open-webui/backend/apps/web/routers/auths.py

from fastapi import Response
from fastapi import Depends, FastAPI, HTTPException, status
from datetime import datetime, timedelta
from typing import List, Union

from fastapi import APIRouter
from pydantic import BaseModel
import time
import uuid

from apps.web.models.auths import (
    SigninForm,
    SignupForm,
    UserResponse,
    SigninResponse,
    Auths,
)
from apps.web.models.users import Users


from utils.utils import (
    get_password_hash,
    bearer_scheme,
    create_token,
)
from utils.misc import get_gravatar_url
from constants import ERROR_MESSAGES


router = APIRouter()

############################
# GetSessionUser
############################


@router.get("/", response_model=UserResponse)
async def get_session_user(cred=Depends(bearer_scheme)):
    token = cred.credentials
    user = Users.get_user_by_token(token)
    if user:
        return {
            "id": user.id,
            "email": user.email,
            "name": user.name,
            "role": user.role,
            "profile_image_url": user.profile_image_url,
        }
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.INVALID_TOKEN,
        )


############################
# SignIn
############################


@router.post("/signin", response_model=SigninResponse)
async def signin(form_data: SigninForm):
    user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
    if user:
        token = create_token(data={"email": user.email})

        return {
            "token": token,
            "token_type": "Bearer",
            "id": user.id,
            "email": user.email,
            "name": user.name,
            "role": user.role,
            "profile_image_url": user.profile_image_url,
        }
    else:
        raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)


############################
# SignUp
############################


@router.post("/signup", response_model=SigninResponse)
async def signup(form_data: SignupForm):
    if not Users.get_user_by_email(form_data.email.lower()):
        try:
            role = "admin" if Users.get_num_users() == 0 else "pending"
            hashed = get_password_hash(form_data.password)
            user = Auths.insert_new_auth(form_data.email, hashed, form_data.name, role)

            if user:
                token = create_token(data={"email": user.email})
                # response.set_cookie(key='token', value=token, httponly=True)

                return {
                    "token": token,
                    "token_type": "Bearer",
                    "id": user.id,
                    "email": user.email,
                    "name": user.name,
                    "role": user.role,
                    "profile_image_url": user.profile_image_url,
                }
            else:
                raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
        except Exception as err:
            raise HTTPException(500, detail=ERROR_MESSAGES.DEFAULT(err))
    else:
        raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`from fastapi import Response`
			`from fastapi import Depends, FastAPI, HTTPException, status`
			`from datetime import datetime, timedelta`
			`from typing import List, Union`

			`from fastapi import APIRouter`
			`from pydantic import BaseModel`
			`import time`
			`import uuid`

			`from apps.web.models.auths import (`
			`SigninForm,`
			`SignupForm,`
			`UserResponse,`
			`SigninResponse,`
			`Auths,`
			`)`
			`from apps.web.models.users import Users`


feat: admin panel added 2023-11-19 09:13:59 +01:00			`from utils.utils import (`
			`get_password_hash,`
			`bearer_scheme,`
			`create_token,`
			`)`
			`from utils.misc import get_gravatar_url`
			`from constants import ERROR_MESSAGES`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00

feat: admin panel added 2023-11-19 09:13:59 +01:00			`router = APIRouter()`

feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`############################`
			`# GetSessionUser`
			`############################`


			`@router.get("/", response_model=UserResponse)`
			`async def get_session_user(cred=Depends(bearer_scheme)):`
			`token = cred.credentials`
			`user = Users.get_user_by_token(token)`
			`if user:`
			`return {`
			`"id": user.id,`
			`"email": user.email,`
			`"name": user.name,`
			`"role": user.role,`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`"profile_image_url": user.profile_image_url,`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`}`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`detail=ERROR_MESSAGES.INVALID_TOKEN,`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`)`


			`############################`
			`# SignIn`
			`############################`


			`@router.post("/signin", response_model=SigninResponse)`
			`async def signin(form_data: SigninForm):`
			`user = Auths.authenticate_user(form_data.email.lower(), form_data.password)`
			`if user:`
			`token = create_token(data={"email": user.email})`

			`return {`
			`"token": token,`
			`"token_type": "Bearer",`
			`"id": user.id,`
			`"email": user.email,`
			`"name": user.name,`
			`"role": user.role,`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`"profile_image_url": user.profile_image_url,`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`}`
			`else:`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00

			`############################`
			`# SignUp`
			`############################`


			`@router.post("/signup", response_model=SigninResponse)`
			`async def signup(form_data: SignupForm):`
			`if not Users.get_user_by_email(form_data.email.lower()):`
			`try:`
feat: set first user to admin by default 2023-11-19 09:41:29 +01:00			`role = "admin" if Users.get_num_users() == 0 else "pending"`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`hashed = get_password_hash(form_data.password)`
feat: set first user to admin by default 2023-11-19 09:41:29 +01:00			`user = Auths.insert_new_auth(form_data.email, hashed, form_data.name, role)`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00
			`if user:`
			`token = create_token(data={"email": user.email})`
			`# response.set_cookie(key='token', value=token, httponly=True)`

			`return {`
			`"token": token,`
			`"token_type": "Bearer",`
			`"id": user.id,`
			`"email": user.email,`
			`"name": user.name,`
			`"role": user.role,`
feat: basic RBAC support 2023-11-19 06:41:43 +01:00			`"profile_image_url": user.profile_image_url,`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`}`
			`else:`
feat: improved error message for signup 2023-12-27 21:06:22 +01:00			`raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)`
feat: multi-user support w/ RBAC 2023-11-19 01:47:12 +01:00			`except Exception as err:`
			`raise HTTPException(500, detail=ERROR_MESSAGES.DEFAULT(err))`
			`else:`
feat: db migration to sqlite 2023-12-26 06:44:28 +01:00			`raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)`