neo-neo-todo/backend/src/neo_neo_todo/routes/token.py

from typing import Annotated

import bcrypt
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from fastapi_limiter.depends import RateLimiter
from psycopg_pool import AsyncConnectionPool

from src.neo_neo_todo.models.member import select_member_by_email
from src.neo_neo_todo.utils.database import get_pool

router = APIRouter(
    prefix="/token",
    tags=["token"],
)


@router.post(
    "",
    dependencies=[
        Depends(RateLimiter(times=100, seconds=600))
    ],  # rate limit login route
    status_code=status.HTTP_200_OK,  # default status code when login successful
)
async def login(
    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
    db_pool: AsyncConnectionPool = Depends(get_pool),
):
    """
    Login to the todo app

    If successful, save the returned cookie
    """
    member = await select_member_by_email(db_pool, form_data.username)

    if member is None:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Incorrect email or password",
        )

    passwords_match = bcrypt.checkpw(
        form_data.password.encode("utf-8"),
        member.password_hash.encode("utf-8"),
    )

    if passwords_match:
        # to handle login logic here
        pass
    else:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Incorrect email or password",
        )

    return {"access_token": member.email, "token_type": "bearer"}
feat(api): insecure login flow skeleton - Updated backend technical writeup 2024-03-11 22:33:30 -04:00			`from typing import Annotated`

			`import bcrypt`
			`from fastapi import APIRouter, Depends, HTTPException, status`
			`from fastapi.security import OAuth2PasswordRequestForm`
			`from fastapi_limiter.depends import RateLimiter`
			`from psycopg_pool import AsyncConnectionPool`

			`from src.neo_neo_todo.models.member import select_member_by_email`
			`from src.neo_neo_todo.utils.database import get_pool`

			`router = APIRouter(`
			`prefix="/token",`
			`tags=["token"],`
			`)`


			`@router.post(`
			`"",`
			`dependencies=[`
			`Depends(RateLimiter(times=100, seconds=600))`
			`], # rate limit login route`
			`status_code=status.HTTP_200_OK, # default status code when login successful`
			`)`
			`async def login(`
			`form_data: Annotated[OAuth2PasswordRequestForm, Depends()],`
			`db_pool: AsyncConnectionPool = Depends(get_pool),`
			`):`
			`"""`
			`Login to the todo app`

			`If successful, save the returned cookie`
			`"""`
			`member = await select_member_by_email(db_pool, form_data.username)`

			`if member is None:`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="Incorrect email or password",`
			`)`

			`passwords_match = bcrypt.checkpw(`
			`form_data.password.encode("utf-8"),`
			`member.password_hash.encode("utf-8"),`
			`)`

			`if passwords_match:`
			`# to handle login logic here`
			`pass`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="Incorrect email or password",`
			`)`

			`return {"access_token": member.email, "token_type": "bearer"}`