open-webui/backend/apps/web/routers/auths.py

from fastapi import Response, Request
from fastapi import Depends, FastAPI, HTTPException, status
from datetime import datetime, timedelta
from typing import List, Union

from fastapi import APIRouter
from pydantic import BaseModel
import time
import uuid

from apps.web.models.auths import (
    SigninForm,
    SignupForm,
    UpdatePasswordForm,
    UserResponse,
    SigninResponse,
    Auths,
)
from apps.web.models.users import Users

from utils.utils import get_password_hash, get_current_user, create_token
from utils.misc import get_gravatar_url, validate_email_format
from constants import ERROR_MESSAGES

router = APIRouter()

############################
# GetSessionUser
############################


@router.get("/", response_model=UserResponse)
async def get_session_user(user=Depends(get_current_user)):
    return {
        "id": user.id,
        "email": user.email,
        "name": user.name,
        "role": user.role,
        "profile_image_url": user.profile_image_url,
    }


############################
# Update Password
############################


@router.post("/update/password", response_model=bool)
async def update_password(form_data: UpdatePasswordForm,
                          session_user=Depends(get_current_user)):
    if session_user:
        user = Auths.authenticate_user(session_user.email, form_data.password)

        if user:
            hashed = get_password_hash(form_data.new_password)
            return Auths.update_user_password_by_id(user.id, hashed)
        else:
            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)
    else:
        raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)


############################
# SignIn
############################


@router.post("/signin", response_model=SigninResponse)
async def signin(form_data: SigninForm):
    user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
    if user:
        token = create_token(data={"email": user.email})

        return {
            "token": token,
            "token_type": "Bearer",
            "id": user.id,
            "email": user.email,
            "name": user.name,
            "role": user.role,
            "profile_image_url": user.profile_image_url,
        }
    else:
        raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)


############################
# SignUp
############################


@router.post("/signup", response_model=SigninResponse)
async def signup(request: Request, form_data: SignupForm):
    if request.app.state.ENABLE_SIGNUP:
        if validate_email_format(form_data.email.lower()):
            if not Users.get_user_by_email(form_data.email.lower()):
                try:
                    role = "admin" if Users.get_num_users() == 0 else "pending"
                    hashed = get_password_hash(form_data.password)
                    user = Auths.insert_new_auth(form_data.email.lower(),
                                                 hashed, form_data.name, role)

                    if user:
                        token = create_token(data={"email": user.email})
                        # response.set_cookie(key='token', value=token, httponly=True)

                        return {
                            "token": token,
                            "token_type": "Bearer",
                            "id": user.id,
                            "email": user.email,
                            "name": user.name,
                            "role": user.role,
                            "profile_image_url": user.profile_image_url,
                        }
                    else:
                        raise HTTPException(
                            500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
                except Exception as err:
                    raise HTTPException(500,
                                        detail=ERROR_MESSAGES.DEFAULT(err))
            else:
                raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
        else:
            raise HTTPException(400,
                                detail=ERROR_MESSAGES.INVALID_EMAIL_FORMAT)
    else:
        raise HTTPException(400, detail=ERROR_MESSAGES.ACCESS_PROHIBITED)


############################
# ToggleSignUp
############################


@router.get("/signup/enabled", response_model=bool)
async def get_sign_up_status(request: Request, user=Depends(get_current_user)):
    if user.role == "admin":
        return request.app.state.ENABLE_SIGNUP
    else:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
        )


@router.get("/signup/enabled/toggle", response_model=bool)
async def toggle_sign_up(request: Request, user=Depends(get_current_user)):
    if user.role == "admin":
        request.app.state.ENABLE_SIGNUP = not request.app.state.ENABLE_SIGNUP
        return request.app.state.ENABLE_SIGNUP
    else:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
        )
feat: toggle signup enable from admin panel 2024-01-01 21:32:28 +01:00			`from fastapi import Response, Request`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`from fastapi import Depends, FastAPI, HTTPException, status`
			`from datetime import datetime, timedelta`
			`from typing import List, Union`

			`from fastapi import APIRouter`
			`from pydantic import BaseModel`
			`import time`
			`import uuid`

			`from apps.web.models.auths import (`
			`SigninForm,`
			`SignupForm,`
feat: change password support 2023-12-29 09:12:30 +01:00			`UpdatePasswordForm,`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`UserResponse,`
			`SigninResponse,`
			`Auths,`
			`)`
			`from apps.web.models.users import Users`

refac: remove the verify_token and use get-current user for auth+user 2024-01-01 09:55:50 +01:00			`from utils.utils import get_password_hash, get_current_user, create_token`
feat/fix: email format validation 2024-01-03 01:22:48 +01:00			`from utils.misc import get_gravatar_url, validate_email_format`
feat: admin panel added 2023-11-19 09:13:59 +01:00			`from constants import ERROR_MESSAGES`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00
feat: admin panel added 2023-11-19 09:13:59 +01:00			`router = APIRouter()`

feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`############################`
			`# GetSessionUser`
			`############################`


refac: remove the verify_token and use get-current user for auth+user 2024-01-01 09:55:50 +01:00			`@router.get("/", response_model=UserResponse)`
refac: use dependencies to verify token - feat: added new util to get the current user when needed. Middleware was adding authentication logic to all the routes. let's revisit if we can move the non-auth endpoints to a separate route. - refac: update the routes to use new helpers for verification and retrieving user - chore: added black for local formatting of py code 2023-12-30 11:53:33 +01:00			`async def get_session_user(user=Depends(get_current_user)):`
			`return {`
			`"id": user.id,`
			`"email": user.email,`
			`"name": user.name,`
			`"role": user.role,`
			`"profile_image_url": user.profile_image_url,`
			`}`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00

feat: change password support 2023-12-29 09:12:30 +01:00			`############################`
			`# Update Password`
			`############################`


refac: remove the verify_token and use get-current user for auth+user 2024-01-01 09:55:50 +01:00			`@router.post("/update/password", response_model=bool)`
chore: :rotating_light: lint and format 2024-01-03 23:33:57 +01:00			`async def update_password(form_data: UpdatePasswordForm,`
			`session_user=Depends(get_current_user)):`
feat: change password frontend added 2023-12-29 09:26:47 +01:00			`if session_user:`
			`user = Auths.authenticate_user(session_user.email, form_data.password)`
feat: change password support 2023-12-29 09:12:30 +01:00
feat: change password frontend added 2023-12-29 09:26:47 +01:00			`if user:`
			`hashed = get_password_hash(form_data.new_password)`
chore: update password refac 2023-12-29 09:29:18 +01:00			`return Auths.update_user_password_by_id(user.id, hashed)`
feat: change password frontend added 2023-12-29 09:26:47 +01:00			`else:`
			`raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)`
feat: change password support 2023-12-29 09:12:30 +01:00			`else:`
			`raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)`


feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`############################`
			`# SignIn`
			`############################`


			`@router.post("/signin", response_model=SigninResponse)`
			`async def signin(form_data: SigninForm):`
			`user = Auths.authenticate_user(form_data.email.lower(), form_data.password)`
			`if user:`
			`token = create_token(data={"email": user.email})`

			`return {`
			`"token": token,`
			`"token_type": "Bearer",`
			`"id": user.id,`
			`"email": user.email,`
			`"name": user.name,`
			`"role": user.role,`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`"profile_image_url": user.profile_image_url,`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`}`
			`else:`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00

			`############################`
			`# SignUp`
			`############################`


			`@router.post("/signup", response_model=SigninResponse)`
feat: toggle signup enable from admin panel 2024-01-01 21:32:28 +01:00			`async def signup(request: Request, form_data: SignupForm):`
			`if request.app.state.ENABLE_SIGNUP:`
feat/fix: email format validation 2024-01-03 01:22:48 +01:00			`if validate_email_format(form_data.email.lower()):`
			`if not Users.get_user_by_email(form_data.email.lower()):`
			`try:`
			`role = "admin" if Users.get_num_users() == 0 else "pending"`
			`hashed = get_password_hash(form_data.password)`
chore: :rotating_light: lint and format 2024-01-03 23:33:57 +01:00			`user = Auths.insert_new_auth(form_data.email.lower(),`
			`hashed, form_data.name, role)`
feat/fix: email format validation 2024-01-03 01:22:48 +01:00
			`if user:`
			`token = create_token(data={"email": user.email})`
			`# response.set_cookie(key='token', value=token, httponly=True)`

			`return {`
			`"token": token,`
			`"token_type": "Bearer",`
			`"id": user.id,`
			`"email": user.email,`
			`"name": user.name,`
			`"role": user.role,`
			`"profile_image_url": user.profile_image_url,`
			`}`
			`else:`
			`raise HTTPException(`
chore: :rotating_light: lint and format 2024-01-03 23:33:57 +01:00			`500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)`
feat/fix: email format validation 2024-01-03 01:22:48 +01:00			`except Exception as err:`
chore: :rotating_light: lint and format 2024-01-03 23:33:57 +01:00			`raise HTTPException(500,`
			`detail=ERROR_MESSAGES.DEFAULT(err))`
feat/fix: email format validation 2024-01-03 01:22:48 +01:00			`else:`
			`raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)`
feat: toggle signup enable from admin panel 2024-01-01 21:32:28 +01:00			`else:`
chore: :rotating_light: lint and format 2024-01-03 23:33:57 +01:00			`raise HTTPException(400,`
			`detail=ERROR_MESSAGES.INVALID_EMAIL_FORMAT)`
feat: toggle signup enable from admin panel 2024-01-01 21:32:28 +01:00			`else:`
			`raise HTTPException(400, detail=ERROR_MESSAGES.ACCESS_PROHIBITED)`


			`############################`
			`# ToggleSignUp`
			`############################`


			`@router.get("/signup/enabled", response_model=bool)`
			`async def get_sign_up_status(request: Request, user=Depends(get_current_user)):`
			`if user.role == "admin":`
			`return request.app.state.ENABLE_SIGNUP`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail=ERROR_MESSAGES.ACCESS_PROHIBITED,`
			`)`


			`@router.get("/signup/enabled/toggle", response_model=bool)`
			`async def toggle_sign_up(request: Request, user=Depends(get_current_user)):`
			`if user.role == "admin":`
			`request.app.state.ENABLE_SIGNUP = not request.app.state.ENABLE_SIGNUP`
			`return request.app.state.ENABLE_SIGNUP`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`else:`
feat: toggle signup enable from admin panel 2024-01-01 21:32:28 +01:00			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail=ERROR_MESSAGES.ACCESS_PROHIBITED,`
			`)`