12 changed files with 90 additions and 939 deletions
--- a/app/dependencies/cookie.py
+++ b/app/dependencies/cookie.py
@ -1,37 +0,0 @@
 from fastapi.security import OAuth2
 from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
 from fastapi import Request
 from fastapi.security.utils import get_authorization_scheme_param
 from fastapi import HTTPException
 from fastapi import status
 from typing import Optional
 from typing import Dict
 class OAuth2PasswordBearerWithCookie(OAuth2):
    def __init__(
        self,
        tokenUrl: str,
        scheme_name: Optional[str] = None,
        scopes: Optional[Dict[str, str]] = None,
        auto_error: bool = True,
    ):
        if not scopes:
            scopes = {}
        flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
        super().__init__(flows=flows, scheme_name=scheme_name, auto_error=auto_error)
    async def __call__(self, request: Request) -> Optional[str]:
        authorization: str = request.cookies.get("access_token")  #changed to accept access token from httpOnly Cookie
        scheme, param = get_authorization_scheme_param(authorization)
        if not authorization or scheme.lower() != "bearer":
            if self.auto_error:
                raise HTTPException(
                    status_code=status.HTTP_401_UNAUTHORIZED,
                    detail="Not authenticated",
                    headers={"WWW-Authenticate": "Bearer"},
                )
            else:
                return None
        return param
--- a/app/dependencies/user_add.py
+++ b/app/dependencies/user_add.py
@ -4,17 +4,18 @@ from passlib.context import CryptContext
 from pydantic import EmailStr
-def add(username="", password="", roles="User", status=1, email="test@toto.com"):
+def add(username="", password="", roles="User", disabled=False, confirmed=True, email="test@toto.com"):
    user_repository = users.UserRepository(database=database.database)
    pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
    result = user_repository.find_one_by({'username': username})
    change = "added"
-    user = users.User(username=username, password=pwd_context.hash(password), roles=roles, status=status, email=email)
+    user = users.User(username=username, password=pwd_context.hash(password), roles=roles, disabled=disabled, confirmed=confirmed, email=email)
    if result is not None:
        result.password=pwd_context.hash(password)
        result.roles=roles
-        result.status=status
+        result.disabled=disabled
        result.confirmed=confirmed
        result.email=email
        user = result
        change = "updated"
--- a/app/dependencies/users_token.py
+++ b/app/dependencies/users_token.py
@ -8,14 +8,14 @@ from jose import JWTError, jwt
 from passlib.context import CryptContext
 from ..models import users, token
-from ..dependencies import database, cookie
+from ..dependencies import database
 SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
 ALGORITHM = "HS256"
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-oauth2_scheme = cookie.OAuth2PasswordBearerWithCookie(tokenUrl="token")
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
 def verify_password(plain_password, hashed_password):
    return pwd_context.verify(plain_password, hashed_password)
@ -35,9 +35,6 @@ def authenticate_user(username: str, password: str):
        return False
    if not verify_password(password, user.password):
        return False
    user.connected_at = datetime.today()
    user_repository = users.UserRepository(database=database.database)
    user_repository.save(user)
    return user
 def create_access_token(data: dict, expires_delta: timedelta | None = None):
@ -73,6 +70,6 @@ async def get_current_user(token_str: Annotated[str, Depends(oauth2_scheme)]):
 async def get_current_active_user(
    current_user: Annotated[users.User, Depends(get_current_user)]
 ):
-    if current_user.status == 0:
+    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")
    return current_user
--- a/app/main.py
+++ b/app/main.py
@ -1,7 +1,7 @@
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
-from .routers import users, token, mail, events, tags
+from .routers import users, token, mail
 from .dependencies import user_add
 import os
@ -10,10 +10,6 @@ app = FastAPI()
 origins = [
    "http://localhost:8084",
    "https://backend.valczeryba.ovh",
    "https://facebook.com",
    "https://fetlife.com",
    "https://backoffice.valczeryba.ovh"
 ]
 app.add_middleware(
@ -28,8 +24,6 @@ app.add_middleware(
 app.include_router(users.router)
 app.include_router(token.router)
 app.include_router(mail.router)
 app.include_router(events.router)
 app.include_router(tags.router)
@app.on_event("startup")
--- a/app/models/events.py
+++ b/app/models/events.py
@ -1,53 +0,0 @@
 from pydantic import BaseModel, EmailStr
 from pydantic_mongo import AbstractRepository, ObjectIdField
 from datetime import datetime, date
 class Event(BaseModel):
    id: ObjectIdField = None
    name: str
    place: str
    description: str
    imgUrl: str | None = None
    status: int = 0
    latitude: float = 0.0
    longitude: float = 0.0
    organizers: list[str] = []
    tags: list[str] = []
    start_date: datetime | None = None
    end_date: datetime | None = None
    created_at: datetime = datetime.today()
    updated_at: datetime | None = None
    deleted_at: datetime | None = None
    disabled_at: datetime | None = None
 class EventOut(BaseModel):
    id: ObjectIdField = None
    name: str
    place: str
    description: str
    imgUrl: str | None = None
    status: int = 0
    start_date: datetime | None = None
    end_date: datetime | None = None
    tags: list[str] = []
 class EventIn(BaseModel):
    name: str
    place: str
    description: str
    imgUrl: str | None = None
    status: int = 0
    organizers: list[str] = []
    tags: list[str] = []
    start_date: datetime | None = None
    end_date: datetime | None = None
    latitude: float = 0.0
    longitude: float = 0.0
 class EventIDS(BaseModel):
    ids: list[str]
 class EventRepository(AbstractRepository[Event]):
    class Meta:
        collection_name = "events"
--- a/app/models/tags.py
+++ b/app/models/tags.py
@ -1,24 +0,0 @@
 from pydantic import BaseModel, EmailStr
 from pydantic_mongo import AbstractRepository, ObjectIdField
 from datetime import datetime, date
 class Tags(BaseModel):
    id: ObjectIdField = None
    name: str
    created_at: datetime = datetime.today()
 class TagsOut(BaseModel):
    id: ObjectIdField = None
    name: str
 class TagsIn(BaseModel):
    name: str
 class TagsIDS(BaseModel):
    ids: list[str]
 class TagsRepository(AbstractRepository[Tags]):
    class Meta:
        collection_name = "tags"
--- a/app/models/users.py
+++ b/app/models/users.py
@ -1,40 +1,30 @@
 from pydantic import BaseModel, EmailStr
 from pydantic_mongo import AbstractRepository, ObjectIdField
 from datetime import datetime, date
 class User(BaseModel):
    id: ObjectIdField = None
    username: str
    password: str
    firstName: str = ""
    name: str = ""
    roles: str = "User"
-    status: int = 0
+    disabled: bool = False
    removed: bool = False
    confirmed: bool = False
    email: EmailStr
    birth: datetime | None = None
    created_at: datetime = datetime.today()
    connected_at: datetime | None = None
    updated_at: datetime | None = None
    deleted_at: datetime | None = None
    disabled_at: datetime | None = None
 class UserOut(BaseModel):
    id: ObjectIdField = None
    username: str
    roles: str
-    firstName: str
+    disabled: bool
-    name: str
+    removed: bool
-    status: int = 0
+    confirmed: bool
    email: EmailStr
 class UserIn(BaseModel):
    username: str
    name: str
    firstName: str
    roles: str
    password: str
    birth: str
    email: EmailStr
@ -42,16 +32,11 @@ class UserCreate(BaseModel):
    username: str
    password: str
    email: EmailStr
-    birth: str
+
    firstName: str
    name: str
 class UserInDB(User):
    password: str
 class UserIDS(BaseModel):
    ids: list[str]
 class UserRepository(AbstractRepository[User]):
    class Meta:
        collection_name = "users"
--- a/app/routers/events.py
+++ b/app/routers/events.py
@ -1,436 +0,0 @@
 from fastapi import APIRouter, Depends, HTTPException, status, Response
 from fastapi.responses import JSONResponse
 from datetime import datetime
 from ..dependencies import users_token, permissions_checker, database
 from ..models import events, users, tags
 from pydantic import EmailStr
 from typing import Annotated, Union
 from bson import ObjectId
 from datetime import datetime
 router = APIRouter()
 def build_location_filter(min_lat, max_lat, min_lon, max_lon):
    """Build location-based query filters."""
    if min_lat is not None and max_lat is not None and min_lon is not None and max_lon is not None:
        return [
            {"latitude": {"$gte": min_lat}},
            {"latitude": {"$lte": max_lat}},
            {"longitude": {"$gte": min_lon}},
            {"longitude": {"$lte": max_lon}},
        ]
    return []
 def build_datetime_filter(current_datetime):
    """Build filters for current datetime."""
    if current_datetime:
        return {
            "$or": [
                {"start_date": {"$gte": current_datetime}},  # Upcoming events
                {
                    "$and": [
                        {"start_date": {"$lte": current_datetime}},  # Already started
                        {"$or": [
                            {"end_date": {"$gte": current_datetime}},  # Ongoing
                            {"end_date": None},  # No end date
                        ]},
                    ],
                },
            ],
        }
    return None
 def build_date_filter(start_date, end_date):
    """Build date range filters."""
    if start_date and end_date:
        return [
            {"start_date": {"$gte": datetime.combine(start_date, datetime.min.time())}},
            {"start_date": {"$lte": datetime.combine(end_date, datetime.max.time())}},
        ]
    return []
 def build_text_filter(item):
    """Build text-based search filters."""
    if item:
        return {
            "$or": [
                {"name": {"$regex": item, "$options": "i"}},
                {"tags": {"$regex": item, "$options": "i"}},
                {"organizers": {"$regex": item, "$options": "i"}},
            ]
        }
    return None
@router.get("/events", tags=["events"], response_model=list[events.EventOut])
 async def read_events(
    authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
    skip: int = 0,
    limit: int = 20,
    id_event: str | None = None,
    name: str | None = None,
    status: int = 1,
    tags: str | None = None,
    organizers: str | None = None,
    current_datetime: datetime | None = None,
    date_event: datetime | None = None,
    start_date: datetime | None = None,
    end_date: datetime | None = None,
 ):
    # Validate `skip` and `limit`
    if limit < 1 or skip < 0 or limit < skip:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
        )
    limit = limit + skip
    # Initialize filters
    filters = []
    # Add status filter
    filters.append({"status": {"$eq": status}})
    # Add date filters
    if date_event:
        start_of_day = datetime.combine(date_event, datetime.min.time())
        end_of_day = datetime.combine(date_event, datetime.max.time())
        filters.extend(build_date_filter(start_of_day, end_of_day))
    elif start_date and end_date:
        filters.extend(build_date_filter(start_date, end_date))
    # Add current datetime filter
    datetime_filter = build_datetime_filter(current_datetime)
    if datetime_filter:
        filters.append(datetime_filter)
    # Add text-based filters
    if name:
        filters.append(build_text_filter(name))
    if tags:
        filters.append({"tags": {"$eq": tags}})
    if organizers:
        filters.append({"organizers": {"$eq": organizers}})
    # Add ID filter
    if id_event:
        try:
            event_id = ObjectId(id_event)
            filters.append({"_id": {"$eq": event_id}})
        except Exception:
            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid event ID format.")
    # Combine all filters
    object_search = {"$and": filters} if filters else {}
    # Fetch and return results
    event_repository = events.EventRepository(database=database.database)
    list_events = []
    for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
        event = events.EventOut(
            id=event_index.id,
            tags=event_index.tags,
            imgUrl=event_index.imgUrl,
            name=event_index.name,
            description=event_index.description,
            place=event_index.place,
            status=event_index.status,
            start_date=event_index.start_date,
            end_date=event_index.end_date,
        )
        list_events.append(event)
    return list_events
@router.get("/events/search", tags=["events"], response_model=list[events.EventOut])
 async def search_events(
    authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
    skip: int = 0,
    limit: int = 20,
    item: Union[str, None] = None,
    status: int = 1,
    min_lat: Union[float, None] = None,
    max_lat: Union[float, None] = None,
    min_lon: Union[float, None] = None,
    max_lon: Union[float, None] = None,
    current_datetime: Union[datetime, None] = None,
    date_event: Union[datetime, None] = None,
    start_date: Union[datetime, None] = None,
    end_date: Union[datetime, None] = None,
    tags: Union[str, None] = None,
 ):
    if limit < 1 or skip < 0 or limit < skip:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
        )
    limit = limit + skip
    # Initialize filters
    filters = [{"status": {"$eq": status}}]
    # Date filters
    if date_event:
        start_of_day = datetime.combine(date_event, datetime.min.time())
        end_of_day = datetime.combine(date_event, datetime.max.time())
        filters.extend(build_date_filter(start_of_day, end_of_day))
    else:
        filters.extend(build_date_filter(start_date, end_date))
    # Add location filter
    filters.extend(build_location_filter(min_lat, max_lat, min_lon, max_lon))
    # Add datetime filter
    datetime_filter = build_datetime_filter(current_datetime)
    if datetime_filter:
        filters.append(datetime_filter)
    # Add text filter
    text_filter = build_text_filter(item)
    if text_filter:
        filters.append(text_filter)
    if tags is not None:
        filters.append({"tags": {"$eq": tags}})
    # Combine filters
    object_search = {"$and": filters} if filters else {}
    # Fetch and return results
    event_repository = events.EventRepository(database=database.database)
    list_events = []
    for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
        event = events.EventOut(
            id=event_index.id,
            tags=event_index.tags,
            imgUrl=event_index.imgUrl,
            name=event_index.name,
            description=event_index.description,
            place=event_index.place,
            status=event_index.status,
            start_date=event_index.start_date,
            end_date=event_index.end_date,
        )
        list_events.append(event)
    return list_events
@router.get("/events/me",tags=["events"])
 async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
    event_repository = events.EventRepository(database=database.database)
    listOrganizers = []
    for event_index in event_repository.find_by({"organizers":{"$eq": current_user.username}}, limit=limit, skip=skip):
        event = events.EventOut(id=event_index.id, name=event_index.name, tags=event_index.tags, imgUrl=event_index.imgUrl, description=event_index.description, place=event_index.place, status=event_index.status, start_date=event_index.start_date, end_date=event_index.end_date)
        listOrganizers.append(event)
    content = {"organizers":listOrganizers}
    response = JSONResponse(content=content)
    return response
@router.get("/events/count", tags=["events"])
 async def read_events_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
    count = database.database.get_collection("events").estimated_document_count()
    content = {"count":count}
    response = JSONResponse(content=content)
    return response
@router.get("/events/{item_id}", tags=["events"], response_model=events.Event)
 async def read_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    event_repository = events.EventRepository(database=database.database)
    event = event_repository.find_one_by_id(ObjectId(item_id))
    return event
@router.delete("/events/me/{item_id}", tags=["events"])
 async def delete_event_me(item_id: str, current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
    event_repository = events.EventRepository(database=database.database)
    event = event_repository.find_one_by_id(ObjectId(item_id))
    if remove is True:
        event.deleted_at = datetime.today()
        event.status = -1
        content = {"message": "event is deleted"}
    else:
        event.status = 0
        event.deleted_at = datetime.today()
        content = {"message": "event is disabled"}
    event_repository.save(event)
    response = JSONResponse(content=content)
    return response
@router.delete("/events/groups",tags=["events"])
 async def delete_events_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove: bool = False, eventids: events.EventIDS | None = None):
    if len(eventids.ids) == 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="eventids should be greater than 0"
        )
    event_repository = event.EventRepository(database=database.database)
    for i in eventids.ids:
        event = event_repository.find_one_by_id(ObjectId(i))
        if remove is True:
            event.status = -1
            event.deleted_at = datetime.today()
            content = {"message": "events are deleted "}
        else:
            event.status = 0
            event.disabled_at = datetime.today()
            content = {"message": "events are disabled"}
        event_repository.save(event)
    response = JSONResponse(content=content)
    return response
@router.delete("/events/{item_id}", tags=["events"])
 async def delete_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
    event_repository = events.EventRepository(database=database.database)
    event = event_repository.find_one_by_id(ObjectId(item_id))
    if remove is True:
        event.status = -1
        event.deleted_at = datetime.today()
        content = {"message": "events are deleted"}
    else:
        event.status = 0
        event.disabled_at = datetime.today()
        content = {"message": "events are disabled"}
    event_repository.save(event)
    response = JSONResponse(content=content)  
    return response
@router.put("/events/me/{item_id}",tags=["events"])
 async def update_events_me(item_id: str, current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], eventSingle: events.EventIn | None = None):
    event_repository = event.EventRepository(database=database.database)
    event = event_repository.find_one_by_id(ObjectId(item_id))
    event.name = eventSingle.name
    event.description = eventSingle.description
    event.place = eventSingle.place
    event.start_date = eventSingle.start_date
    event.tags = eventSingle.tags
    event.end_date = eventSingle.end_date
    event.latitude = eventSingle.latitude
    event.longitude = eventSingle.longitude
    event.updated_at = datetime.today()
    event.imgUrl = eventSingle.imgUrl
    event_repository.save(event)
    content = {"message": "event is updated"}
    response = JSONResponse(content=content)  
    return response
@router.put("/events", tags=["events"], status_code=status.HTTP_201_CREATED)
 async def update_events(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventSingle: events.EventIn | None = None):
    if eventSingle is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Body request is empty"
        )
    event_repository = events.EventRepository(database=database.database)
    tags_repository = tags.TagsRepository(database=database.database)            
    event = event_repository.find_one_by( {"$and": [
                        {"start_date": {"$eq": eventSingle.start_date}},  # Already started
                        {"name": {"$eq": eventSingle.name}},
                    ]})
    if event is not None:
        raise HTTPException(
            status_code=status.HTTP_204_NO_CONTENT,
            detail="name"
        )
    event = events.Event(name=eventSingle.name, description=eventSingle.description, place=eventSingle.place)
    event.start_date = eventSingle.start_date
    event.end_date = eventSingle.end_date
    event.organizers = eventSingle.organizers
    event.latitude = eventSingle.latitude
    event.longitude = eventSingle.longitude
    event.imgUrl = eventSingle.imgUrl
    event.tags = eventSingle.tags
    for tag_name in eventSingle.tags:
        tag = tags_repository.find_one_by({"name": {'$eq': tag_name}})
        if tag is None:
            tag = tags.Tags(name=tag_name)
            tags_repository.save(tag)
    event.status = 1
    event.created_at = datetime.today()
    event_repository.save(event)
    content = {"message": "event is created"}
    response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)  
    return response
@router.put("/events/{item_id}", tags=["events"], status_code=status.HTTP_200_OK)
 async def update_events_id(item_id: str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventSingle: events.EventIn | None = None, response: Response = Response):
    if eventSingle is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Body request is empty"
        )
    event_repository = events.EventRepository(database=database.database)
    tags_repository = tags.TagsRepository(database=database)
    event = event_repository.find_one_by({"id": {'$eq': ObjectId(item_id)}})
    if event is None:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Event not found"
        )
    event.name = eventSingle.name
    event.place = eventSingle.place
    event.description = eventSingle.description
    event.start_date = eventSingle.start_date
    event.end_date = eventSingle.end_date
    event.organizers = eventSingle.organizers
    event.tags = eventSingle.tags
    for tag_name in eventSingle:
        tag = tags_repository.find_one_by({"name": {'$eq': tag_name}})
        if tag is None:
            tag = Tags(name=tag_name)
            tags_repository.save(tag)
    event.latitude = eventSingle.latitude
    event.longitude = eventSingle.longitude
    event.updated_at = datetime.today()
    event.imgUrl = eventSingle.imgUrl
    event_repository.save(event)
    content = {"message": "event is updated"}
    response = JSONResponse(content=content)  
    return response
@router.patch("/events/groups",tags=["events"])
 async def patch_events_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventids: events.EventIDS | None = None):
    if len(eventids.ids) == 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="eventids should be greater than 0"
        )
    event_repository = events.EventRepository(database=database.database)
    content = {"message": "events are enabled"}
    for i in eventids.ids:
        event = event_repository.find_one_by_id(ObjectId(i))
        event.status = 1
        event.disabled_at = None
        event.deleted_at = None
        event_repository.save(event)
    response = JSONResponse(content=content)
    return response
@router.patch("/events/{item_id}", tags=["events"])
 async def patch_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    event_repository = events.EventRepository(database=database.database)
    event = event_repository.find_one_by_id(ObjectId(item_id))
    event.status = 1
    event.disabled_at = None
    event.deleted_at = None
    event_repository.save(event)
    content = {"message": "event is enabled"}
    response = JSONResponse(content=content)  
    return response
--- a/app/routers/mail.py
+++ b/app/routers/mail.py
@ -19,7 +19,7 @@ async def create_user(userSingle: users.UserCreate | None = None):
    if user is not None:
         raise HTTPException(
            status_code=status.HTTP_204_NO_CONTENT,
-            detail="User already exists"
+            detail="User is already exist"
        )
    fm = FastMail(mail.conf)
@ -35,8 +35,7 @@ async def create_user(userSingle: users.UserCreate | None = None):
        )
    await fm.send_message(message, template_name="mailer.html") 
-    current_user = users.User(username=userSingle.username, password=users_token.get_password_hash(userSingle.password), email=userSingle.email, name=userSingle.name, firstName=userSingle.firstName)
+    current_user = users.User(username=userSingle.username, password=users_token.get_password_hash(userSingle.password), email=userSingle.email)
    current_user.status = 0
    user_repository.save(current_user)
    database.connect_redis.set(userSingle.username, key_hashed)
    return JSONResponse(status_code=status.HTTP_200_OK, content={"message": "email has been sent"})
@ -56,6 +55,6 @@ async def confirm_user(key: str | None = None, username: str | None = None):
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Key is invalid"
        )
-    user.status = 1
+    user.confirmed = True
    user_repository.save(user)
    return JSONResponse(status_code=status.HTTP_200_OK, content={"message": "user account confirmed"})
--- a/app/routers/tags.py
+++ b/app/routers/tags.py
@ -1,119 +0,0 @@
 from fastapi import APIRouter, Depends, HTTPException, status, Response
 from fastapi.responses import JSONResponse
 from datetime import datetime
 from ..dependencies import users_token, permissions_checker, database
 from ..models import tags, users
 from pydantic import EmailStr
 from typing import Annotated, Union
 from bson import ObjectId
 from datetime import datetime
 router = APIRouter()
@router.get("/tags", tags=["tags"], response_model=list[tags.TagsOut])
 async def read_tags(
    authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))],
    skip: int = 0,
    limit: int = 20,
    id_tags: str | None = None,
    name: str | None = None
 ):
    # Validate `skip` and `limit`
    if limit < 1 or skip < 0 or limit < skip:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="`skip` should be >= 0 and `limit` should be > 0 and greater than `skip`.",
        )
    limit = limit + skip
    # Initialize filters
    filters = []
    if name:
        filters.append({"name": {"$regex": name, "$options": "i"}})
    # Add ID filter
    if id_tags:
        try:
            tags_id = ObjectId(id_tags)
            filters.append({"_id": {"$eq": event_id}})
        except Exception:
            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid event ID format.")
    # Combine all filters
    object_search = {"$and": filters} if filters else {}
    # Fetch and return results
    tags_repository = tags.TagsRepository(database=database.database)
    list_tags = []
    for tag_index in tags_repository.find_by(object_search, limit=limit, skip=skip):
        tag = tags.TagsOut(
            id=tag_index.id,
            name=tag_index.name
        )
        list_tags.append(tag)
    return list_tags
@router.get("/tags/count", tags=["tags"])
 async def read_tags_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
    count = database.database.get_collection("tags").estimated_document_count()
    content = {"count":count}
    response = JSONResponse(content=content)
    return response
@router.get("/tags/{item_id}", tags=["tags"], response_model=tags.Tags)
 async def read_tags_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    tags_repository = tags.TagsRepository(database=database.database)
    tag = tags_repository.find_one_by_id(ObjectId(item_id))
    return tag
@router.delete("/tags/groups",tags=["tags"])
 async def delete_tags_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], tagsids: tags.TagsIDS | None = None):
    if len(tagsids.ids) == 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="eventids should be greater than 0"
        )
    tag_repository = tags.TagsRepository(database=database.database)
    for i in tagsids.ids:
        tag = tag_repository.find_one_by_id(ObjectId(i))
        tag_repository.delete_one(tag)
    content = {"message": "tags removed"}
    response = JSONResponse(content=content)
    return response
@router.delete("/tags/{item_id}", tags=["tags"])
 async def delete_tags_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    tag_repository = tags.TagsRepository(database=database.database)
    tag = tag_repository.find_one_by_id(ObjectId(item_id))        
    event_repository.delete_one(event)
    content = {"message": "tags delete"}
    response = JSONResponse(content=content)  
    return responsed
@router.put("/tags", tags=["tags"], status_code=status.HTTP_201_CREATED)
 async def update_tags(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], tagSingle: tags.TagsIn | None = None):
    if tagSingle is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Body request is empty"
        )
    tag_repository = tags.TagsRepository(database=database.database)
    tag = tag_repository.find_one_by({"name": {'$eq': tagSingle.name}})
    if tag is not None:
        raise HTTPException(
            status_code=status.HTTP_204_NO_CONTENT,
            detail="name"
        )
    tag = tags.Tags(name=tagSingle.name)
    tag.created_at = datetime.today()
    tag_repository.save(event)
    content = {"message": "tags created"}
    response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)  
    return response
--- a/app/routers/token.py
+++ b/app/routers/token.py
@ -7,13 +7,13 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from ..dependencies import users_token, permissions_checker
 from ..models import token, users
 router = APIRouter()
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
@router.post("/token", tags=["token"])
 async def login_for_access_token(
-    form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
 ):
    user = users_token.authenticate_user(form_data.username, form_data.password)
    if not user:
        raise HTTPException(
@ -25,9 +25,9 @@ async def login_for_access_token(
    access_token = users_token.create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
-    content = {"roles":user.roles,"message": "Access token generated"}
+    content = {"message": "Access token generated"}
    response = JSONResponse(content=content)
-    response.set_cookie(key="access_token", value="Bearer {0}".format(access_token), httponly=True)
+    response.set_cookie(key="jwt", value=access_token)
    return response
@router.get("/token",tags=["token"])
@ -35,10 +35,3 @@ async def check_token(current_user: Annotated[users.User, Depends(users_token.ge
        content = {"message": "Check token"}
        response = JSONResponse(content=content)
        return response
@router.delete("/token",tags=["token"])
 async def check_token(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
        content = {"message": "Token deleted"}
        response = JSONResponse(content=content)
        response.set_cookie(key="access_token", value="", httponly=True)
        return response
--- a/app/routers/users.py
+++ b/app/routers/users.py
@ -1,9 +1,6 @@
-from fastapi import APIRouter, Depends, HTTPException, status, Response
+from fastapi import APIRouter, Depends, HTTPException, status
 from fastapi.responses import JSONResponse
 from datetime import datetime
 from ..dependencies import users_token, permissions_checker, database
 from ..models import users
 from pydantic import EmailStr
 from typing import Annotated
 from bson import ObjectId
 router = APIRouter()
@ -11,7 +8,7 @@ router = APIRouter()
@router.get("/users", tags=["users"], response_model=list[users.UserOut])
-async def read_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, id_user: str | None = None, roles: str | None = None, status: int | None = None, email: EmailStr | None = None, name: str | None = None):
+async def read_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], skip: int = 0, limit: int = 20):
    if limit < 1 or skip < 0 or limit < skip:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
@ -20,62 +17,36 @@ async def read_users(authorize: Annotated[bool, Depends(permissions_checker.Perm
    limit = limit + skip
    listUsers = []
    user_repository = users.UserRepository(database=database.database)
-    object_search = {}
+    for user_index in user_repository.find_by({}, limit=limit, skip=skip):
-    if status is not None and roles is not None:
+        user = users.UserOut(id=user_index.id, username=user_index.username, email=user_index.email, disabled=user_index.disabled, roles=user_index.roles, removed=user_index.removed, confirmed=user_index.confirmed)
        object_search = {"$and":[{"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
    else:
        if status is not None:
            object_search = {"status":{"$eq": status}}
        if roles is not None:
            object_search =  {"roles":{"$eq":roles}}
    if id_user is not None:
        userid = ObjectId(id_user)
        object_search = {"id": {"$regex": userid}}
        if status is not None and roles is not None:
            object_search = {"$and":[{"id":{"$regex": userid}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
        else:
            if status is not None:
                object_search = {"$and":[{"id":{"$regex": userid}}, {"status":{"$eq":status}}]}
            if roles is not None:
                object_search = {"$and":[{"id":{"$regex": userid}}, {"roles":{"$eq":roles}}]}
    if email is not None:
        object_search = {"email": {"$eq": email}}
        if status is not None and roles is not None:
            object_search = {"$and":[{"email":{"$eq": email}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
        else:
            if status is not None:
                object_search = {"$and":[{"email":{"$eq": email}}, {"status":{"$eq":status}}]}
            if roles is not None:
                object_search = {"$and":[{"email":{"$eq": email}}, {"roles":{"$eq":roles}}]}
    if name is not None:
        object_search = {"username": {"$regex": name}}
        if status is not None and roles is not None:
            object_search = {"$and":[{"username":{"$regex": name}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
        else:
            if status is not None:
                object_search = {"$and":[{"username":{"$regex": name}}, {"status":{"$eq":status}}]}
            if roles is not None:
                object_search = {"$and":[{"username":{"$regex": name}}, {"roles":{"$eq":roles}}]}
    for user_index in user_repository.find_by(object_search, limit=limit, skip=skip):
        user = users.UserOut(id=user_index.id, username=user_index.username, email=user_index.email, status=user_index.status, roles=user_index.roles, firstName=user_index.firstName, name=user_index.name)
        listUsers.append(user)
    return listUsers
-@router.get("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "status"])
+@router.get("/users/search", tags=["users"], response_model=list[users.UserOut])
 async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, key: str | None = None, value: str | None= None):
    if limit < 1 or skip < 0 or limit < skip:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="skip should be greater than 0 and limit should be greater than 1. Limit should be greater than skip"
        )
    if key is None or value is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Key or/and value parameter is empty"
        )
    limit = limit + skip
    listUsers = []
    user_repository = users.UserRepository(database=database.database)
    for user_index in user_repository.find_by({key: {'$regex': value}}, limit=limit, skip=skip):
        user = users.UserOut(id=user_index.id, username=user_index.username, disabled=user_index.disabled, roles=user_index.roles, email=user_index.email, removed=user_index.removed, confirmed=user_index.confirmed)
        listUsers.append(user)
    return listUsers
@router.get("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
 async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
        return current_user
@router.get("/users/count", tags=["users"])
 async def read_users_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    count = database.database.get_collection("users").estimated_document_count()
    content = {"count":count}
    response = JSONResponse(content=content)
    return response
@router.get("/users/{item_id}", tags=["users"], response_model=users.User)
 async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    user_repository = users.UserRepository(database=database.database)
@ -83,172 +54,52 @@ async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permis
    return user
@router.delete("/users/me",tags=["users"])
 async def delete_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
    user_repository = users.UserRepository(database=database.database)
@router.delete("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
 async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
    user_repository = users.UserRepository(database=database.database)
    current_user.disabled = True
    if remove is True:
-        current_user.deleted_at = datetime.today()
+        current_user.removed = True
        current_user.status = -1
        content = {"message": "users are deleted"}
    else:
        current_user.status = 0
        current_user.deleted_at = datetime.today()
        content = {"message": "users are disabled"}
    user_repository.save(current_user)
    response = JSONResponse(content=content)
    return response
@router.delete("/users/groups",tags=["users"])
 async def delete_users_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove: bool = False, userids: users.UserIDS | None = None):
    if len(userids.ids) == 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="userids should be greater than 0"
        )
    user_repository = users.UserRepository(database=database.database)
    for i in userids.ids:
        user = user_repository.find_one_by_id(ObjectId(i))
        if remove is True:
            user.status = -1
            user.deleted_at = datetime.today()
            content = {"message": "users are deleted "}
        else:
            user.status = 0
            user.disabled_at = datetime.today()
            content = {"message": "users are disabled"}
        user_repository.save(user)
    response = JSONResponse(content=content)
    return response
@router.delete("/users/{item_id}", tags=["users"])
 async def delete_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
    user_repository = users.UserRepository(database=database.database)
    user = user_repository.find_one_by_id(ObjectId(item_id))
    if remove is True:
        user.status = -1
        user.deleted_at = datetime.today()
        content = {"message": "users are deleted"}
    else:
        user.status = 0
        user.disabled_at = datetime.today()
        content = {"message": "users are disabled"}
    user_repository.save(user)
    response = JSONResponse(content=content)  
    return response
@router.put("/users/me",tags=["users"])
 async def update_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], userSingle: users.UserIn | None = None):
    user_repository = users.UserRepository(database=database.database)
    current_user.username = userSingle.username
    if len(userSingle.password) > 0:
        current_user.password = user_token.get_password_hash(userSingle.password)
    current_user.email = userSingle.email
    current_user.name = userSingle.name
    current_user.firstName = userSingle.firstName
    current_user.birth = userSingle.birth
    user_repository.save(current_user)
    content = {"message": "user is updated"}
    response = JSONResponse(content=content)  
    return current_user
-@router.put("/users", tags=["users"], status_code=status.HTTP_201_CREATED)
+@router.delete("/users/{item_id}", tags=["users"], response_model=users.User)
-async def update_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None):
+async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
    if userSingle is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Body request is empty"
        )
    user_repository = users.UserRepository(database=database.database)
    user = user_repository.find_one_by({"$or":[{"username": {'$eq': userSingle.username}}, {"email": {"$eq": userSingle.email}}]})
    if user is not None:
        if user.username == userSingle.username:
            raise HTTPException(
                status_code=status.HTTP_204_NO_CONTENT,
                detail="username"
            )
        if user.email == userSingle.email:
            raise HTTPException(
                status_code=status.HTTP_204_NO_CONTENT,
                detail="email"
            )
    user = users.User(username=userSingle.username, password=users_token.get_password_hash(userSingle.password), email=userSingle.email)
    user.roles = userSingle.roles
    user.firstName = userSingle.firstName
    user.name = userSingle.name
    user.birth = userSingle.birth
    user.created_at = datetime.today()
    user_repository.save(user)
    content = {"message": "user is created"}
    response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)  
    return response
@router.put("/users/{item_id}", tags=["users"], status_code=status.HTTP_200_OK)
 async def update_users_id(item_id: str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None, response: Response = Response):
    if userSingle is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Body request is empty"
        )
    user_repository = users.UserRepository(database=database.database)
    user = user_repository.find_one_by({"id": {'$eq': ObjectId(item_id)}})
    if user is None:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="User not found"
        )
    user.username = userSingle.username
    if len(userSingle.password) > 0:
        user.password = users_token.get_password_hash(userSingle.password)
    user.roles = userSingle.roles
    user.email = userSingle.email
    user.firstName = userSingle.firstName
    user.name = userSingle.name
    user.birth = userSingle.birth
    user.updated_at = datetime.today()
    user_repository.save(user)
    content = {"message": "user is updated"}
    response = JSONResponse(content=content)  
    return response
@router.patch("/users/groups",tags=["users"])
 async def patch_users_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userids: users.UserIDS | None = None):
    if len(userids.ids) == 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="userids should be greater than 0"
        )
    user_repository = users.UserRepository(database=database.database)
    content = {"message": "users are enabled"}
    for i in userids.ids:
        user = user_repository.find_one_by_id(ObjectId(i))
        user.status = 1
        user.disabled_at = None
        user.deleted_at = None
        user_repository.save(user)
    response = JSONResponse(content=content)
    return response
@router.patch("/users/{item_id}", tags=["users"], response_model=users.User)
 async def patch_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
    user_repository = users.UserRepository(database=database.database)
    user = user_repository.find_one_by_id(ObjectId(item_id))
-    user.status = 1
+    user.disabled = True
-    user.disabled_at = None
+    if remove is True:
-    user.deleted_at = None
+        user.removed = True
    user_repository.save(user)
-    content = {"message": "user is enabled"}
+    return user
-    response = JSONResponse(content=content)  
+
-    return response
+@router.put("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
 async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], userSingle: users.UserIn | None = None):
    user_repository = users.UserRepository(database=database.database)
    current_user.username = userSingle.username
    current_user.password = user_token.get_password_hash(userSingle.password)
    current_user.roles = userSingle.roles
    current_user.email = userSingle.email
    user_repository.save(current_user)
    return current_user
@router.put("/users", tags=["users"], response_model=users.User, status_code=status.HTTP_200_OK)
 async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None):
    if userSingle is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Body request is empty"
        )
    user_repository = users.UserRepository(database=database.database)
    user = user_repository.find_one_by({"username": {'$eq': userSingle.username}})
    if user is None:
        response.status_code = status.HTTP_201_CREATED
        user = users.User()
    user.username = userSingle.username
    user.password = user_token.get_password_hash(userSingle.password)
    user.roles = userSingle.roles
    user.email = userSingle.email
    user_repository.save(user)
    return user