1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
# UGE / L2 / Intro to relational databases / Python project prototype
# Author: Pacien TRAN-GIRARD
# Licence: EUPL-1.2
from fastapi import APIRouter, Depends, Request, Form, status
from fastapi.responses import RedirectResponse, HTMLResponse
from passlib.context import CryptContext
import re
from embrace.exceptions import IntegrityError
from psycopg2.errors import UniqueViolation
from app_sessions import UserSession, FlashMessageQueue
from app_database import db_transaction
from app_templating import TemplateRenderer
# Password hashing context.
# Handles proper salting and migration automatically.
password_ctx = CryptContext(schemes=['bcrypt'], deprecated='auto')
username_pattern = re.compile(r'^[a-zA-Z0-9-_]{4,16}$')
to_homepage = RedirectResponse('/', status_code=status.HTTP_303_SEE_OTHER)
to_wallet = RedirectResponse('/wallet', status_code=status.HTTP_303_SEE_OTHER)
router = APIRouter()
@router.get('/', response_class=HTMLResponse)
def homepage(
session: UserSession=Depends(UserSession),
render: TemplateRenderer=Depends(TemplateRenderer),
):
if session.is_logged_in():
return to_wallet
return render('homepage.html.jinja')
@router.post('/account/register')
def account_register(
session: UserSession=Depends(UserSession),
messages: FlashMessageQueue=Depends(FlashMessageQueue),
username: str=Form(...),
password: str=Form(...),
):
try:
if username_pattern.match(username) is None:
messages.add('error', 'Invalid username format.')
return to_homepage
if not 4 <= len(password) <= 32:
messages.add('error', 'Invalid password length.')
return to_homepage
hash = password_ctx.hash(password)
with db_transaction() as tx:
user = tx.create_account(username=username, password_hash=hash)
session.login(user.id)
messages.add('success', 'Account succesfully created. Welcome!')
return to_wallet
except IntegrityError as exception:
if isinstance(exception.__cause__, UniqueViolation):
messages.add('error', 'This username is already taken.')
return to_homepage
else:
raise exception
@router.post('/account/login')
def session_login(
session: UserSession=Depends(UserSession),
messages: FlashMessageQueue=Depends(FlashMessageQueue),
username: str=Form(...),
password: str=Form(...),
):
with db_transaction() as tx:
user = tx.fetch_account_username(username=username)
if user is not None and password_ctx.verify(password, user.password_hash):
session.login(user.id)
messages.add('info', 'Welcome back!')
return to_wallet
else:
messages.add('error', 'Invalid credentials.')
return to_homepage
@router.post('/account/logout')
def session_logout(
session: UserSession=Depends(UserSession),
messages: FlashMessageQueue=Depends(FlashMessageQueue),
):
if session.is_logged_in():
session.logout()
messages.add('info', 'You have been successfully logged out.')
return to_homepage
|