shaapi 0.1.0__py3-none-any.whl

shaapi/template/backend/app/admin/api/v1/user.py

@@ -0,0 +1,47 @@
+from typing import Annotated, Union
+from fastapi import APIRouter, Path, Query, Request
+from backend.common.enums import Role
+from backend.common.pagination import DependsPagination, paging_data
+from backend.database.db_postgres import CurrentSession
+from backend.utils.serializers import select_as_dict
+
+from backend.app.admin.schema.user import GetUserInfoListDetails, UserUpdate
+from backend.app.admin.service.user_service import user_service
+from backend.common.response.response_schema import ResponseModel, response_base
+from backend.common.security.jwt import DependsJwtAuth
+
+router = APIRouter(prefix="/user", tags=["User"])
+
+
+
+# @router.get(
+#     "/{pk}",
+#     summary="Get user by ID",
+# )
+# async def get_user(request: Request, pk: Annotated[int, Path(...)]) -> ResponseModel:
+#     user = await user_service.get_by_id(user_id=pk)
+#     data = GetUserInfoListDetails(**select_as_dict(user))
+#     return response_base.success(request=request, data=data)
+
+
+@router.get(
+    "/",
+    summary="Get users pagination",
+    dependencies=[
+        DependsJwtAuth,
+        DependsPagination,
+    ],
+)
+async def get_pagination_users(
+    request: Request,
+    db: CurrentSession,
+    query: Annotated[str | None, Query()] = None,
+    role: Annotated[Union[Role, str] | None, Query()] = None,
+    status: Annotated[bool | None, Query()] = None,
+) -> ResponseModel:
+    user_select = await user_service.get_select(
+        q=query, role=role, status=status
+    )
+    page_data = await paging_data(db, user_select, GetUserInfoListDetails)
+    return response_base.success(request=request, data=page_data)
+

shaapi/template/backend/app/admin/schema/casbin_rule.py

@@ -0,0 +1,45 @@
+from pydantic import ConfigDict, Field
+
+from backend.common.enums import MethodType
+from backend.common.schema import SchemaBase
+
+
+class CreatePolicyParam(SchemaBase):
+    sub: str = Field(..., description='User x_id / Role x_id')
+    path: str = Field(..., description='api path')
+    method: MethodType = Field(default=MethodType.GET, description='Request method')
+
+
+class UpdatePolicyParam(CreatePolicyParam):
+    pass
+
+
+class DeletePolicyParam(CreatePolicyParam):
+    pass
+
+
+class DeleteAllPoliciesParam(SchemaBase):
+    uuid: str | None = None
+    role: str
+
+
+class CreateUserRoleParam(SchemaBase):
+    uuid: str = Field(..., description='User x_id')
+    role: str = Field(..., description='role')
+
+
+class DeleteUserRoleParam(CreateUserRoleParam):
+    pass
+
+
+class GetPolicyListDetails(SchemaBase):
+    model_config = ConfigDict(from_attributes=True)
+
+    id: int
+    ptype: str = Field(..., description='Rule type, p / g')
+    v0: str = Field(..., description='User uuid / Role')
+    v1: str = Field(..., description='api path / roles')
+    v2: str | None = None
+    v3: str | None = None
+    v4: str | None = None
+    v5: str | None = None

shaapi/template/backend/app/admin/schema/login_log.py

@@ -0,0 +1,36 @@
+from datetime import datetime
+
+from pydantic import ConfigDict
+
+from backend.common.schema import SchemaBase
+
+
+class LoginLogSchemaBase(SchemaBase):
+    user_x_id: str
+    email: str
+    status: int
+    ip: str
+    country: str | None
+    region: str | None
+    city: str | None
+    user_agent: str
+    browser: str | None
+    os: str | None
+    device: str | None
+    msg: str
+    login_time: datetime
+
+
+class CreateLoginLogParam(LoginLogSchemaBase):
+    pass
+
+
+class UpdateLoginLogParam(LoginLogSchemaBase):
+    pass
+
+
+class GetLoginLogListDetails(LoginLogSchemaBase):
+    model_config = ConfigDict(from_attributes=True)
+
+    id: int
+    created_time: datetime

shaapi/template/backend/app/admin/schema/opera_log.py

@@ -0,0 +1,43 @@
+from datetime import datetime
+
+from pydantic import ConfigDict, Field
+
+from backend.common.enums import StatusType
+from backend.common.schema import SchemaBase
+
+
+class OperaLogSchemaBase(SchemaBase):
+    trace_id: str
+    user_email: str | None = None
+    method: str
+    title: str
+    path: str
+    ip: str
+    country: str | None = None
+    region: str | None = None
+    city: str | None = None
+    user_agent: str
+    os: str | None = None
+    browser: str | None = None
+    device: str | None = None
+    args: dict | None = None
+    status: StatusType = Field(default=StatusType.enable)
+    code: str
+    msg: str | None = None
+    cost_time: float
+    opera_time: datetime
+
+
+class CreateOperaLogParam(OperaLogSchemaBase):
+    pass
+
+
+class UpdateOperaLogParam(OperaLogSchemaBase):
+    pass
+
+
+class GetOperaLogListDetails(OperaLogSchemaBase):
+    model_config = ConfigDict(from_attributes=True)
+
+    id: int
+    created_time: datetime

shaapi/template/backend/app/admin/schema/role.py

@@ -0,0 +1,36 @@
+from datetime import datetime
+
+from pydantic import ConfigDict, Field
+
+from backend.common.enums import RoleDataScopeType, StatusType
+from backend.common.schema import SchemaBase
+
+
+class RoleSchemaBase(SchemaBase):
+    name: str
+    data_scope: RoleDataScopeType = Field(
+        default=RoleDataScopeType.custom, description='Permission ranges (1: all data permissions 2: custom data permissions)'
+    )
+    status: StatusType = Field(default=StatusType.enable)
+    remark: str | None = None
+
+
+class CreateRoleParam(RoleSchemaBase):
+    pass
+
+
+class UpdateRoleParam(RoleSchemaBase):
+    pass
+
+
+class UpdateRoleMenuParam(SchemaBase):
+    menus: list[int]
+
+
+class GetRoleListDetails(RoleSchemaBase):
+    model_config = ConfigDict(from_attributes=True)
+
+    id: int
+    x_id: str
+    created_time: datetime
+    updated_time: datetime | None = None

shaapi/template/backend/app/admin/schema/sso.py

@@ -0,0 +1,37 @@
+from enum import Enum
+from typing import Optional
+
+from pydantic import AnyHttpUrl
+from pydantic import BaseModel
+from pydantic import EmailStr
+
+
+class SocialTypes(Enum):
+    facebook = "facebook"
+    google = "google"
+    msal = "msal"
+    linkedin = "linkedin"
+    github = "github"
+    gitlab = "gitlab"
+
+
+class OAuthRedirectLink(BaseModel):
+    
+    url: AnyHttpUrl
+
+
+class OAuthCodeResponseSchema(BaseModel):
+    code: str
+
+
+class OAuthTokenResponseSchema(BaseModel):
+    token: str
+
+
+class OAuthUserDataResponseSchema(BaseModel):
+    external_id: str
+    email: EmailStr
+    social_type: SocialTypes
+    img: Optional[AnyHttpUrl]
+    firstname: Optional[str]
+    lastname: Optional[str]

shaapi/template/backend/app/admin/schema/token.py

@@ -0,0 +1,74 @@
+from datetime import datetime
+from typing import Any
+
+
+from backend.common.schema import SchemaBase
+from backend.common.enums import Secure_token_type
+
+
+class GetRoleDetails(SchemaBase):
+    name: str
+    class Config:
+        from_attributes = True
+    
+class ConnectedUserInfo(SchemaBase):
+
+    id: int
+    x_id: str
+    profile_image: dict | None = None
+    firstname: str | None = None
+    lastname: str | None = None
+    phone: str | None = None
+    email: str
+    roles: list[GetRoleDetails] | None = None
+    country_code: str | None = None
+
+    class Config:
+        from_attributes = True
+
+class ConnectedCompanyInfo(SchemaBase):
+    id: int
+    x_id: str
+    name: str | None = None
+    email: str
+    logo: Any | None = None
+    min_members: int | None = None
+    max_members: int | None = None
+    email_verified: bool | None = None
+    country_code: str | None = None
+    role: GetRoleDetails | None = None
+
+    class Config:
+        from_attributes = True
+
+class GetSwaggerToken(SchemaBase):
+    access_token: str
+    token_type: str = 'Bearer'
+    user: Any
+
+
+class AccessTokenBase(SchemaBase):
+    access_token: str
+    access_token_type: str = 'Bearer'
+    access_token_expire_time: datetime
+
+
+class GetNewToken(AccessTokenBase):
+    pass
+
+
+class GetLoginToken(AccessTokenBase):
+    user: ConnectedUserInfo
+    pass
+
+
+class GetCompanyLoginToken(AccessTokenBase):
+    company: ConnectedCompanyInfo
+    pass
+
+class Secure_token(SchemaBase):
+    token_type: Secure_token_type
+    token: str
+    user_x_id: str
+    used: bool = False
+    expiration: datetime | None = None

shaapi/template/backend/app/admin/schema/user.py

@@ -0,0 +1,93 @@
+from datetime import datetime
+
+from pydantic import ConfigDict, EmailStr, Field, HttpUrl, model_validator
+from typing_extensions import Self
+
+from backend.common.enums import StatusType
+from backend.common.schema import SchemaBase
+from backend.app.admin.schema.role import GetRoleListDetails
+
+
+
+class UserBase(SchemaBase):
+    firstname: str | None = None
+    lastname: str | None = None
+    fullname: str | None = None
+    phone: str | None = None
+    pseudo: str | None = None
+    email_verified: bool = False
+    country_code: str | None = None
+    profile_image: dict | None = None
+    
+
+class UserLoginSchema(SchemaBase):
+    email: EmailStr
+    password: str
+
+
+class UserRegister(SchemaBase):
+    password: str
+    email: EmailStr
+
+
+class UserUpdate(UserBase):
+    pass
+
+
+class UpdateUserParam(SchemaBase):
+    firstname: str | None = None
+    lastname: str | None = None
+    email: EmailStr | None = None
+    phone: str | None = None
+
+
+class UserResetPassword(SchemaBase):
+    new_password: str
+    confirm_password: str
+
+
+class UserInfoSchemaBase(UserBase):
+    email: EmailStr
+
+
+
+class GetUserInfoNoRelationDetail(UserInfoSchemaBase):
+    model_config = ConfigDict(from_attributes=True)
+
+    id: int
+    x_id: str
+    profile_image: dict | None = None
+    status: bool
+    join_time: datetime = None
+    last_login_time: datetime | None = None
+
+
+
+class GetUserInfoListDetails(GetUserInfoNoRelationDetail):
+    model_config = ConfigDict(from_attributes=True)
+
+    roles: list[GetRoleListDetails] | None = []
+
+
+class GetCurrentUserInfoDetail(GetUserInfoListDetails):
+    model_config = ConfigDict(from_attributes=True)
+
+    roles: list[GetRoleListDetails] | list[str] | None = []
+
+    @model_validator(mode='after')
+    def handel(self) -> Self:
+        """Dealing with sectors and roles"""
+        roles = self.roles
+        if roles:
+            self.roles = [{'name': role.name} for role in roles]  # type: ignore
+        return self
+
+
+class CurrentUserIns(GetUserInfoListDetails):
+    model_config = ConfigDict(from_attributes=True)
+
+
+class UpdatePasswordParam(SchemaBase):
+    old_password: str
+    new_password: str
+    confirm_password: str

shaapi/template/backend/app/admin/service/auth_service.py

@@ -0,0 +1,233 @@
+from fastapi import Request, Response
+from fastapi.security import HTTPBasicCredentials
+from datetime import datetime
+from starlette.background import BackgroundTask, BackgroundTasks
+
+from backend.crud.crud_user import user_dao
+from backend.models.user import User
+from backend.app.admin.schema.token import GetLoginToken, GetNewToken
+from backend.app.admin.schema.user import UserLoginSchema, UserRegister
+from backend.app.admin.service.login_log_service import LoginLogService
+from backend.common.enums import LoginLogStatusType
+from backend.common.exception import errors
+from backend.common.security.jwt import (
+    create_access_token,
+    create_new_token,
+    create_refresh_token,
+    get_token,
+    jwt_decode,
+    password_verify,
+)
+from backend.core.conf import settings
+from backend.database.db_postgres import async_db_session
+from backend.database.db_redis import redis_client
+from backend.utils.timezone import timezone
+from backend.utils.translator import Translator
+
+
+class AuthService:
+    @staticmethod
+    async def swagger_login(*, obj: HTTPBasicCredentials) -> tuple[str, User]:
+        async with async_db_session.begin() as db:
+            current_user = await user_dao.get_by_email(db, obj.username)
+            if not current_user:
+                raise errors.NotFoundError(msg='Incorrect email or password')
+            elif not password_verify(f'{obj.password}{current_user.salt}', current_user.password):
+                raise errors.AuthorizationError(msg='Incorrect email or password')
+            elif not current_user.status:
+                raise errors.AuthorizationError(msg='The user has been locked out. Please contact the system useristrator.')
+            access_token = await create_access_token(str(current_user.x_id), False)
+            await user_dao.update_login_time(db, obj.username)
+            return access_token.access_token, current_user
+
+    @staticmethod
+    async def register(
+        *, request: Request, response: Response, obj: UserRegister, background_tasks: BackgroundTasks
+        ) -> GetLoginToken:
+        translator = Translator(request.state.locale)
+
+        async with async_db_session.begin() as db:
+            if not obj.password:
+                raise errors.ForbiddenError(msg=translator.t('auth.enpty_password'))
+            
+            email = await user_dao.get_by_email(db, obj.email)
+            if email:
+                raise errors.ForbiddenError(msg=translator.t('auth.exist'))
+            
+            new_user = await user_dao.add(db, obj)
+
+            # current_user_id = new_user.x_id
+            # is_multi_login = new_user.is_multi_login
+            user_x_id = new_user.x_id
+            email = new_user.email
+            
+            access_token = await create_access_token(str(user_x_id), False)
+            refresh_token = await create_refresh_token(str(user_x_id), False)
+
+            n_user = await user_dao.get_with_relation(db, x_id=user_x_id, populates=['roles'])
+        
+            background_tasks.add_task(
+                LoginLogService.create,
+                **dict(
+                    db=db,
+                    request=request,
+                    user_x_id=user_x_id,
+                    email=email,
+                    login_time=datetime.now(),
+                    status=LoginLogStatusType.success.value,
+                    msg=translator.t('auth.successful'),
+                )
+            )
+
+            # await user_dao.update_login_time(db, obj.email)
+            response.set_cookie(
+                key=settings.COOKIE_REFRESH_TOKEN_KEY,
+                value=refresh_token.refresh_token,
+                max_age=settings.COOKIE_REFRESH_TOKEN_EXPIRE_SECONDS,
+                expires=timezone.f_utc(refresh_token.refresh_token_expire_time),
+                httponly=True,
+                samesite='none'
+            )
+            
+            data = GetLoginToken(
+                access_token=access_token.access_token,
+                access_token_expire_time=access_token.access_token_expire_time,
+                user=n_user,  # type: ignore
+            )
+            return data
+
+
+    @staticmethod
+    async def login(
+        *, request: Request, response: Response, obj: UserLoginSchema, background_tasks: BackgroundTasks
+    ) -> GetLoginToken:
+        translator = Translator(request.state.locale)
+
+        async with async_db_session.begin() as db:
+            try:
+                current_user = await user_dao.get_by_email(db, email=obj.email, populates=['roles'])
+                if not current_user:
+                    raise errors.NotFoundError(msg=translator.t('auth.incorrect_credential'))
+
+                user_x_id = current_user.x_id
+                email = current_user.email
+
+                if not password_verify(obj.password + current_user.salt, current_user.password):
+                    raise errors.AuthorizationError(msg=translator.t('auth.incorrect_credential'))
+                elif not current_user.status:
+                    raise errors.AuthorizationError(msg=translator.t('auth.account_locked'))
+
+                access_token = await create_access_token(str(user_x_id), False)
+                refresh_token = await create_refresh_token(str(user_x_id), False)
+
+            except errors.NotFoundError as e:
+                raise errors.NotFoundError(msg=e.msg)
+            except (errors.AuthorizationError, errors.CustomError) as e:
+                task = BackgroundTask(
+                    LoginLogService.create,
+                    **dict(
+                        db=db,
+                        request=request,
+                        user_x_id=user_x_id,
+                        email=email,
+                        login_time=datetime.now(),
+                        status=LoginLogStatusType.fail.value,
+                        msg=e.msg,
+                    ),
+                )
+                raise errors.AuthorizationError(msg=e.msg, background=task)
+            except Exception as e:
+                raise e
+            else:
+                background_tasks.add_task(
+                    LoginLogService.create,
+                    **dict(
+                        db=db,
+                        request=request,
+                        user_x_id=user_x_id,
+                        email=email,
+                        login_time=datetime.now(),
+                        status=LoginLogStatusType.success.value,
+                        msg=translator.t('auth.successful'),
+                    ),
+                )
+                # await redis_client.delete(f'{user_settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{request.state.ip}')
+
+                await user_dao.update_login_time(db, obj.email)
+                response.set_cookie(
+                    key=settings.COOKIE_REFRESH_TOKEN_KEY,
+                    value=refresh_token.refresh_token,
+                    max_age=settings.COOKIE_REFRESH_TOKEN_EXPIRE_SECONDS,
+                    expires=timezone.f_utc(refresh_token.refresh_token_expire_time),
+                    httponly=True,
+                    samesite='none'
+                )
+                await db.refresh(current_user)
+                data = GetLoginToken(
+                    access_token=access_token.access_token,
+                    access_token_expire_time=access_token.access_token_expire_time,
+                    user=current_user,  # type: ignore
+                )
+                return data
+
+
+    @staticmethod
+    async def new_token(*, request: Request, response: Response) -> GetNewToken:
+        translator = Translator(request.state.locale)
+        refresh_token = request.cookies.get(settings.COOKIE_REFRESH_TOKEN_KEY)
+
+        if not refresh_token:
+            raise errors.TokenError(msg=translator.t('auth.refresh_token_not_found'))
+        try:
+            user_x_id = jwt_decode(refresh_token)
+        except Exception:
+            raise errors.TokenError(msg=translator.t('auth.invalid_refresh_token'))
+        # if request.user.id != user_id:
+        #     raise errors.TokenError(msg='Refresh Token is invalid')
+        async with async_db_session() as db:
+            current_user = await user_dao.get_by_x_id(db, user_x_id)
+            if not current_user:
+                raise errors.NotFoundError(msg=translator.t('auth.incorrect_credential'))
+            elif not current_user.status:
+                raise errors.AuthorizationError(msg=translator.t('auth.account_locked'))
+            current_token = get_token(request)
+            new_token = await create_new_token(
+                sub=str(current_user.x_id),
+                token=current_token,
+                refresh_token=refresh_token,
+                multi_login=False,
+            )
+            response.set_cookie(
+                key=settings.COOKIE_REFRESH_TOKEN_KEY,
+                value=new_token.new_refresh_token,
+                max_age=settings.COOKIE_REFRESH_TOKEN_EXPIRE_SECONDS,
+                expires=timezone.f_utc(new_token.new_refresh_token_expire_time),
+                httponly=True,
+                samesite='none'
+            )
+            data = GetNewToken(
+                access_token=new_token.new_access_token,
+                access_token_expire_time=new_token.new_access_token_expire_time,
+            )
+            return data
+
+
+    @staticmethod
+    async def logout(*, request: Request, response: Response) -> None:
+        token = get_token(request)
+        refresh_token = request.cookies.get(settings.COOKIE_REFRESH_TOKEN_KEY)
+        response.delete_cookie(settings.COOKIE_REFRESH_TOKEN_KEY)
+        # if request.user.is_multi_login:
+        #     key = f'{settings.TOKEN_REDIS_PREFIX}:{request.user.id}:{token}'
+        #     await redis_client.delete(key)
+        #     if refresh_token:
+        #         key = f'{settings.TOKEN_REFRESH_REDIS_PREFIX}:{request.user.id}:{refresh_token}'
+        #         await redis_client.delete(key)
+        # else:
+        key_prefix = f'{settings.TOKEN_REDIS_PREFIX}:{request.user.x_id}:'
+        await redis_client.delete_prefix(key_prefix)
+        key_prefix = f'{settings.TOKEN_REFRESH_REDIS_PREFIX}:{request.user.x_id}:'
+        await redis_client.delete_prefix(key_prefix)
+
+
+auth_service = AuthService()