Merge branch 'python_fastapi_crud_api'

wpcodevo · wpcodevo · commit 5de2b4c802ce · 2022-07-14T13:06:32.000Z
diff --git a/alembic/versions/39256113e8e5_added_verification_code.py b/alembic/versions/39256113e8e5_added_verification_code.py
@@ -0,0 +1,43 @@
+"""added verification code
+
+Revision ID: 39256113e8e5
+Revises: 1c7984990e1d
+Create Date: 2022-07-14 08:03:57.507140
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '39256113e8e5'
+down_revision = '1c7984990e1d'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('posts')
+    op.add_column('users', sa.Column('verification_code', sa.String(), nullable=True))
+    op.create_unique_constraint(None, 'users', ['verification_code'])
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint(None, 'users', type_='unique')
+    op.drop_column('users', 'verification_code')
+    op.create_table('posts',
+    sa.Column('id', postgresql.UUID(), server_default=sa.text('uuid_generate_v4()'), autoincrement=False, nullable=False),
+    sa.Column('user_id', postgresql.UUID(), autoincrement=False, nullable=False),
+    sa.Column('title', sa.VARCHAR(), autoincrement=False, nullable=False),
+    sa.Column('content', sa.VARCHAR(), autoincrement=False, nullable=False),
+    sa.Column('category', sa.VARCHAR(), autoincrement=False, nullable=False),
+    sa.Column('image', sa.VARCHAR(), autoincrement=False, nullable=False),
+    sa.Column('created_at', postgresql.TIMESTAMP(timezone=True), server_default=sa.text('now()'), autoincrement=False, nullable=False),
+    sa.Column('updated_at', postgresql.TIMESTAMP(timezone=True), server_default=sa.text('now()'), autoincrement=False, nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], name='posts_user_id_fkey', ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id', name='posts_pkey')
+    )
+    # ### end Alembic commands ###
diff --git a/alembic/versions/4917da928a79_added_post_table.py b/alembic/versions/4917da928a79_added_post_table.py
@@ -0,0 +1,39 @@
+"""added post table
+
+Revision ID: 4917da928a79
+Revises: 39256113e8e5
+Create Date: 2022-07-14 09:05:17.444518
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '4917da928a79'
+down_revision = '39256113e8e5'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('posts',
+    sa.Column('id', postgresql.UUID(as_uuid=True), nullable=False),
+    sa.Column('user_id', postgresql.UUID(as_uuid=True), nullable=False),
+    sa.Column('title', sa.String(), nullable=False),
+    sa.Column('content', sa.String(), nullable=False),
+    sa.Column('category', sa.String(), nullable=False),
+    sa.Column('image', sa.String(), nullable=False),
+    sa.Column('created_at', sa.TIMESTAMP(timezone=True), server_default=sa.text('now()'), nullable=False),
+    sa.Column('updated_at', sa.TIMESTAMP(timezone=True), server_default=sa.text('now()'), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('posts')
+    # ### end Alembic commands ###
diff --git a/app/models.py b/app/models.py
@@ -14,6 +14,7 @@ class User(Base):
     password = Column(String, nullable=False)
     photo = Column(String, nullable=True)
     verified = Column(Boolean, nullable=False, server_default='False')
+    verification_code = Column(String, nullable=True, unique=True)
     role = Column(String, server_default='user', nullable=False)
     created_at = Column(TIMESTAMP(timezone=True),
                         nullable=False, server_default=text("now()"))
diff --git a/app/oauth2.py b/app/oauth2.py
@@ -1,10 +1,8 @@
 import base64
-from datetime import datetime, timedelta
 from typing import List
 from fastapi import Depends, HTTPException, status
 from fastapi_jwt_auth import AuthJWT
 from pydantic import BaseModel
-from jose import jwt, JWTError
 
 from . import models
 from .database import get_db
@@ -65,28 +63,3 @@ def require_user(db: Session = Depends(get_db), Authorize: AuthJWT = Depends()):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail='Token is invalid or has expired')
     return user_id
-
-
-def create_verification_token(user_id: str):
-    expires = datetime.utcnow() + timedelta(minutes=30)
-    payload = {'user_id': user_id, 'exp': expires}
-    return jwt.encode(payload, settings.VERIFICATION_SECRET, algorithm='HS256')
-
-
-def verify_email_token(token: str):
-    try:
-        decoded = jwt.decode(
-            token, settings.VERIFICATION_SECRET, algorithms=['HS256'])
-        user_id = decoded.get('user_id')
-        if not user_id:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST, detail='Could not verify user')
-    except JWTError as e:
-        error = e.__class__.__name__
-        print(error)
-        if error == 'ExpiredSignatureError':
-            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
-                                detail='Token is invalid or has expired')
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail='Could not verify user')
-    return user_id
diff --git a/app/routers/auth.py b/app/routers/auth.py
@@ -1,4 +1,6 @@
 from datetime import timedelta
+import hashlib
+from random import randbytes
 from fastapi import APIRouter, Request, Response, status, Depends, HTTPException
 from pydantic import EmailStr
 
@@ -19,8 +21,9 @@
 @router.post('/register', status_code=status.HTTP_201_CREATED)
 async def create_user(payload: schemas.CreateUserSchema, request: Request, db: Session = Depends(get_db)):
     # Check if user already exist
-    user = db.query(models.User).filter(
-        models.User.email == EmailStr(payload.email.lower())).first()
+    user_query = db.query(models.User).filter(
+        models.User.email == EmailStr(payload.email.lower()))
+    user = user_query.first()
     if user:
         raise HTTPException(status_code=status.HTTP_409_CONFLICT,
                             detail='Account already exist')
@@ -40,11 +43,21 @@ async def create_user(payload: schemas.CreateUserSchema, request: Request, db: S
     db.refresh(new_user)
 
     try:
-        token = oauth2.create_verification_token(str(new_user.id))
-        url = f"{request.url.scheme}://{request.client.host}:{request.url.port}/api/auth/verifyemail/{token}"
+        # Send Verification Email
+        token = randbytes(10)
+        hashedCode = hashlib.sha256()
+        hashedCode.update(token)
+        verification_code = hashedCode.hexdigest()
+        user_query.update(
+            {'verification_code': verification_code}, synchronize_session=False)
+        db.commit()
+        url = f"{request.url.scheme}://{request.client.host}:{request.url.port}/api/auth/verifyemail/{token.hex()}"
         await Email(new_user, url, [payload.email]).sendVerificationCode()
     except Exception as error:
         print('Error', error)
+        user_query.update(
+            {'verification_code': None}, synchronize_session=False)
+        db.commit()
         raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
                             detail='There was an error sending email')
     return {'status': 'success', 'message': 'Verification token successfully sent to your email'}
@@ -129,13 +142,18 @@ def logout(response: Response, Authorize: AuthJWT = Depends(), user_id: str = De
 
 @router.get('/verifyemail/{token}')
 def verify_me(token: str, db: Session = Depends(get_db)):
-    id = oauth2.verify_email_token(token)
-    user_query = db.query(models.User).filter(models.User.id == id)
+    hashedCode = hashlib.sha256()
+    hashedCode.update(bytes.fromhex(token))
+    verification_code = hashedCode.hexdigest()
+    user_query = db.query(models.User).filter(
+        models.User.verification_code == verification_code)
+    db.commit()
     user = user_query.first()
     if not user:
         raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail='User no longer exist')
-    user_query.update({'verified': True}, synchronize_session=False)
+            status_code=status.HTTP_403_FORBIDDEN, detail='Email can only be verified once')
+    user_query.update(
+        {'verified': True, 'verification_code': None}, synchronize_session=False)
     db.commit()
     return {
         "status": "success",
diff --git a/app/schemas.py b/app/schemas.py
@@ -32,7 +32,7 @@ class UserResponse(UserBaseSchema):
 
 
 class FilteredUserResponse(UserBaseSchema):
-    pass
+    id: uuid.UUID
 
 
 class PostBaseSchema(BaseModel):
@@ -49,23 +49,25 @@ class Config:
 class CreatePostSchema(PostBaseSchema):
     pass
 
+
+class PostResponse(PostBaseSchema):
+    id: uuid.UUID
+    user: FilteredUserResponse
+    created_at: datetime
+    updated_at: datetime
+
+
 class UpdatePostSchema(BaseModel):
     title: str | None = None
     content: str | None = None
     category: str | None = None
     image: str | None = None
+    user_id: uuid.UUID | None = None
 
     class Config:
         orm_mode = True
 
 
-class PostResponse(PostBaseSchema):
-    id: uuid.UUID
-    user: FilteredUserResponse
-    created_at: datetime
-    updated_at: datetime
-
-
 class ListPostResponse(BaseModel):
     status: str
     results: int
