Th ddlmZmZmZddlmZddlmZmZddlm Z ddl m Z m Z m Z ddlmZddlmZddlmZdd lmZmZmZdd lmZmZe d gd ZedZdededefdZdedefdZ dedededeeeffdZ!d"de"deedffdZ#e ee efdedefdZ$e e$fdefd Z%e e%fdefd!Z&dS)#)datetime timedeltatimezone)Union)JWTErrorjwt) CryptContext)Depends HTTPExceptionstatus)OAuth2PasswordBearer)Session)get_db) SECRET_KEY ALGORITHMACCESS_TOKEN_EXPIRE_MINUTES)UserUserRolebcryptauto)schemes deprecatedz auth/login)tokenUrlplain_passwordhashed_passwordreturnc8t||S)z"Verify a password against its hash) pwd_contextverify)rrs +/home/runner/workspace/app/services/auth.pyverify_passwordr!s   no > >>passwordc6t|S)zHash a password)rhash)r#s r get_password_hashr&s   H % %%r"dbemailc|ttj|k}|sdSt ||jsdS|S)z)Authenticate a user by email and passwordF)queryrfilterr(firstr!r)r'r(r#users r authenticate_userr.s^ 88D>> u!4 5 5 ; ; = =D u 8T%9 : :u Kr"Ndata expires_deltacD|}|r"tjtj|z}n/tjtjt dz}|d|itj|tt}|S)zCreate a JWT access token)minutesexp) algorithm) copyrnowrutcrupdaterencoderr)r/r0 to_encodeexpire encoded_jwts r create_access_tokenr>#s IDhl++m;hl++i.C.C.CC eV_%%%*Y iHHHK r"tokencKttjdddi} tj|t t g}|d}||n#t$r|wxYw| t tj |k }|||S)z#Get the current user from JWT tokenzCould not validate credentialszWWW-AuthenticateBearer) status_codedetailheaders) algorithmssub)r r HTTP_401_UNAUTHORIZEDrdecoderrgetrr*rr+r(r,)r?r'credentials_exceptionpayloadr(r-s r get_current_userrL.s)0/#X. $*UJI;GGG[['' =' '  $$$##$ 88D>> u!4 5 5 ; ; = =D |## Ks ;A A+ current_userc:K|jstdd|S)zGet the current active useriz Inactive userrBrC) is_activer rMs r get_current_active_userrRBs+  !EODDDD r"cf|jtjkrttjd|S)zRequire admin rolezNot enough permissionsrO)rolerADMINr r HTTP_403_FORBIDDENrQs r require_adminrWHs:HN**1+     r")N)'rrrtypingrjoserrpasslib.contextr fastapir r r fastapi.securityr sqlalchemy.ormrapp.core.databaserapp.core.configrrr app.modelsrrr oauth2_schemestrboolr!r&r.dictr>rLrRrWr"r rfsu2222222222((((((2222222222111111""""""$$$$$$NNNNNNNNNN%%%%%%%%lH:&AAA %$l;;; ?C?#?$????&&&&&&'#tTzAR  d 5D3I    )0 (>(>ggV\oo#G(8?w?O7P7P (/w/F'G'Gr"