96 lines
3.3 KiB
Python
96 lines
3.3 KiB
Python
from datetime import datetime, timedelta, UTC
|
|
|
|
from cryptography.fernet import Fernet, InvalidToken
|
|
from jose import jwt
|
|
from passlib.context import CryptContext
|
|
|
|
from app.config import settings
|
|
from app.users.exceptions import (
|
|
IncorrectAuthDataException,
|
|
UserNotFoundException,
|
|
UserMustConfirmEmailException,
|
|
WrongCodeException,
|
|
)
|
|
from app.chat.exceptions import ChatNotFoundException, UserCanNotReadThisChatException
|
|
from app.utils.unit_of_work import UnitOfWork
|
|
from app.users.schemas import SUser, SInvitationData
|
|
|
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") # bcrypt не умеет больше 72 байт хешировать. Остальное обрезаем
|
|
|
|
cipher_suite = Fernet(settings.INVITATION_LINK_TOKEN_KEY)
|
|
|
|
class AuthService:
|
|
@staticmethod
|
|
def get_password_hash(password: str) -> str:
|
|
return pwd_context.hash(password.encode("utf-8")[:72])
|
|
|
|
@staticmethod
|
|
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
return pwd_context.verify(plain_password.encode("utf-8")[:72], hashed_password)
|
|
|
|
@staticmethod
|
|
def create_access_token(data: dict[str, str | datetime]) -> str:
|
|
to_encode = data.copy()
|
|
expire = datetime.now(UTC) + timedelta(days=30)
|
|
to_encode.update({"exp": expire})
|
|
encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, settings.ALGORITHM)
|
|
return encoded_jwt
|
|
|
|
@staticmethod
|
|
def encode_invitation_token(user_data: SInvitationData) -> str:
|
|
invitation_token = cipher_suite.encrypt(user_data.model_dump_json().encode())
|
|
return invitation_token.decode()
|
|
|
|
@staticmethod
|
|
def decode_invitation_token(invitation_token: str) -> SInvitationData:
|
|
try:
|
|
user_code = invitation_token.encode()
|
|
user_data = cipher_suite.decrypt(user_code)
|
|
return SInvitationData.model_validate_json(user_data)
|
|
except InvalidToken:
|
|
raise WrongCodeException
|
|
|
|
@staticmethod
|
|
def encode_confirmation_token(confirmation_code: str) -> str:
|
|
invitation_token = cipher_suite.encrypt(confirmation_code.encode())
|
|
return invitation_token.decode()
|
|
|
|
@staticmethod
|
|
def decode_confirmation_token(invitation_token: str) -> str:
|
|
try:
|
|
user_code = invitation_token.encode()
|
|
confirmation_code = cipher_suite.decrypt(user_code).decode()
|
|
return confirmation_code
|
|
except InvalidToken:
|
|
raise WrongCodeException
|
|
|
|
@classmethod
|
|
def get_confirmation_code(cls, user_code: str) -> str:
|
|
return user_code if len(user_code) == 6 else cls.decode_confirmation_token(user_code)
|
|
|
|
@classmethod
|
|
async def authenticate_user(cls, uow: UnitOfWork, email_or_username: str, password: str) -> SUser:
|
|
try:
|
|
async with uow:
|
|
user = await uow.user.find_one_by_username_or_email(username=email_or_username, email=email_or_username)
|
|
if not cls.verify_password(password, user.hashed_password):
|
|
raise IncorrectAuthDataException
|
|
return user
|
|
except UserNotFoundException:
|
|
raise IncorrectAuthDataException
|
|
|
|
@classmethod
|
|
async def check_verificated_user(cls, uow: UnitOfWork, user_id: int) -> None:
|
|
async with uow:
|
|
user = await uow.user.find_one(id=user_id)
|
|
if user.role < settings.VERIFICATED_USER:
|
|
raise UserMustConfirmEmailException
|
|
|
|
@classmethod
|
|
async def validate_user_access_to_chat(cls, uow: UnitOfWork, user_id: int, chat_id: int) -> None:
|
|
try:
|
|
async with uow:
|
|
await uow.chat.find_chat(chat_id=chat_id, user_id=user_id)
|
|
except ChatNotFoundException:
|
|
raise UserCanNotReadThisChatException
|
|
|