Spaces:

RocketFarmStudios
/

CPS-API

Sleeping

App Files Files Community

Ali2206 commited on May 22, 2025

Commit

8fbc1f3

verified ·

1 Parent(s): 77b0666

Update api/routes/auth.py

Browse files

Files changed (1) hide show

api/routes/auth.py +89 -136

api/routes/auth.py CHANGED Viewed

@@ -1,160 +1,113 @@
-from fastapi import APIRouter, HTTPException, Depends, status, Request
 from fastapi.security import OAuth2PasswordRequestForm
-from db.mongo import users_collection
-from core.security import hash_password, verify_password, create_access_token, get_current_user
-from models.schemas import SignupForm, TokenResponse, DoctorCreate
-from datetime import datetime
-import logging
-# Configure logging
-logging.basicConfig(
-    level=logging.INFO,
-    format='%(asctime)s - %(levelname)s - %(name)s - %(message)s'
 )
-logger = logging.getLogger(__name__)
 router = APIRouter()
-@router.post("/signup", status_code=status.HTTP_201_CREATED)
-async def signup(data: SignupForm):
-    logger.info(f"Signup attempt for email: {data.email}")
-    email = data.email.lower().strip()
-    existing = await users_collection.find_one({"email": email})
-    if existing:
-        logger.warning(f"Signup failed: Email already exists: {email}")
-        raise HTTPException(
-            status_code=status.HTTP_409_CONFLICT,
-            detail="Email already exists"
-        )
-    hashed_pw = hash_password(data.password)
-    user_doc = {
-        "email": email,
-        "full_name": data.full_name.strip(),
-        "password": hashed_pw,
-        "role": "patient",
-        "created_at": datetime.utcnow().isoformat(),
-        "updated_at": datetime.utcnow().isoformat()
-    }
-    try:
-        result = await users_collection.insert_one(user_doc)
-        logger.info(f"User created successfully: {email}")
-        return {
-            "status": "success",
-            "id": str(result.inserted_id),
-            "email": email
-        }
-    except Exception as e:
-        logger.error(f"Failed to create user {email}: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Failed to create user: {str(e)}"
-        )
-@router.post("/admin/doctors", status_code=status.HTTP_201_CREATED)
-async def create_doctor(
-    data: DoctorCreate,
-    current_user: dict = Depends(get_current_user)
 ):
-    logger.info(f"Doctor creation attempt by {current_user.get('email')}")
-    if current_user.get('role') != 'admin':
-        logger.warning(f"Unauthorized doctor creation attempt by {current_user.get('email')}")
-        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Only admins can create doctor accounts"
-        )
-    email = data.email.lower().strip()
-    existing = await users_collection.find_one({"email": email})
-    if existing:
-        logger.warning(f"Doctor creation failed: Email already exists: {email}")
-        raise HTTPException(
-            status_code=status.HTTP_409_CONFLICT,
-            detail="Email already exists"
-        )
-    hashed_pw = hash_password(data.password)
-    doctor_doc = {
-        "email": email,
-        "full_name": data.full_name.strip(),
-        "password": hashed_pw,
-        "role": "doctor",
-        "specialty": data.specialty,
-        "license_number": data.license_number,
-        "created_at": datetime.utcnow().isoformat(),
-        "updated_at": datetime.utcnow().isoformat()
-    }
-    try:
-        result = await users_collection.insert_one(doctor_doc)
-        logger.info(f"Doctor created successfully: {email}")
-        return {
-            "status": "success",
-            "id": str(result.inserted_id),
-            "email": email
-        }
-    except Exception as e:
-        logger.error(f"Failed to create doctor {email}: {str(e)}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Failed to create doctor: {str(e)}"
-        )
-@router.post("/login", response_model=TokenResponse)
-async def login(form_data: OAuth2PasswordRequestForm = Depends()):
-    logger.info(f"Login attempt for email: {form_data.username}")
-    user = await users_collection.find_one({"email": form_data.username.lower()})
     if not user or not verify_password(form_data.password, user["password"]):
-        logger.warning(f"Login failed for {form_data.username}: Invalid credentials")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid credentials",
-            headers={"WWW-Authenticate": "Bearer"}
         )
-    access_token = create_access_token(data={"sub": user["email"]})
-    logger.info(f"Successful login for {form_data.username}")
     return {
         "access_token": access_token,
         "token_type": "bearer",
-        "role": user.get("role", "patient")
     }
-@router.get("/me")
-async def get_me(request: Request, current_user: dict = Depends(get_current_user)):
-    logger.info(f"Fetching user profile for {current_user['email']}")
     try:
-        user = await users_collection.find_one({"email": current_user["email"]})
-        if not user:
-            logger.warning(f"User not found: {current_user['email']}")
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail="User not found"
-            )
-        response = {
-            "id": str(user["_id"]),
-            "email": user["email"],
-            "full_name": user.get("full_name", ""),
-            "role": user.get("role", "patient"),
-            "specialty": user.get("specialty"),
-            "created_at": user.get("created_at"),
-            "updated_at": user.get("updated_at")
-        }
-        logger.info(f"User profile retrieved for {current_user['email']}")
-        return response
     except Exception as e:
-        logger.error(f"Database error for user {current_user['email']}: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=f"Database error: {str(e)}"
         )
-@router.get("/test-auth")
-async def test_token_auth(current_user: dict = Depends(get_current_user)):
-    logger.info(f"Test auth successful for {current_user.get('email')}")
-    return {"status": "ok", "email": current_user.get("email"), "role": current_user.get("role")}
-# Export the router
-auth = router

+from fastapi import APIRouter, Depends, HTTPException, status, Request
 from fastapi.security import OAuth2PasswordRequestForm
+from db.mongo import get_user_db
+from core.security import (
+    create_access_token,
+    verify_token,
+    get_password_hash,
+    verify_password
 )
+from models.schemas import (
+    TokenResponse,
+    UserCreate,
+    UserInDB,
+    UserResponse
+)
+from datetime import timedelta
+import logging
+from core.config import settings
 router = APIRouter()
+logger = logging.getLogger(__name__)
+@router.post("/login", response_model=TokenResponse)
+async def login(
+    request: Request,
+    form_data: OAuth2PasswordRequestForm = Depends()
 ):
+    logger.info(f"Login attempt from {request.client.host}")
+    user_db = await get_user_db()
+    user = await user_db.find_one({"email": form_data.username.lower()})
     if not user or not verify_password(form_data.password, user["password"]):
+        logger.warning(f"Failed login attempt for {form_data.username}")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect email or password",
+            headers={"WWW-Authenticate": "Bearer"},
         )
+    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = create_access_token(
+        data={"sub": user["email"], "role": user.get("role", "user")},
+        expires_delta=access_token_expires
+    )
+    logger.info(f"Successful login for {user['email']}")
     return {
         "access_token": access_token,
         "token_type": "bearer",
+        "expires_in": access_token_expires.total_seconds()
     }
+@router.post("/signup", response_model=UserResponse)
+async def signup(user_in: UserCreate):
+    logger.info(f"Signup attempt for {user_in.email}")
+    user_db = await get_user_db()
+    if await user_db.find_one({"email": user_in.email.lower()}):
+        logger.warning(f"Email already registered: {user_in.email}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Email already registered"
+        )
+    hashed_password = get_password_hash(user_in.password)
+    db_user = UserInDB(
+        **user_in.dict(),
+        password=hashed_password,
+        role="user",
+        created_at=datetime.utcnow(),
+        updated_at=datetime.utcnow()
+    )
     try:
+        result = await user_db.insert_one(db_user.dict())
+        logger.info(f"User created: {user_in.email}")
+        return UserResponse(
+            id=str(result.inserted_id),
+            email=db_user.email,
+            full_name=db_user.full_name,
+            role=db_user.role
+        )
     except Exception as e:
+        logger.error(f"User creation failed: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="User creation failed"
         )
+@router.get("/me", response_model=UserResponse)
+async def read_users_me(
+    request: Request,
+    current_user: UserInDB = Depends(verify_token)
+):
+    logger.info(f"User profile request for {current_user.sub}")
+    user_db = await get_user_db()
+    user = await user_db.find_one({"email": current_user.sub})
+    if not user:
+        logger.error(f"User not found: {current_user.sub}")
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
+    return UserResponse(
+        id=str(user["_id"]),
+        email=user["email"],
+        full_name=user.get("full_name", ""),
+        role=user.get("role", "user")
+    )