZr'r'r(get_current_user_within_account_s rb required_rolecCs$|dd}||krtddd|S)Nroler$Access forbidden. Insufficient role.rHrNr)rcrZ user_roler'r'r(has_permissiongs  ricCs(d}|dd}||krtddd|S)NrrdrrerfrHrg)rZrcrhr'r'r(has_superadmin_permissionos   rjc@s4eZdZdefddZedededefddZd S) AuthMiddlewarerWcs@tdjjjdr|IdHStfddtDrMjdkr6j dddd d }t |d S|IdH}j d|jd <d|jd <|Stfddt Dr`|IdHStfddt Drj d}|st dttjdd|dr|dd}nttjdd|j_|IdH}|S)NzAUTH TEST ::: z /v1/subscriptions/stripe-webhookc3 |] }jj|VqdSrXpath_matches_routeurlpath.0routerWselfr'r( z*AuthMiddleware.dispatch..OPTIONSOrigintruezPOST, GET, DELETE, PUT, OPTIONSzAuthorization, Content-Type)Access-Control-Allow-Origin Access-Control-Allow-CredentialszAccess-Control-Allow-MethodszAccess-Control-Allow-Headers)r^r{r|c3rlrXrmrqrtr'r(rvrwc3rlrXrmrqrtr'r(rvrw AuthorizationToken not present in requestz Token is not thererHBearer Access is denied)printcookiesrorp startswithanyrmethodr^rNrrrloggererrorrrrOrYr@)rurW call_nextr^responser@r'rtr(dispatchs:        zAuthMiddleware.dispatchrp route_patternrBcCs |ddd}tt||S)N*z.*$)replaceboolrematch)rprpatternr'r'r(rnsz!AuthMiddleware.path_matches_routeN) r"r#r$rr staticmethodr&rrnr'r'r'r(rks.rkc@seZdZdefddZdS)AuthMiddleware_newrWcstfddtDr|IdH}|StfddtDrgjd}|s6tdttj dd|rD| drD|d d}nttj d dz t |t }|j_Wntyfttj d dw|IdH}|S) Nc3rlrXrmrqrtr'r(rvrwz2AuthMiddleware_new.dispatch_new..c3rlrXrmrqrtr'r(rvrwr}r~zToken is not thererHrrr)rrrr^rNrrrrrOrrVr get_mongo_dbrYrZ)rurWrrr@rUr'rtr( dispatch_news(    zAuthMiddleware_new.dispatch_newN)r"r#r$rrr'r'r'r(rsrrX)@fastapirrrrrpydanticrrapp.dbr app.db.database_staticr r r passlib.contextr rjwtr8fastapi.securityrstarlette.middleware.baserstarlette.responsesrloggingosdotenvrroutesrrrrouter pwd_contextenvironrNr:r;r6rQ oauth2_scheme getLoggerr"rrr*r.dictr?r&MongoDBrVrr[r\r`intrbrirjrkrr'r'r'r(sJ           >5