Compare commits
24 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f99b927574 | |||
| 4a4be39ad3 | |||
| 96aeb56195 | |||
| 79a24d23af | |||
| 1dd2fed95f | |||
| b7ae697ea6 | |||
| 03036b2d3b | |||
| e07a74384f | |||
| 32b6fdacb6 | |||
| 2baaf3c126 | |||
| 86a3d05f7e | |||
| 9fac430654 | |||
| f56eb9db92 | |||
| 15062c029f | |||
| 6c51c7469b | |||
| 952b0211ba | |||
| ece35338da | |||
| 221bd1e244 | |||
| de60dee3eb | |||
| 4669774cc3 | |||
| a094b56d44 | |||
| 3e514acb19 | |||
| a34ba04f78 | |||
| 8f3f2d0f98 |
@@ -12,11 +12,20 @@ from ..dependencies import database, cookie
|
||||
|
||||
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
|
||||
ALGORITHM = "HS256"
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
||||
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
|
||||
oauth2_scheme = cookie.OAuth2PasswordBearerWithCookie(tokenUrl="token")
|
||||
|
||||
def create_access_token(data: dict, expires_delta: timedelta | None = None):
|
||||
to_encode = data.copy()
|
||||
expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
|
||||
to_encode.update({"exp": expire})
|
||||
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
||||
return encoded_jwt
|
||||
|
||||
|
||||
def verify_password(plain_password, hashed_password):
|
||||
return pwd_context.verify(plain_password, hashed_password)
|
||||
|
||||
|
||||
@@ -1,24 +1,34 @@
|
||||
from pydantic import BaseModel, EmailStr
|
||||
from pydantic_mongo import AbstractRepository, ObjectIdField
|
||||
from datetime import datetime, date
|
||||
from bson import ObjectId
|
||||
from typing import List, Optional
|
||||
|
||||
class Event(BaseModel):
|
||||
id: ObjectIdField = None
|
||||
name: str
|
||||
place: str
|
||||
description: str
|
||||
imgUrl: str | None = None
|
||||
imgUrl: Optional[str] = None
|
||||
status: int = 0
|
||||
latitude: float = 0.0
|
||||
longitude: float = 0.0
|
||||
organizers: list[str] = []
|
||||
tags: list[str] = []
|
||||
start_date: datetime | None = None
|
||||
end_date: datetime | None = None
|
||||
link: Optional[str] = None
|
||||
ticket: Optional[str] = None
|
||||
organizers: List[str] = []
|
||||
tags: List[str] = []
|
||||
start_date: Optional[datetime] = None
|
||||
end_date: Optional[datetime] = None
|
||||
created_at: datetime = datetime.today()
|
||||
updated_at: datetime | None = None
|
||||
deleted_at: datetime | None = None
|
||||
disabled_at: datetime | None = None
|
||||
updated_at: Optional[datetime] = None
|
||||
deleted_at: Optional[datetime] = None
|
||||
disabled_at: Optional[datetime] = None
|
||||
interested_users: List[ObjectId] = []
|
||||
|
||||
model_config = {
|
||||
"arbitrary_types_allowed": True
|
||||
}
|
||||
|
||||
|
||||
class EventOut(BaseModel):
|
||||
id: ObjectIdField = None
|
||||
@@ -26,11 +36,17 @@ class EventOut(BaseModel):
|
||||
place: str
|
||||
description: str
|
||||
imgUrl: str | None = None
|
||||
link: str | None = None
|
||||
ticket: str | None = None
|
||||
status: int = 0
|
||||
start_date: datetime | None = None
|
||||
end_date: datetime | None = None
|
||||
tags: list[str] = []
|
||||
|
||||
class EventOutWithInterested(EventOut):
|
||||
interested: bool = False
|
||||
interested_count: int = 0
|
||||
|
||||
class EventIn(BaseModel):
|
||||
name: str
|
||||
place: str
|
||||
@@ -39,6 +55,8 @@ class EventIn(BaseModel):
|
||||
status: int = 0
|
||||
organizers: list[str] = []
|
||||
tags: list[str] = []
|
||||
link: str | None = None
|
||||
ticket: str | None = None
|
||||
start_date: datetime | None = None
|
||||
end_date: datetime | None = None
|
||||
latitude: float = 0.0
|
||||
|
||||
@@ -66,6 +66,7 @@ def build_text_filter(item):
|
||||
@router.get("/events", tags=["events"], response_model=list[events.EventOut])
|
||||
async def read_events(
|
||||
authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
|
||||
user: users.User = Depends(users_token.get_current_user), # 👈 récupère l’utilisateur courant
|
||||
skip: int = 0,
|
||||
limit: int = 20,
|
||||
id_event: str | None = None,
|
||||
@@ -84,8 +85,7 @@ async def read_events(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
|
||||
)
|
||||
limit = limit + skip
|
||||
|
||||
skip = limit * skip
|
||||
# Initialize filters
|
||||
filters = []
|
||||
|
||||
@@ -127,8 +127,10 @@ async def read_events(
|
||||
# Fetch and return results
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
list_events = []
|
||||
for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
|
||||
event = events.EventOut(
|
||||
for event_index in event_repository.find_by(object_search, limit=limit, skip=skip, sort=[("start_date", 1)]):
|
||||
interested_users = getattr(event_index, "interested_users", [])
|
||||
is_interested = ObjectId(user.id) in interested_users
|
||||
event = events.EventOutWithInterested(
|
||||
id=event_index.id,
|
||||
tags=event_index.tags,
|
||||
imgUrl=event_index.imgUrl,
|
||||
@@ -138,6 +140,10 @@ async def read_events(
|
||||
status=event_index.status,
|
||||
start_date=event_index.start_date,
|
||||
end_date=event_index.end_date,
|
||||
ticket=event_index.ticket,
|
||||
link=event_index.link,
|
||||
interested=is_interested,
|
||||
interested_count=len(interested_users)
|
||||
)
|
||||
list_events.append(event)
|
||||
|
||||
@@ -147,6 +153,7 @@ async def read_events(
|
||||
@router.get("/events/search", tags=["events"], response_model=list[events.EventOut])
|
||||
async def search_events(
|
||||
authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
|
||||
user: users.User = Depends(users_token.get_current_user), # 👈 récupère l’utilisateur courant
|
||||
skip: int = 0,
|
||||
limit: int = 20,
|
||||
item: Union[str, None] = None,
|
||||
@@ -166,7 +173,7 @@ async def search_events(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
|
||||
)
|
||||
limit = limit + skip
|
||||
skip = limit * skip
|
||||
|
||||
# Initialize filters
|
||||
filters = [{"status": {"$eq": status}}]
|
||||
@@ -201,8 +208,10 @@ async def search_events(
|
||||
# Fetch and return results
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
list_events = []
|
||||
for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
|
||||
event = events.EventOut(
|
||||
for event_index in event_repository.find_by(object_search, limit=limit, skip=skip, sort=[("start_date", 1)]):
|
||||
interested_users = getattr(event_index, "interested_users", [])
|
||||
is_interested = ObjectId(user.id) in interested_users
|
||||
event = events.EventOutWithInterested(
|
||||
id=event_index.id,
|
||||
tags=event_index.tags,
|
||||
imgUrl=event_index.imgUrl,
|
||||
@@ -212,6 +221,10 @@ async def search_events(
|
||||
status=event_index.status,
|
||||
start_date=event_index.start_date,
|
||||
end_date=event_index.end_date,
|
||||
link=event_index.link,
|
||||
ticket=event_index.ticket,
|
||||
interested=is_interested,
|
||||
interested_count=len(interested_users)
|
||||
)
|
||||
list_events.append(event)
|
||||
|
||||
@@ -225,7 +238,7 @@ async def read_users_me(current_user: Annotated[users.User, Depends(users_token.
|
||||
listOrganizers = []
|
||||
|
||||
for event_index in event_repository.find_by({"organizers":{"$eq": current_user.username}}, limit=limit, skip=skip):
|
||||
event = events.EventOut(id=event_index.id, name=event_index.name, tags=event_index.tags, imgUrl=event_index.imgUrl, description=event_index.description, place=event_index.place, status=event_index.status, start_date=event_index.start_date, end_date=event_index.end_date)
|
||||
event = events.EventOut(id=event_index.id, name=event_index.name, ticket=event_index.ticket, link=event_index.link, tags=event_index.tags, imgUrl=event_index.imgUrl, description=event_index.description, place=event_index.place, status=event_index.status, start_date=event_index.start_date, end_date=event_index.end_date)
|
||||
listOrganizers.append(event)
|
||||
|
||||
content = {"organizers":listOrganizers}
|
||||
@@ -315,6 +328,8 @@ async def update_events_me(item_id: str, current_user: Annotated[users.User, Dep
|
||||
event.end_date = eventSingle.end_date
|
||||
event.latitude = eventSingle.latitude
|
||||
event.longitude = eventSingle.longitude
|
||||
event.link = eventSingle.link
|
||||
event.ticket = eventSingle.ticket
|
||||
event.updated_at = datetime.today()
|
||||
event.imgUrl = eventSingle.imgUrl
|
||||
event_repository.save(event)
|
||||
@@ -350,6 +365,8 @@ async def update_events(authorize: Annotated[bool, Depends(permissions_checker.P
|
||||
event.latitude = eventSingle.latitude
|
||||
event.longitude = eventSingle.longitude
|
||||
event.imgUrl = eventSingle.imgUrl
|
||||
event.link = eventSingle.link
|
||||
event.ticket = eventSingle.ticket
|
||||
event.tags = eventSingle.tags
|
||||
for tag_name in eventSingle.tags:
|
||||
tag = tags_repository.find_one_by({"name": {'$eq': tag_name}})
|
||||
@@ -359,7 +376,7 @@ async def update_events(authorize: Annotated[bool, Depends(permissions_checker.P
|
||||
event.status = 1
|
||||
event.created_at = datetime.today()
|
||||
event_repository.save(event)
|
||||
content = {"message": "event is created"}
|
||||
content = {"message": "event created"}
|
||||
response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)
|
||||
return response
|
||||
|
||||
@@ -386,6 +403,8 @@ async def update_events_id(item_id: str, authorize: Annotated[bool, Depends(perm
|
||||
event.start_date = eventSingle.start_date
|
||||
event.end_date = eventSingle.end_date
|
||||
event.organizers = eventSingle.organizers
|
||||
event.link = eventSingle.link
|
||||
event.ticket = eventSingle.ticket
|
||||
event.tags = eventSingle.tags
|
||||
for tag_name in eventSingle:
|
||||
tag = tags_repository.find_one_by({"name": {'$eq': tag_name}})
|
||||
@@ -433,4 +452,26 @@ async def patch_events_id(item_id : str, authorize: Annotated[bool, Depends(perm
|
||||
event_repository.save(event)
|
||||
content = {"message": "event is enabled"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
return response
|
||||
|
||||
@router.post("/events/{event_id}/interest", tags=["events"])
|
||||
async def toggle_interest(event_id: str, user: users.User = Depends(users_token.get_current_user)):
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
event = event_repository.get(ObjectId(event_id))
|
||||
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
|
||||
interested_users = getattr(event, "interested_users", [])
|
||||
user_obj_id = ObjectId(user.id)
|
||||
|
||||
if user_obj_id in interested_users:
|
||||
# Retirer l’utilisateur
|
||||
interested_users.remove(user_obj_id)
|
||||
else:
|
||||
# Ajouter l’utilisateur
|
||||
interested_users.append(user_obj_id)
|
||||
|
||||
event_repository.update({"_id": ObjectId(event_id)}, {"$set": {"interested_users": interested_users}})
|
||||
|
||||
return {"event_id": event_id, "interested": user_obj_id in interested_users, "interested_count": len(interested_users)}
|
||||
|
||||
@@ -95,12 +95,25 @@ async def reset_password(request: Request, key: str | None = None, email: str |
|
||||
|
||||
@router.post("/password/update", tags=["password"])
|
||||
async def update_password(request: Request, email: str = Form(...), key: str = Form(...), new_password: str = Form(...)): # Vérification du token dans Redis
|
||||
# Récupérer la clé hachée depuis Redis
|
||||
key_hashed = database.connect_redis.get(email)
|
||||
|
||||
if key_hashed is None or key_hashed.decode() != key:
|
||||
if key_hashed is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Key is invalid or expired"
|
||||
detail="Invalid or expired reset key"
|
||||
)
|
||||
|
||||
# Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
|
||||
if isinstance(key_hashed, bytes):
|
||||
key_hashed = key_hashed.decode()
|
||||
|
||||
|
||||
# Vérifier que la clé en clair correspond au hash stocké
|
||||
if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid reset key"
|
||||
)
|
||||
|
||||
# Recherche de l'utilisateur dans la base de données
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from typing import Annotated
|
||||
from fastapi import Depends, FastAPI, HTTPException, status, APIRouter
|
||||
from fastapi import Depends, FastAPI, HTTPException, status, APIRouter, Form
|
||||
from fastapi.responses import JSONResponse
|
||||
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
|
||||
from ..dependencies import users_token, permissions_checker
|
||||
@@ -13,15 +13,19 @@ ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
||||
|
||||
@router.post("/token", tags=["token"])
|
||||
async def login_for_access_token(
|
||||
form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
|
||||
form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
|
||||
remember_me: bool = Form(False)):
|
||||
user = users_token.authenticate_user(form_data.username, form_data.password)
|
||||
expires_access_token_time = ACCESS_TOKEN_EXPIRE_MINUTES
|
||||
if remember_me:
|
||||
expires_access_token_time=120
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Incorrect username or password",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
access_token_expires = timedelta(minutes=expires_access_token_time)
|
||||
access_token = users_token.create_access_token(
|
||||
data={"sub": user.username}, expires_delta=access_token_expires
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user