michi.vonah/bbzw-horizon
1
0
Fork 0
mirror of https://github.com/michivonah/bbzw-horizon.git synced 2025-12-22 17:16:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

implement token generation endpoint

Browse source
This commit is contained in:
Michi 2025-03-30 18:15:51 +02:00
parent 7f24ba04da
commit b1d7363e81
6 changed files with 64 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
db/create_users.sql
View file

@ -6,3 +6,6 @@ INSERT INTO "sessions" ("token", "userid", "validuntil") VALUES
INSERT INTO "clients" ("name") VALUES INSERT INTO "clients" ("name") VALUES
('1.54'); ('1.54');
INSERT INTO "user" ("name", "api_access", "password") VALUES
('sepp', True, '473287f8298dba7163a897908958f7c0eae733e25d2e027992ea2edc9bed2fa8'); -- PASSWORD: string

2
webservice/README.md
View file

@ -2,6 +2,8 @@
Developer Mode starten: fastapi dev webservice.py Developer Mode starten: fastapi dev webservice.py
SHA256 Hash generieren: echo -n "string" | shasum -a 256
## Error Table ## Error Table
| Errorcode | Type | Definition | | Errorcode | Type | Definition |

11
webservice/crypto.py Normal file
View file

@ -0,0 +1,11 @@
# crypto.py
import hashlib
import secrets
def hash_password(password: str) -> str:
"""Generiert einen SHA-256 Hash des gegebenen Passworts."""
return hashlib.sha256(password.encode()).hexdigest()
def generate_new_token(length: int = 32) -> str:
"""Generiert einen neuen sicheren Token."""
return secrets.token_hex(length) # Erzeugt einen sicheren Token

6
webservice/dbfunctions.py
View file

@ -51,3 +51,9 @@ def check_api_access(db: Session, token: str) -> bool:
# Überprüfe, ob api_access True ist # Überprüfe, ob api_access True ist
return user.api_access if user else False # Gibt True oder False zurück return user.api_access if user else False # Gibt True oder False zurück
def save_token_to_db(db: Session, token: str, user_id: int, valid_until: datetime):
new_session = SessionModel(token=token, validuntil=valid_until, userid=user_id)
db.add(new_session)
db.commit()
db.refresh(new_session)

4
webservice/models.py
View file

@ -7,6 +7,10 @@ class MessageOnly(BaseModel):
message: str message: str
timestamp: datetime = Field(default_factory=datetime.now) timestamp: datetime = Field(default_factory=datetime.now)
class TokenResponse(BaseModel):
token: str
validuntil: datetime
class User(SQLModel, table=True): class User(SQLModel, table=True):
__tablename__ = "user" __tablename__ = "user"
id: int = Field(default=None, primary_key=True) id: int = Field(default=None, primary_key=True)

40
webservice/webservice.py
View file

@ -2,18 +2,20 @@
# INP21b - Timo Weber & Michael von Ah # INP21b - Timo Weber & Michael von Ah
################ IMPORTS ################ ################ IMPORTS ################
from fastapi import FastAPI, Depends, HTTPException, Header from fastapi import FastAPI, Depends, HTTPException, Header, Body
from sqlmodel import Session from sqlmodel import Session
from dbfunctions import save_sensor_data, get_client_id_by_name, validate_token_with_access, engine from dbfunctions import save_sensor_data, get_client_id_by_name, validate_token_with_access, engine, save_token_to_db
from models import SensorDataIn, SensorData, MessageOnly from models import SensorDataIn, SensorData, MessageOnly, User, TokenResponse, Session as SessionModel
from datetime import datetime, timedelta
from crypto import hash_password, generate_new_token
################ API ################ ################ API ################
app = FastAPI( app = FastAPI(
title="M241-M245-BBZW-Horizon", title="BBZW-Horizon",
description="BBZW-Horizon", description="BBZW-Horizon",
summary="BBZW-Horizon", summary="BBZW-Horizon",
version="0.0.1" version="0.0.2"
) )
# DB Session # DB Session
@ -52,3 +54,31 @@ async def saveNewSensorData(
return MessageOnly(message="Sensor data saved successfully.") return MessageOnly(message="Sensor data saved successfully.")
except Exception as error: except Exception as error:
raise HTTPException(status_code=500, detail=str(error)) raise HTTPException(status_code=500, detail=str(error))
@app.post("/user/new-session", response_model=TokenResponse, tags=["auth"])
async def generate_token(
username: str = Body(...),
password: str = Body(...),
db: Session = Depends(get_db),
):
# Überprüfe, ob der Benutzer existiert
user = db.query(User).filter(User.name == username).first()
if not user:
raise HTTPException(status_code=404, detail="User not found")
# Überprüfe das Passwort
if user.password != hash_password(password):
raise HTTPException(status_code=401, detail="Incorrect password")
# Erstelle einen neuen Token
new_token = generate_new_token() # Generiere den Token
valid_until = datetime.now() + timedelta(days=30) # Setze das Datum auf 30 Tage in der Zukunft
# Speichere den neuen Token in der Datenbank
new_session = SessionModel(token=new_token, validuntil=valid_until, userid=user.id)
db.add(new_session)
db.commit()
db.refresh(new_session)
# Rückgabe des Tokens und des Ablaufdatums
return TokenResponse(token=new_token, validuntil=valid_until)