In [12]:
'''

pip install jupyter docker fastapi[all] python-jose passlib
code --install-extension ms-python.python
code --install-extension ms-toolsai.jupyter
code --install-extension github.copilot
curl ifconfig.io

'''


from datetime import datetime, timedelta, timezone
from typing import Annotated, Union
from enum import Enum

from fastapi import Depends, FastAPI, HTTPException, status
app = FastAPI()

from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

from fastapi.middleware.cors import CORSMiddleware
app.add_middleware(
    CORSMiddleware,
    allow_origins=[
        "http://localhost", "https://localhost",
        "https://dx2102.github.io",
    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

from fastapi.testclient import TestClient
client = TestClient(app)

from jose import JWTError, jwt

from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

from pydantic import BaseModel


In [13]:

# Auth: Signup and Login

# to get a string like this run:
# openssl rand -hex 32
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE = timedelta(weeks=1)

HTTP_401 = HTTPException(
    401,
    "Failed to authenticate",
)

class UserRole(str, Enum):
    admin = "admin"
    member = "member"
    guest = "guest"

class User(BaseModel):
    username: str
    hashed_password: str
    role: UserRole = UserRole.member

users_db = {
    "admin": User(
        username="admin",
        hashed_password="$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW",
    ),
}

class Token(BaseModel):
    # Contains the jwt. Returned by /signup and /login
    access_token: str
    token_type: str

def sign_token(username: str) -> Token:
    return Token(
        access_token=jwt.encode(
            {
                "exp": datetime.now(timezone.utc) + ACCESS_TOKEN_EXPIRE,
                "sub": username,
            },
            SECRET_KEY,
            algorithm=ALGORITHM,
        ),
        token_type="bearer",
    )

async def require_user(token: str = Depends(oauth2_scheme)) -> User:
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
    except JWTError:
        raise HTTP_401
    username: str = payload.get("sub")
    if username is None:
        raise HTTP_401
    if username not in fake_users_db:
        raise HTTP_401
    return users_db[username]

class SignupForm(BaseModel):
    username: str
    password: str
    confirm_password: str

@app.post("/signup")
async def signup(form: SignupForm):
    if form.password != form.confirm_password:
        raise HTTPException(400, detail="Passwords do not match")
    if form.username in users_db:
        raise HTTPException(400, detail="Username already taken")
    users_db[form.username] = User(
        username=form.username,
        hashed_password=pwd_context.hash(form.password),
    )
    return sign_token(form.username)

@app.post("/login")
async def login(form: OAuth2PasswordRequestForm = Depends()) -> Token:
    if form.username not in users_db:
        raise HTTP_401
    user = users_db[form.username]
    if not pwd_context.verify(form.password, user.hashed_password):
        raise HTTP_401
    return sign_token(user.username)

@app.get("/users/me/", response_model=User)
async def read_users_me(user: User = Depends(require_user)):
    return user


In [14]:
# test auth

if "test" in users_db:
    del users_db["test"] 

print(client.post("/signup", json={
    "username": "test",
    "password": "test",
    "confirm_password": "test",
}).json())

print(client.post("/signup", json={
    # raises User name already taken
    "username": "test",
    "password": "test",
    "confirm_password": "test",
}).json())

print(res := client.post("/login", data={
    "username": "test",
    "password": "test",
}).json())

print(client.get("/users/me", headers={
    "Authorization": f"Bearer {res['access_token']}",
}).json())



{'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDYwOTc2MjUsInN1YiI6InRlc3QifQ.0NMkX_b5Nu-NtWI9s1ADDNI5D8oc1xNLZZi7kI_fq4Q', 'token_type': 'bearer'}
{'detail': 'Username already taken'}
{'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDYwOTc2MjYsInN1YiI6InRlc3QifQ.CBaZIlEU5jBy3H3wxkKAHAw9x_ZWavYST5vy9KieXbU', 'token_type': 'bearer'}
{'username': 'test', 'hashed_password': '$2b$12$qMJIbwMConO61wmcypLVkOx4fIjmlnQDPB3jrZroa33/UqVEt2Rd6', 'role': 'member'}


In [15]:
# docker api

import docker
daemon = docker.from_env()



In [16]:
import uvicorn
import nest_asyncio

if __name__ == "__main__":
    nest_asyncio.apply()
    uvicorn.run(app, host="0.0.0.0", port=80)



INFO:     Started server process [12969]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://0.0.0.0:80 (Press CTRL+C to quit)
INFO:     Shutting down
INFO:     Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     Finished server process [12969]
