implement authentication via token

webservice/dbfunctions.py

@@ -2,6 +2,9 @@ import os
 from sqlmodel import create_engine, Session
 from dotenv import load_dotenv
 from models import SensorData, Client
+from models import Session as SessionModel
+from datetime import datetime
+
 
 # Lade Umgebungsvariablen
 load_dotenv()
@@ -21,3 +24,9 @@ def save_sensor_data(db: Session, sensor_data: SensorData):
 def get_client_id_by_name(db: Session, client_name: str):
     client = db.query(Client).filter(Client.name == client_name).first()
     return client.id if client else None  # Gibt die clientid zurück oder None, wenn nicht gefunden
+
+def validate_token(db: Session, token: str) -> bool:
+    session = db.query(SessionModel).filter(SessionModel.token == token).first()
+    if not session:
+        return False
+    return session.validuntil >= datetime.now().date()  # Überprüfe, ob das Token gültig ist

webservice/models.py

@@ -7,6 +7,21 @@ class MessageOnly(BaseModel):
     message: str
     timestamp: datetime = Field(default_factory=datetime.now)
 
+class User(SQLModel, table=True):
+    __tablename__ = "user"
+    id: int = Field(default=None, primary_key=True)
+    name: str = Field(max_length=50)
+    mail: str = Field(max_length=150)
+    password: str = Field(max_length=250)
+    api_access: bool = Field(default=False)
+
+class Session(SQLModel, table=True):
+    __tablename__ = "sessions"
+    id: int = Field(default=None, primary_key=True)
+    token: str = Field(max_length=96)
+    validuntil: datetime  # Verwende datetime hier
+    userid: int = Field(foreign_key="user.id")  # Foreign Key auf User
+
 class Client(SQLModel, table=True):
     __tablename__ = "clients"  # Definiere den Tabellennamen für Clients
     id: int = Field(default=None, primary_key=True)

webservice/webservice.py

@@ -2,9 +2,9 @@
 # INP21b - Timo Weber & Michael von Ah
 
 ################ IMPORTS ################
-from fastapi import FastAPI, Depends, HTTPException
+from fastapi import FastAPI, Depends, HTTPException, Header
 from sqlmodel import Session
-from dbfunctions import save_sensor_data, get_client_id_by_name, engine
+from dbfunctions import save_sensor_data, get_client_id_by_name, validate_token, engine
 from models import SensorDataIn, SensorData, MessageOnly 
  
 
@@ -24,25 +24,18 @@ def get_db():
     finally:
         db.close()
 
-# class Session(BaseModel):
+def authenticate_user(token: str, db: Session = Depends(get_db)):
-#     username: str = None
+    if not validate_token(db, token):
-#     token: str = None
+        raise HTTPException(status_code=401, detail="Invalid or expired token")
-#     message: str = None
-#     timestamp: datetime = datetime.now()
 
     
-
-
-# @app.post("/account/new-session", tags=["account"])
-# async def initNewSessionApi(username: str, password: str) -> Session:
-#     try:
-#         return Session(username="username", token="sessionToken", message="Session initiated successfully")
-#     except Exception as error:
-#         raise HTTPException(status_code=401, detail=f"{error}")
-    
 @app.post("/sensors/push-data", response_model=MessageOnly, tags=["sensors"])
-async def saveNewSensorData(token: str, client: str, data: SensorDataIn, db: Session = Depends(get_db)):
+async def saveNewSensorData(client: str, data: SensorDataIn, token: str = Header(...), db: Session = Depends(get_db)):
     try:
+        # Token-Validierung
+        if not validate_token(db, token):
+            raise HTTPException(status_code=401, detail="Invalid or expired token")
+
         # Ermittle die clientid basierend auf dem Client-Namen
         client_id = get_client_id_by_name(db, client)
         if client_id is None: