open-webui/backend/apps/web/routers/auths.py

137 lines
3.9 KiB
Python
Raw Normal View History

2023-11-19 00:47:12 +00:00
from fastapi import Response
from fastapi import Depends, FastAPI, HTTPException, status
from datetime import datetime, timedelta
from typing import List, Union
from fastapi import APIRouter
from pydantic import BaseModel
import time
import uuid
from apps.web.models.auths import (
SigninForm,
SignupForm,
2023-12-29 08:12:30 +00:00
UpdatePasswordForm,
2023-11-19 00:47:12 +00:00
UserResponse,
SigninResponse,
Auths,
)
from apps.web.models.users import Users
2023-11-19 08:13:59 +00:00
from utils.utils import (
get_password_hash,
bearer_scheme,
create_token,
)
from utils.misc import get_gravatar_url
from constants import ERROR_MESSAGES
2023-11-19 00:47:12 +00:00
2023-11-19 08:13:59 +00:00
router = APIRouter()
2023-11-19 00:47:12 +00:00
############################
# GetSessionUser
############################
@router.get("/", response_model=UserResponse)
async def get_session_user(cred=Depends(bearer_scheme)):
token = cred.credentials
user = Users.get_user_by_token(token)
if user:
return {
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
2023-11-19 05:41:43 +00:00
"profile_image_url": user.profile_image_url,
2023-11-19 00:47:12 +00:00
}
else:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
2023-11-19 05:41:43 +00:00
detail=ERROR_MESSAGES.INVALID_TOKEN,
2023-11-19 00:47:12 +00:00
)
2023-12-29 08:12:30 +00:00
############################
# Update Password
############################
@router.post("/update/password", response_model=bool)
async def update_password(form_data: UpdatePasswordForm, cred=Depends(bearer_scheme)):
token = cred.credentials
2023-12-29 08:26:47 +00:00
session_user = Users.get_user_by_token(token)
2023-12-29 08:12:30 +00:00
2023-12-29 08:26:47 +00:00
if session_user:
user = Auths.authenticate_user(session_user.email, form_data.password)
2023-12-29 08:12:30 +00:00
2023-12-29 08:26:47 +00:00
if user:
hashed = get_password_hash(form_data.new_password)
return Auths.update_user_password_by_id(user.id, form_data.password, hashed)
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)
2023-12-29 08:12:30 +00:00
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
2023-11-19 00:47:12 +00:00
############################
# SignIn
############################
@router.post("/signin", response_model=SigninResponse)
async def signin(form_data: SigninForm):
user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
if user:
token = create_token(data={"email": user.email})
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
2023-11-19 05:41:43 +00:00
"profile_image_url": user.profile_image_url,
2023-11-19 00:47:12 +00:00
}
else:
2023-11-19 05:41:43 +00:00
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
2023-11-19 00:47:12 +00:00
############################
# SignUp
############################
@router.post("/signup", response_model=SigninResponse)
async def signup(form_data: SignupForm):
if not Users.get_user_by_email(form_data.email.lower()):
try:
role = "admin" if Users.get_num_users() == 0 else "pending"
2023-11-19 00:47:12 +00:00
hashed = get_password_hash(form_data.password)
2023-12-28 03:10:56 +00:00
user = Auths.insert_new_auth(
form_data.email.lower(), hashed, form_data.name, role
)
2023-11-19 00:47:12 +00:00
if user:
token = create_token(data={"email": user.email})
# response.set_cookie(key='token', value=token, httponly=True)
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
2023-11-19 05:41:43 +00:00
"profile_image_url": user.profile_image_url,
2023-11-19 00:47:12 +00:00
}
else:
raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
2023-11-19 00:47:12 +00:00
except Exception as err:
raise HTTPException(500, detail=ERROR_MESSAGES.DEFAULT(err))
else:
2023-12-26 05:44:28 +00:00
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)