added auth for animals create points

backend/pyproject.toml

@@ -20,6 +20,7 @@ asyncpg = "^0.29.0"
 python-multipart = "^0.0.6"
 jinja2 = "^3.1.2"
 passlib = "^1.7.4"
+python-jose = "^3.3.0"
 
 
 [build-system]

backend/routers/animal_router.py

@@ -8,9 +8,11 @@
     AnimalFullResponseSchema
 )
 from backend.schemas.base_schema import BaseOkResponse
+from services.shelter_service import ShelterService
 from backend.services.animal_service import AnimalService
 from backend.services.animal_template_service import AnimalTemplateService
 
+
 router = APIRouter(
     tags=["animals"],
     prefix="/animals"
@@ -48,6 +50,7 @@ async def create_animal(
         schema: AnimalCreateSchema
 ) -> BaseOkResponse:
     async with request.app.state.db.get_master_session() as session:
+        await ShelterService(session).check_is_auth_active(request)
         await AnimalService(session).create_new_animal(schema)
         return BaseOkResponse()
 
@@ -59,6 +62,7 @@ async def update_animal(
         schema: AnimalUpdateSchema
 ) -> BaseOkResponse:
     async with request.app.state.db.get_master_session() as session:
+        await ShelterService(session).check_is_auth_active(request)
         await AnimalService(session).update_animal(animal_id, schema)
         return BaseOkResponse()
 
@@ -69,5 +73,6 @@ async def update_animal(
         animal_id: int
 ) -> BaseOkResponse:
     async with request.app.state.db.get_master_session() as session:
+        await ShelterService(session).check_is_auth_active(request)
         await AnimalService(session).delete_animal_by_id(animal_id)
         return BaseOkResponse()

backend/routers/shelter_router.py

@@ -14,15 +14,14 @@
 @router.get("/check")
 async def check_auth(request: Request, response: Response):
     async with request.app.state.db.get_master_session() as session:
-        await ShelterService(session).check_is_auth_active(request, response)
+        await ShelterService(session).check_is_auth_active(request)
         return BaseOkResponse()
 
 
 @router.post("/auth")
 async def auth(request: Request, body: BaseShelterSchema, response: Response):
     async with request.app.state.db.get_master_session() as session:
-        await ShelterService(session).authenticate_shelter(body, response)
-        return BaseOkResponse()
+        return await ShelterService(session).authenticate_shelter(body, response)
 
 
 @router.post("/")

backend/schemas/animal_schemas.py

@@ -29,6 +29,7 @@ class AnimalCreateSchema(AnimalBaseSchema):
     sex: str
     age: str
     size: str
+    shelter_id: int
 
 
 class AnimalUpdateSchema(AnimalBaseSchema):

backend/services/shelter_service.py

@@ -2,9 +2,10 @@
 from sqlalchemy.ext.asyncio import AsyncSession as Session
 from passlib.context import CryptContext
 
-from os import environ
+from jose import jwt, JWTError
+from jose.exceptions import ExpiredSignatureError
+
 import time
-import json
 
 from backend.models.shelter import Shelter
 from backend.schemas.shelter_schemas import (
@@ -30,34 +31,34 @@ async def authenticate_shelter(self, body: BaseShelterSchema, response: Response
             body.password, hashed_field=shelter.password
         ):
             return False
-        self.__prepare_cookie(shelter, response)
-        return shelter
+
+        return self.__generate_session_token(shelter)
+
+    def __generate_session_token(self, shelter: Shelter):
+        expires = time.time() + 3600
+        token = jwt.encode({"username": shelter.username, "exp": expires}, "salt")
+        return token
 
     async def create_shelter(self, body: CreateShelterSchema) -> Shelter:
         body.username = body.username.strip().lower()
         body.password = self.__get_password_hash(body.password)
         return await self.dao.create_shelter(body)
 
-    async def check_is_auth_active(self, request: Request, response: Response):
+    async def check_is_auth_active(self, request: Request):
         credentials_exception = HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Could not validate credentials",
         )
 
-        shelter_id = request.cookies.get("shelter-id")
-        auth_cookie = request.cookies.get("x-auth")
-
-        if not shelter_id or not auth_cookie:
-            response.delete_cookie("shelter-id")
-            response.delete_cookie("x-auth")
+        token = request.headers.get("x-auth")
+        if not token:
             raise credentials_exception
 
-        shelter = await self.__get_shelter_from_db_by_id(int(shelter_id))
-        secret_field = self.__prepare_secret_field(shelter)
-
-        if not self.__verify_encoded_fields(secret_field, auth_cookie):
-            response.delete_cookie("shelter-id")
-            response.delete_cookie("x-auth")
+        try:
+            jwt.decode(token, "salt")
+        except ExpiredSignatureError:
+            raise credentials_exception
+        except JWTError:
             raise credentials_exception
 
     def __verify_encoded_fields(self, plain_field, hashed_field):
@@ -71,21 +72,3 @@ async def __get_shelter_from_db(self, username: str):
 
     async def __get_shelter_from_db_by_id(self, id: int):
         return await self.dao.get_shelter_from_db_by_id(id)
-
-    def __prepare_secret_field(self, shelter):
-        field_to_select = environ.get("HASH_FIELD", "username")
-        selected_value = getattr(shelter, field_to_select, field_to_select)
-        secret = json.dumps(
-            {
-                "id": shelter.id,
-                "secret": selected_value,
-            }
-        )
-
-        return secret
-
-    def __prepare_cookie(self, shelter, response: Response):
-        secret_field = self.__prepare_secret_field(shelter)
-        auth_cookie = pwd_context.hash(secret_field)
-        response.set_cookie(key="x-auth", httponly=True, value=auth_cookie,  samesite='none', secure=True)
-        response.set_cookie(key="shelter-id", httponly=True, value=shelter.id, samesite='none', secure=True)