Eoh}-ddlmZddlZddlmZmZmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lm Z ddl!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ejVe,Z-edgdZ.de/de/de0fdZ1de/de/fdZ2GddeZ3GddeZ4e e3e e&fd e/d!ede efd"Z5e e3e e&fd e/d!ede e"fd#Z6Gd$d%Z7e e6e e&fd&e d!ede"fd'Z8e e4e e&fd e/d!ede e"fd(Z9y))) CryptContextN)datetime timedeltatimezone)AnyDictOptional)Depends HTTPExceptionRequest)HTTPAuthorizationCredentials HTTPBearer)Session)status) SessionSchema) Permission)get_user_permissionsget_user_role_slugs)Users)UserReturnSchema)settings)get_db)UserAccessLevelverify_access_tokenbcryptauto)schemes deprecatedplain_passwordhashed_passwordreturnc.tj||S)z* Verify a password against a hash ) pwd_contextverify)r!r"s I/var/www/html/wine-match-dev/backend/winematch-backend/src/utils/guard.pyverify_passwordr(s   no >>passwordc,tj|S)z% Hash a password for storing )r%hash)r*s r'get_password_hashr-$s   H %%r)cLeZdZddeffd Zdeffd Zdedee fdZ xZ S) AuthGuard auto_errorc.tt| |y)Nr0)superr/__init__)selfr0 __class__s r'r4zAuthGuard.__init__,s i':'>r)requestc\Ktt| |d{}|rn|jdk(st t j d|j|j}|t t j d|jSt t j d7w)NBearerzInvalid authentication scheme. status_codedetailzInvalid or expired token.zInvalid authorization code.) r3r/__call__schemer rHTTP_403_FORBIDDEN verify_jwt credentialsr5r7rA decoded_tokenr6s r'r=zAuthGuard.__call__/s:? 4:YZa:b4b %%1# & 9 9;!OOK,C,CDM$# & 9 96 ** *"554 !5csB,B*BB,jwtokenr#ct|}|SNrr5rDpayloads r'r@zAuthGuard.verify_jwtE%g.r))T) __name__ __module__ __qualname__boolr4r r=strr rr@ __classcell__r6s@r'r/r/+s2?4?g,#(4.r)r/cDeZdZfdZdeffd ZdedeefdZ xZ S)OptionalAuthGuardc.tt| dy)NFr2)r3rRr4)r5r6s r'r4zOptionalAuthGuard.__init__Ks /5/Ar)r7cKtt| |d{}|sy|jdk(sy|j |j }|y|j S7Aw)Nr9)r3rRr=r>r@rArBs r'r=zOptionalAuthGuard.__call__Nsd:?@QSW:abi:j4j !!X- (?(?@  &&&5ksAAAArDr#ct|}|SrFrrGs r'r@zOptionalAuthGuard.verify_jwt\rIr)) rJrKrLr4r r=rNr rr@rOrPs@r'rRrRJs,B 'g '#(4.r)rRtokendbcK|jtjtj|k(j }|t t jd|Sw)N%Session timed out or does not exists.r:)query SessionModelfilterrVfirstr rr?)rVrWsessions r'get_active_sessionr_asZhh|$++L,>,>%,GHNNPG11:   NsA#A%cKt||d{}d}t|j}|js3|0|j di}|j t jt j|j dk(j}|sttjdddl m}|||j d{}d |v} | r |j n|r |j"n |j } t%j&t(j*} | r!| j-| j-krttjd ||j dt/} |j t jt j| j dk(j}|sttjd| j d dsttj0d | j ddsttj2dt5|dg} t6j8j:| vr|j t<jt<j>dk(jA}|jBD]<}|jDjFt6j8j:k(s5||_$ntKdi|jM|jN|jPdSttjd7F7w)N)rVrWFuseridzUser not found.r:rrrWuser_id super_adminzAuthentication token expired! is_activezAccount has been deactivated. is_verifiedzAccount has not been verified. all_rolesTavatarrhrY))r_rrVpersistgetrZrr\rbr]r rr?.src.apps.role_permission.services.role_servicerrd expires_at refreshed_atrnowrutc timestampdictHTTP_423_LOCKEDHTTP_412_PRECONDITION_FAILEDgetattrr SUPER_ADMINvaluerrfallrolesroleslug permissionsr_asdictrjrh)rVrWr^auto_session_timeoutrCdecoded_user_data user_recordr user_rolesis_super_admin expiry_timetoken_expiry_threshold decoded_userrhall_permissions role_entrys r'get_current_userrms'Ur::G ' 6M ??  $&3&7&7&C ((5/00=N=R=RSW=X1XY__aK# & 9 9,   3b+BUBUVVJ*j8N """.Bg**HZHZ  &.\\(,,%? "+"7"7"9 hhuo,,UXX9I9I$9O-OPVVX "55(  U3"226   u5"??7 Kb9  & & , , 9 hhz299*:N:NRV:VW[[]O)//  ??''?+F+F+L+LL-z&admin_required_user..sGdtz!Gs)adminrez3You do not have permission to access this resource.r:)rrdanyr rr?)rrWrs @r'admin_required_userrsT+b,:N:NOOJ G.FG G11H  PsAA6AcRK|sy |jtjtj|k(j }|yd}t |j}|j s||jdi}|jtjtj|jdk(j }|syt||jd{}d|v}|r |jn|r |jn |j} tjt j"} | r!| j%| j%kry|~|jdt'} |jtjtj| jdk(j }|sy| jddsy| jddsyt)|d g} t*j,j.| vr|jt0jt0j2d k(j5} |j6D]<}|j8j:t*j,j.k(s5| |_nt?d i|jA|jB|jDd Sy7#tF$r+}tHjKd tM|Yd}~yd}~wwxYww)a# Similar to get_current_user but doesn't block access if no token is provided. If a token is provided, it operates the same as get_current_user. Returns: UserReturnSchema: If a valid token was provided None: If no token was provided or the token was invalid NFrarbrcrerfrgrhTriz(Error in optionally_authenticated_user: rk)'rZr[r\rVr]rrlrmrrbrrdrorprrqrrrrsrtrwrrxryrrfrzr{r|r}r~rrrjrh ExceptionloggererrorrN)rVrWr^rrCrrrrrrrrhrres r'optionally_authenticated_userrs 8((<(// 0B0Be0KLRRT ?$+GMM: (*7*;*;FB*G! hhuo44UXXARAVAVW[A\5\]cce "$7"kFYFY#ZZ !.*!< &&&2F'..GL^L^ *2hll)C&"k&;&;&=@V@`@`@b&b  $!.!2!2646!BL((5/00\=M=Md=S1STZZ\K##K7##M59 ["=I**00I="$((:"6"="=j>R>RVZ>Z"["_"_"a"-"3"3J!++/J/J/P/PP1@ . $xk&9&9&;xKDVDVbmbwbwx xK[L  ?AxHIsL'AK0 L' B K0L'K03K-4A6K0*L'+A1K0L'K0/L'0K0L'B,K00;K0+L'-K00 L$9!LL'L$$L'):passlib.contextrloggingrrrtypingrrr fastapir r r fastapi.securityr rsqlalchemy.ormr starletter#src.apps.auth.models.sessions_modelr[%src.apps.auth.schemas.session_schemasr0src.apps.role_permission.models.permission_modelr4src.apps.role_permission.services.permission_servicerrnrsrc.apps.user.models.user_modelr"src.apps.user.schemas.user_schemasrsrc.core.configrsrc.core.dependenciesrsrc.utils.enumsrsrc.utils.helpers.authr getLoggerrJrr%rNrMr(r-r/rRr_rrrrrkr)r'rs(22&&33E"G?GUN1?$(+6   8 $H:&A ?C?#?$?&&& > 0%WV_   +2  m %WV_F F+2F FR  B""23&/    *,-WV_F F3:F Fr)