Merge pull request 'fix list' (#34) from feature/tags-search into master

Reviewed-on: #34

app/dependencies/cookie.py

@@ -0,0 +1,37 @@
+from fastapi.security import OAuth2
+from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
+from fastapi import Request
+from fastapi.security.utils import get_authorization_scheme_param
+from fastapi import HTTPException
+from fastapi import status
+from typing import Optional
+from typing import Dict
+
+
+class OAuth2PasswordBearerWithCookie(OAuth2):
+    def __init__(
+        self,
+        tokenUrl: str,
+        scheme_name: Optional[str] = None,
+        scopes: Optional[Dict[str, str]] = None,
+        auto_error: bool = True,
+    ):
+        if not scopes:
+            scopes = {}
+        flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
+        super().__init__(flows=flows, scheme_name=scheme_name, auto_error=auto_error)
+
+    async def __call__(self, request: Request) -> Optional[str]:
+        authorization: str = request.cookies.get("access_token")  #changed to accept access token from httpOnly Cookie
+
+        scheme, param = get_authorization_scheme_param(authorization)
+        if not authorization or scheme.lower() != "bearer":
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=status.HTTP_401_UNAUTHORIZED,
+                    detail="Not authenticated",
+                    headers={"WWW-Authenticate": "Bearer"},
+                )
+            else:
+                return None
+        return param

app/dependencies/user_add.py

@@ -4,18 +4,17 @@ from passlib.context import CryptContext
 from pydantic import EmailStr
 
 
-def add(username="", password="", roles="User", disabled=False, confirmed=True, email="test@toto.com"):
+def add(username="", password="", roles="User", status=1, email="test@toto.com"):
     user_repository = users.UserRepository(database=database.database)
 
     pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
     result = user_repository.find_one_by({'username': username})
     change = "added"
-    user = users.User(username=username, password=pwd_context.hash(password), roles=roles, disabled=disabled, confirmed=confirmed, email=email)
+    user = users.User(username=username, password=pwd_context.hash(password), roles=roles, status=status, email=email)
     if result is not None:
         result.password=pwd_context.hash(password)
         result.roles=roles
-        result.disabled=disabled
+        result.status=status
-        result.confirmed=confirmed
         result.email=email
         user = result
         change = "updated"

app/dependencies/users_token.py

@@ -8,14 +8,14 @@ from jose import JWTError, jwt
 from passlib.context import CryptContext
 
 from ..models import users, token
-from ..dependencies import database
+from ..dependencies import database, cookie
 
 SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
 ALGORITHM = "HS256"
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+oauth2_scheme = cookie.OAuth2PasswordBearerWithCookie(tokenUrl="token")
 
 def verify_password(plain_password, hashed_password):
     return pwd_context.verify(plain_password, hashed_password)
@@ -35,6 +35,9 @@ def authenticate_user(username: str, password: str):
         return False
     if not verify_password(password, user.password):
         return False
+    user.connected_at = datetime.today()
+    user_repository = users.UserRepository(database=database.database)
+    user_repository.save(user)
     return user
 
 def create_access_token(data: dict, expires_delta: timedelta | None = None):
@@ -70,6 +73,6 @@ async def get_current_user(token_str: Annotated[str, Depends(oauth2_scheme)]):
 async def get_current_active_user(
     current_user: Annotated[users.User, Depends(get_current_user)]
 ):
-    if current_user.disabled:
+    if current_user.status == 0:
         raise HTTPException(status_code=400, detail="Inactive user")
     return current_user

app/main.py

@@ -1,7 +1,7 @@
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
-from .routers import users, token, mail
+from .routers import users, token, mail, events
 from .dependencies import user_add
 
 import os
@@ -10,6 +10,10 @@ app = FastAPI()
 
 origins = [
     "http://localhost:8084",
+    "https://backend.valczeryba.ovh",
+    "https://facebook.com",
+    "https://fetlife.com",
+    "https://backoffice.valczeryba.ovh"
 ]
 
 app.add_middleware(
@@ -24,6 +28,7 @@ app.add_middleware(
 app.include_router(users.router)
 app.include_router(token.router)
 app.include_router(mail.router)
+app.include_router(events.router)
 
 
 @app.on_event("startup")

app/models/events.py

@@ -0,0 +1,53 @@
+from pydantic import BaseModel, EmailStr
+from pydantic_mongo import AbstractRepository, ObjectIdField
+from datetime import datetime, date
+
+class Event(BaseModel):
+    id: ObjectIdField = None
+    name: str
+    place: str
+    description: str
+    imgUrl: str | None = None
+    status: int = 0
+    latitude: float = 0.0
+    longitude: float = 0.0
+    organizers: list[str] = []
+    tags: list[str] = []
+    start_date: datetime | None = None
+    end_date: datetime | None = None
+    created_at: datetime = datetime.today()
+    updated_at: datetime | None = None
+    deleted_at: datetime | None = None
+    disabled_at: datetime | None = None
+
+class EventOut(BaseModel):
+    id: ObjectIdField = None
+    name: str
+    place: str
+    description: str
+    imgUrl: str | None = None
+    status: int = 0
+    start_date: datetime | None = None
+    end_date: datetime | None = None
+    tags: list[str] = []
+
+class EventIn(BaseModel):
+    name: str
+    place: str
+    description: str
+    imgUrl: str | None = None
+    status: int = 0
+    organizers: list[str] = []
+    tags: list[str] = []
+    start_date: datetime | None = None
+    end_date: datetime | None = None
+    latitude: float = 0.0
+    longitude: float = 0.0
+
+class EventIDS(BaseModel):
+    ids: list[str]
+
+
+class EventRepository(AbstractRepository[Event]):
+    class Meta:
+        collection_name = "events"

app/models/users.py

@@ -1,30 +1,40 @@
 from pydantic import BaseModel, EmailStr
 from pydantic_mongo import AbstractRepository, ObjectIdField
+from datetime import datetime, date
 
 class User(BaseModel):
     id: ObjectIdField = None
     username: str
     password: str
+    firstName: str = ""
+    name: str = ""
     roles: str = "User"
-    disabled: bool = False
+    status: int = 0
-    removed: bool = False
-    confirmed: bool = False
     email: EmailStr
+    birth: str | None = None
+    created_at: datetime = datetime.today()
+    connected_at: datetime | None = None
+    updated_at: datetime | None = None
+    deleted_at: datetime | None = None
+    disabled_at: datetime | None = None
 
 class UserOut(BaseModel):
     id: ObjectIdField = None
     username: str
     roles: str
-    disabled: bool
+    firstName: str
-    removed: bool
+    name: str
-    confirmed: bool
+    status: int = 0
     email: EmailStr
 
 
 class UserIn(BaseModel):
     username: str
+    name: str
+    firstName: str
     roles: str
     password: str
+    birth: str
     email: EmailStr
 
 
@@ -37,6 +47,9 @@ class UserCreate(BaseModel):
 class UserInDB(User):
     password: str
 
+class UserIDS(BaseModel):
+    ids: list[str]
+
 class UserRepository(AbstractRepository[User]):
     class Meta:
         collection_name = "users"

app/routers/events.py

@@ -0,0 +1,422 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Response
+from fastapi.responses import JSONResponse
+from datetime import datetime
+from ..dependencies import users_token, permissions_checker, database
+from ..models import events, users
+from pydantic import EmailStr
+from typing import Annotated, Union
+from bson import ObjectId
+from datetime import datetime
+router = APIRouter()
+
+def build_location_filter(min_lat, max_lat, min_lon, max_lon):
+    """Build location-based query filters."""
+    if min_lat is not None and max_lat is not None and min_lon is not None and max_lon is not None:
+        return [
+            {"latitude": {"$gte": min_lat}},
+            {"latitude": {"$lte": max_lat}},
+            {"longitude": {"$gte": min_lon}},
+            {"longitude": {"$lte": max_lon}},
+        ]
+    return []
+
+def build_datetime_filter(current_datetime):
+    """Build filters for current datetime."""
+    if current_datetime:
+        return {
+            "$or": [
+                {"start_date": {"$gte": current_datetime}},  # Upcoming events
+                {
+                    "$and": [
+                        {"start_date": {"$lte": current_datetime}},  # Already started
+                        {"$or": [
+                            {"end_date": {"$gte": current_datetime}},  # Ongoing
+                            {"end_date": None},  # No end date
+                        ]},
+                    ],
+                },
+            ],
+        }
+    return None
+
+def build_date_filter(start_date, end_date):
+    """Build date range filters."""
+    if start_date and end_date:
+        return [
+            {"start_date": {"$gte": datetime.combine(start_date, datetime.min.time())}},
+            {"start_date": {"$lte": datetime.combine(end_date, datetime.max.time())}},
+        ]
+    return []
+
+def build_text_filter(item):
+    """Build text-based search filters."""
+    if item:
+        return {
+            "$or": [
+                {"name": {"$regex": item, "$options": "i"}},
+                {"tags": {"$regex": item, "$options": "i"}},
+                {"organizers": {"$regex": item, "$options": "i"}},
+            ]
+        }
+    return None
+
+
+
+
+@router.get("/events", tags=["events"], response_model=list[events.EventOut])
+async def read_events(
+    authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
+    skip: int = 0,
+    limit: int = 20,
+    id_event: str | None = None,
+    name: str | None = None,
+    status: int = 1,
+    tags: str | None = None,
+    organizers: str | None = None,
+    current_datetime: datetime | None = None,
+    date_event: datetime | None = None,
+    start_date: datetime | None = None,
+    end_date: datetime | None = None,
+):
+    # Validate `skip` and `limit`
+    if limit < 1 or skip < 0 or limit < skip:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
+        )
+    limit = limit + skip
+
+    # Initialize filters
+    filters = []
+
+    # Add status filter
+    filters.append({"status": {"$eq": status}})
+
+    # Add date filters
+    if date_event:
+        start_of_day = datetime.combine(date_event, datetime.min.time())
+        end_of_day = datetime.combine(date_event, datetime.max.time())
+        filters.extend(build_date_filter(start_of_day, end_of_day))
+    elif start_date and end_date:
+        filters.extend(build_date_filter(start_date, end_date))
+
+    # Add current datetime filter
+    datetime_filter = build_datetime_filter(current_datetime)
+    if datetime_filter:
+        filters.append(datetime_filter)
+
+    # Add text-based filters
+    if name:
+        filters.append(build_text_filter(name))
+    if tags:
+        filters.append({"tags": {"$eq": tags}})
+    if organizers:
+        filters.append({"organizers": {"$eq": organizers}})
+
+    # Add ID filter
+    if id_event:
+        try:
+            event_id = ObjectId(id_event)
+            filters.append({"_id": {"$eq": event_id}})
+        except Exception:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid event ID format.")
+
+    # Combine all filters
+    object_search = {"$and": filters} if filters else {}
+
+    # Fetch and return results
+    event_repository = events.EventRepository(database=database.database)
+    list_events = []
+    for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
+        event = events.EventOut(
+            id=event_index.id,
+            tags=event_index.tags,
+            imgUrl=event_index.imgUrl,
+            name=event_index.name,
+            description=event_index.description,
+            place=event_index.place,
+            status=event_index.status,
+            start_date=event_index.start_date,
+            end_date=event_index.end_date,
+        )
+        list_events.append(event)
+
+    return list_events
+
+
+@router.get("/events/search", tags=["events"], response_model=list[events.EventOut])
+async def search_events(
+    authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
+    skip: int = 0,
+    limit: int = 20,
+    item: Union[str, None] = None,
+    status: int = 1,
+    min_lat: Union[float, None] = None,
+    max_lat: Union[float, None] = None,
+    min_lon: Union[float, None] = None,
+    max_lon: Union[float, None] = None,
+    current_datetime: Union[datetime, None] = None,
+    date_event: Union[datetime, None] = None,
+    start_date: Union[datetime, None] = None,
+    end_date: Union[datetime, None] = None,
+    tags: Union[list[str], None] = None,
+):
+    if limit < 1 or skip < 0 or limit < skip:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
+        )
+    limit = limit + skip
+
+    # Initialize filters
+    filters = [{"status": {"$eq": status}}]
+
+    # Date filters
+    if date_event:
+        start_of_day = datetime.combine(date_event, datetime.min.time())
+        end_of_day = datetime.combine(date_event, datetime.max.time())
+        filters.extend(build_date_filter(start_of_day, end_of_day))
+    else:
+        filters.extend(build_date_filter(start_date, end_date))
+
+    # Add location filter
+    filters.extend(build_location_filter(min_lat, max_lat, min_lon, max_lon))
+
+    # Add datetime filter
+    datetime_filter = build_datetime_filter(current_datetime)
+    if datetime_filter:
+        filters.append(datetime_filter)
+
+    # Add text filter
+    text_filter = build_text_filter(item)
+    if text_filter:
+        filters.append(text_filter)
+
+    if tags is not None:
+        filters.append({"tags": {"$in": tags}})
+
+    # Combine filters
+    object_search = {"$and": filters} if filters else {}
+
+    # Fetch and return results
+    event_repository = events.EventRepository(database=database.database)
+    list_events = []
+    for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
+        event = events.EventOut(
+            id=event_index.id,
+            tags=event_index.tags,
+            imgUrl=event_index.imgUrl,
+            name=event_index.name,
+            description=event_index.description,
+            place=event_index.place,
+            status=event_index.status,
+            start_date=event_index.start_date,
+            end_date=event_index.end_date,
+        )
+        list_events.append(event)
+
+    return list_events
+
+
+
+@router.get("/events/me",tags=["events"])
+async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
+    event_repository = events.EventRepository(database=database.database)
+    listOrganizers = []
+
+    for event_index in event_repository.find_by({"organizers":{"$eq": current_user.username}}, limit=limit, skip=skip):
+        event = events.EventOut(id=event_index.id, name=event_index.name, tags=event_index.tags, imgUrl=event_index.imgUrl, description=event_index.description, place=event_index.place, status=event_index.status, start_date=event_index.start_date, end_date=event_index.end_date)
+        listOrganizers.append(event)
+
+    content = {"organizers":listOrganizers}
+    response = JSONResponse(content=content)
+    return response
+
+@router.get("/events/count", tags=["events"])
+async def read_events_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
+    count = database.database.get_collection("events").estimated_document_count()
+    content = {"count":count}
+    response = JSONResponse(content=content)
+    return response
+
+
+@router.get("/events/{item_id}", tags=["events"], response_model=events.Event)
+async def read_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
+    event_repository = events.EventRepository(database=database.database)
+    event = event_repository.find_one_by_id(ObjectId(item_id))
+    return event
+
+
+@router.delete("/events/me/{item_id}", tags=["events"])
+async def delete_event_me(item_id: str, current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
+    event_repository = events.EventRepository(database=database.database)
+    event = event_repository.find_one_by_id(ObjectId(item_id))
+    if remove is True:
+        event.deleted_at = datetime.today()
+        event.status = -1
+        content = {"message": "event is deleted"}
+    else:
+        event.status = 0
+        event.deleted_at = datetime.today()
+        content = {"message": "event is disabled"}
+    event_repository.save(event)
+    response = JSONResponse(content=content)
+    return response
+
+@router.delete("/events/groups",tags=["events"])
+async def delete_events_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove: bool = False, eventids: events.EventIDS | None = None):
+    if len(eventids.ids) == 0:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="eventids should be greater than 0"
+        )
+    
+    event_repository = event.EventRepository(database=database.database)
+    for i in eventids.ids:
+        event = event_repository.find_one_by_id(ObjectId(i))
+        if remove is True:
+            event.status = -1
+            event.deleted_at = datetime.today()
+            content = {"message": "events are deleted "}
+        else:
+            event.status = 0
+            event.disabled_at = datetime.today()
+            content = {"message": "events are disabled"}
+        event_repository.save(event)
+    
+    response = JSONResponse(content=content)
+    return response
+
+@router.delete("/events/{item_id}", tags=["events"])
+async def delete_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
+    event_repository = events.EventRepository(database=database.database)
+    event = event_repository.find_one_by_id(ObjectId(item_id))
+    if remove is True:
+        event.status = -1
+        event.deleted_at = datetime.today()
+        content = {"message": "events are deleted"}
+    else:
+        event.status = 0
+        event.disabled_at = datetime.today()
+        content = {"message": "events are disabled"}
+    event_repository.save(event)
+    response = JSONResponse(content=content)  
+    return response
+
+@router.put("/events/me/{item_id}",tags=["events"])
+async def update_events_me(item_id: str, current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], eventSingle: events.EventIn | None = None):
+    event_repository = event.EventRepository(database=database.database)
+    event = event_repository.find_one_by_id(ObjectId(item_id))
+    event.name = eventSingle.name
+    event.description = eventSingle.description
+    event.place = eventSingle.place
+    event.start_date = eventSingle.start_date
+    event.tags = eventSingle.tags
+    event.end_date = eventSingle.end_date
+    event.latitude = eventSingle.latitude
+    event.longitude = eventSingle.longitude
+    event.updated_at = datetime.today()
+    event.imgUrl = eventSingle.imgUrl
+    event_repository.save(event)
+    content = {"message": "event is updated"}
+    response = JSONResponse(content=content)  
+    return response
+
+@router.put("/events", tags=["events"], status_code=status.HTTP_201_CREATED)
+async def update_events(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventSingle: events.EventIn | None = None):
+    if eventSingle is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Body request is empty"
+        )
+    event_repository = events.EventRepository(database=database.database)
+
+    event = event_repository.find_one_by({"name": {'$eq': eventSingle.name}})
+    if event is not None:
+        raise HTTPException(
+            status_code=status.HTTP_204_NO_CONTENT,
+            detail="name"
+        )
+        
+
+    event = events.Event(name=eventSingle.name, description=eventSingle.description, place=eventSingle.place)
+    event.start_date = eventSingle.start_date
+    event.end_date = eventSingle.end_date
+    event.organizers = eventSingle.organizers
+    event.latitude = eventSingle.latitude
+    event.longitude = eventSingle.longitude
+    event.imgUrl = eventSingle.imgUrl
+    event.tags = eventSingle.tags
+    event.status = 1
+    event.created_at = datetime.today()
+    event_repository.save(event)
+    content = {"message": "event is created"}
+    response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)  
+    return response
+
+
+@router.put("/events/{item_id}", tags=["events"], status_code=status.HTTP_200_OK)
+async def update_events_id(item_id: str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventSingle: events.EventIn | None = None, response: Response = Response):
+    if eventSingle is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Body request is empty"
+        )
+    event_repository = events.EventRepository(database=database.database)
+
+    event = event_repository.find_one_by({"id": {'$eq': ObjectId(item_id)}})
+    if event is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Event not found"
+        )
+        
+    event.name = eventSingle.name
+    event.place = eventSingle.place
+    event.description = eventSingle.description
+    event.start_date = eventSingle.start_date
+    event.end_date = eventSingle.end_date
+    event.organizers = eventSingle.organizers
+    event.tags = eventSingle.tags
+    event.latitude = eventSingle.latitude
+    event.longitude = eventSingle.longitude
+    event.updated_at = datetime.today()
+    event.imgUrl = eventSingle.imgUrl
+    event_repository.save(event)
+    content = {"message": "event is updated"}
+    response = JSONResponse(content=content)  
+    return response
+
+
+@router.patch("/events/groups",tags=["events"])
+async def patch_events_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventids: events.EventIDS | None = None):
+    if len(eventids.ids) == 0:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="eventids should be greater than 0"
+        )
+    
+    event_repository = events.EventRepository(database=database.database)
+    content = {"message": "events are enabled"}
+    for i in eventids.ids:
+        event = event_repository.find_one_by_id(ObjectId(i))
+        event.status = 1
+        event.disabled_at = None
+        event.deleted_at = None
+        event_repository.save(event)
+    
+    
+    response = JSONResponse(content=content)
+    return response
+
+@router.patch("/events/{item_id}", tags=["events"])
+async def patch_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
+    event_repository = events.EventRepository(database=database.database)
+    event = event_repository.find_one_by_id(ObjectId(item_id))
+    event.status = 1
+    event.disabled_at = None
+    event.deleted_at = None
+    event_repository.save(event)
+    content = {"message": "event is enabled"}
+    response = JSONResponse(content=content)  
+    return response

app/routers/token.py

@@ -7,13 +7,13 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from ..dependencies import users_token, permissions_checker
 from ..models import token, users
 
+
 router = APIRouter()
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
 @router.post("/token", tags=["token"])
 async def login_for_access_token(
-    form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
-):
     user = users_token.authenticate_user(form_data.username, form_data.password)
     if not user:
         raise HTTPException(
@@ -25,9 +25,9 @@ async def login_for_access_token(
     access_token = users_token.create_access_token(
         data={"sub": user.username}, expires_delta=access_token_expires
     )
-    content = {"message": "Access token generated"}
+    content = {"roles":user.roles,"message": "Access token generated"}
     response = JSONResponse(content=content)
-    response.set_cookie(key="jwt", value=access_token)
+    response.set_cookie(key="access_token", value="Bearer {0}".format(access_token), httponly=True)
     return response
 
 @router.get("/token",tags=["token"])
@@ -35,3 +35,10 @@ async def check_token(current_user: Annotated[users.User, Depends(users_token.ge
         content = {"message": "Check token"}
         response = JSONResponse(content=content)
         return response
+
+@router.delete("/token",tags=["token"])
+async def check_token(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
+        content = {"message": "Token deleted"}
+        response = JSONResponse(content=content)
+        response.set_cookie(key="access_token", value="", httponly=True)
+        return response

app/routers/users.py

@@ -1,6 +1,9 @@
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, status, Response
+from fastapi.responses import JSONResponse
+from datetime import datetime
 from ..dependencies import users_token, permissions_checker, database
 from ..models import users
+from pydantic import EmailStr
 from typing import Annotated
 from bson import ObjectId
 router = APIRouter()
@@ -8,7 +11,7 @@ router = APIRouter()
 
 
 @router.get("/users", tags=["users"], response_model=list[users.UserOut])
-async def read_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], skip: int = 0, limit: int = 20):
+async def read_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, id_user: str | None = None, roles: str | None = None, status: int | None = None, email: EmailStr | None = None, name: str | None = None):
     if limit < 1 or skip < 0 or limit < skip:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
@@ -17,36 +20,62 @@ async def read_users(authorize: Annotated[bool, Depends(permissions_checker.Perm
     limit = limit + skip
     listUsers = []
     user_repository = users.UserRepository(database=database.database)
-    for user_index in user_repository.find_by({}, limit=limit, skip=skip):
+    object_search = {}
-        user = users.UserOut(id=user_index.id, username=user_index.username, email=user_index.email, disabled=user_index.disabled, roles=user_index.roles, removed=user_index.removed, confirmed=user_index.confirmed)
+    if status is not None and roles is not None:
+        object_search = {"$and":[{"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
+    else:
+        if status is not None:
+            object_search = {"status":{"$eq": status}}
+        if roles is not None:
+            object_search =  {"roles":{"$eq":roles}}
+    if id_user is not None:
+        userid = ObjectId(id_user)
+        object_search = {"id": {"$regex": userid}}
+        if status is not None and roles is not None:
+            object_search = {"$and":[{"id":{"$regex": userid}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
+        else:
+            if status is not None:
+                object_search = {"$and":[{"id":{"$regex": userid}}, {"status":{"$eq":status}}]}
+            if roles is not None:
+                object_search = {"$and":[{"id":{"$regex": userid}}, {"roles":{"$eq":roles}}]}
+    if email is not None:
+        object_search = {"email": {"$eq": email}}
+        if status is not None and roles is not None:
+            object_search = {"$and":[{"email":{"$eq": email}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
+        else:
+            if status is not None:
+                object_search = {"$and":[{"email":{"$eq": email}}, {"status":{"$eq":status}}]}
+            if roles is not None:
+                object_search = {"$and":[{"email":{"$eq": email}}, {"roles":{"$eq":roles}}]}
+
+    if name is not None:
+        object_search = {"username": {"$regex": name}}
+        if status is not None and roles is not None:
+            object_search = {"$and":[{"username":{"$regex": name}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
+        else:
+            if status is not None:
+                object_search = {"$and":[{"username":{"$regex": name}}, {"status":{"$eq":status}}]}
+            if roles is not None:
+                object_search = {"$and":[{"username":{"$regex": name}}, {"roles":{"$eq":roles}}]}
+
+
+    for user_index in user_repository.find_by(object_search, limit=limit, skip=skip):
+        user = users.UserOut(id=user_index.id, username=user_index.username, email=user_index.email, status=user_index.status, roles=user_index.roles, firstName=user_index.firstName, name=user_index.name)
         listUsers.append(user)
     return listUsers
 
-@router.get("/users/search", tags=["users"], response_model=list[users.UserOut])
+@router.get("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "status"])
-async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, key: str | None = None, value: str | None= None):
-    if limit < 1 or skip < 0 or limit < skip:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="skip should be greater than 0 and limit should be greater than 1. Limit should be greater than skip"
-        )
-    if key is None or value is None:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Key or/and value parameter is empty"
-        )
-    limit = limit + skip
-    listUsers = []
-    user_repository = users.UserRepository(database=database.database)
-    for user_index in user_repository.find_by({key: {'$regex': value}}, limit=limit, skip=skip):
-        user = users.UserOut(id=user_index.id, username=user_index.username, disabled=user_index.disabled, roles=user_index.roles, email=user_index.email, removed=user_index.removed, confirmed=user_index.confirmed)
-        listUsers.append(user)
-    return listUsers
-
-
-@router.get("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
 async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
         return current_user
 
+@router.get("/users/count", tags=["users"])
+async def read_users_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
+    count = database.database.get_collection("users").estimated_document_count()
+    content = {"count":count}
+    response = JSONResponse(content=content)
+    return response
+
+
 @router.get("/users/{item_id}", tags=["users"], response_model=users.User)
 async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
     user_repository = users.UserRepository(database=database.database)
@@ -54,38 +83,76 @@ async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permis
     return user
 
 
-
+@router.delete("/users/me",tags=["users"])
-@router.delete("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
+async def delete_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
-async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
     user_repository = users.UserRepository(database=database.database)
-    current_user.disabled = True
-    if remove is True:
-        current_user.removed = True
-    user_repository.save(current_user)
-    return current_user
     
-@router.delete("/users/{item_id}", tags=["users"], response_model=users.User)
+    if remove is True:
-async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
+        current_user.deleted_at = datetime.today()
+        current_user.status = -1
+        content = {"message": "users are deleted"}
+    else:
+        current_user.status = 0
+        current_user.deleted_at = datetime.today()
+        content = {"message": "users are disabled"}
+    user_repository.save(current_user)
+    response = JSONResponse(content=content)
+    return response
+
+@router.delete("/users/groups",tags=["users"])
+async def delete_users_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove: bool = False, userids: users.UserIDS | None = None):
+    if len(userids.ids) == 0:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="userids should be greater than 0"
+        )
+    
+    user_repository = users.UserRepository(database=database.database)
+    for i in userids.ids:
+        user = user_repository.find_one_by_id(ObjectId(i))
+        if remove is True:
+            user.status = -1
+            user.deleted_at = datetime.today()
+            content = {"message": "users are deleted "}
+        else:
+            user.status = 0
+            user.disabled_at = datetime.today()
+            content = {"message": "users are disabled"}
+        user_repository.save(user)
+    
+    response = JSONResponse(content=content)
+    return response
+
+@router.delete("/users/{item_id}", tags=["users"])
+async def delete_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
     user_repository = users.UserRepository(database=database.database)
     user = user_repository.find_one_by_id(ObjectId(item_id))
-    user.disabled = True
     if remove is True:
-        user.removed = True
+        user.status = -1
+        user.deleted_at = datetime.today()
+        content = {"message": "users are deleted"}
+    else:
+        user.status = 0
+        user.disabled_at = datetime.today()
+        content = {"message": "users are disabled"}
     user_repository.save(user)
-    return user
+    response = JSONResponse(content=content)  
+    return response
 
-@router.put("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
+@router.put("/users/me",tags=["users"])
-async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], userSingle: users.UserIn | None = None):
+async def update_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], userSingle: users.UserIn | None = None):
     user_repository = users.UserRepository(database=database.database)
     current_user.username = userSingle.username
     current_user.password = user_token.get_password_hash(userSingle.password)
     current_user.roles = userSingle.roles
     current_user.email = userSingle.email
     user_repository.save(current_user)
+    content = {"message": "user is updated"}
+    response = JSONResponse(content=content)  
     return current_user
 
-@router.put("/users", tags=["users"], response_model=users.User, status_code=status.HTTP_200_OK)
+@router.put("/users", tags=["users"], status_code=status.HTTP_201_CREATED)
-async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None):
+async def update_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None):
     if userSingle is None:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
@@ -93,13 +160,90 @@ async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.P
         )
     user_repository = users.UserRepository(database=database.database)
 
-    user = user_repository.find_one_by({"username": {'$eq': userSingle.username}})
+    user = user_repository.find_one_by({"$or":[{"username": {'$eq': userSingle.username}}, {"email": {"$eq": userSingle.email}}]})
+    if user is not None:
+        if user.username == userSingle.username:
+            raise HTTPException(
+                status_code=status.HTTP_204_NO_CONTENT,
+                detail="username"
+            )
+        if user.email == userSingle.email:
+            raise HTTPException(
+                status_code=status.HTTP_204_NO_CONTENT,
+                detail="email"
+            )
+
+    user = users.User(username=userSingle.username, password=users_token.get_password_hash(userSingle.password), email=userSingle.email)
+    user.roles = userSingle.roles
+    user.firstName = userSingle.firstName
+    user.name = userSingle.name
+    user.birth = userSingle.birth
+    user.created_at = datetime.today()
+    user_repository.save(user)
+    content = {"message": "user is created"}
+    response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)  
+    return response
+
+
+@router.put("/users/{item_id}", tags=["users"], status_code=status.HTTP_200_OK)
+async def update_users_id(item_id: str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None, response: Response = Response):
+    if userSingle is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Body request is empty"
+        )
+    user_repository = users.UserRepository(database=database.database)
+
+    user = user_repository.find_one_by({"id": {'$eq': ObjectId(item_id)}})
     if user is None:
-        response.status_code = status.HTTP_201_CREATED
+        raise HTTPException(
-        user = users.User()
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
+        
     user.username = userSingle.username
-    user.password = user_token.get_password_hash(userSingle.password)
+    user.password = users_token.get_password_hash(userSingle.password)
     user.roles = userSingle.roles
     user.email = userSingle.email
+    user.firstName = userSingle.firstName
+    user.name = userSingle.name
+    user.birth = userSingle.birth
+    user.updated_at = datetime.today()
     user_repository.save(user)
-    return user
+    content = {"message": "user is updated"}
+    response = JSONResponse(content=content)  
+    return response
+
+
+@router.patch("/users/groups",tags=["users"])
+async def patch_users_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userids: users.UserIDS | None = None):
+    if len(userids.ids) == 0:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="userids should be greater than 0"
+        )
+    
+    user_repository = users.UserRepository(database=database.database)
+    content = {"message": "users are enabled"}
+    for i in userids.ids:
+        user = user_repository.find_one_by_id(ObjectId(i))
+        user.status = 1
+        user.disabled_at = None
+        user.deleted_at = None
+        user_repository.save(user)
+    
+    
+    response = JSONResponse(content=content)
+    return response
+
+@router.patch("/users/{item_id}", tags=["users"], response_model=users.User)
+async def patch_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
+    user_repository = users.UserRepository(database=database.database)
+    user = user_repository.find_one_by_id(ObjectId(item_id))
+    user.status = 1
+    user.disabled_at = None
+    user.deleted_at = None
+    user_repository.save(user)
+    content = {"message": "user is enabled"}
+    response = JSONResponse(content=content)  
+    return response