📝: Add files

Author: Evil0ctal

.idea/.gitignore

@@ -0,0 +1,31 @@
+from fastapi import FastAPI, Depends, HTTPException
+from auth import get_current_user, create_access_token, ACCESS_TOKEN_EXPIRE_MINUTES
+from datetime import timedelta
+
+from db import get_user_by_email
+
+app = FastAPI(docs_url='/')
+
+
+@app.post("/token")
+async def login_for_access_token(email: str):
+    user = get_user_by_email(email)
+    if not user:
+        raise HTTPException(status_code=400, detail="Invalid email or password")
+    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = create_access_token(
+        data={"email": user['email'], "create_time": user['create_time'], "scopes": user['scopes'], "evil1": "evil1"},
+        expires_delta=access_token_expires
+    )
+    return {"access_token": access_token, "token_type": "bearer"}
+
+
+@app.get("/protected-route")
+def protected_route(user=Depends(get_current_user)):
+    return {"message": "Access to protected route granted", "user": user}
+
+
+if __name__ == "__main__":
+    import uvicorn
+
+    uvicorn.run(app, host="127.0.0.1", port=80)

app.py

@@ -0,0 +1,42 @@
+from datetime import datetime, timedelta
+from jose import jwt, JWTError
+from fastapi import HTTPException, Security, Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from db import get_user_by_email
+
+SECRET_KEY = "YOUR_SECRET_KEY"  # Use a secure secret key from a secure randomness source
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 30
+
+security = HTTPBearer()
+
+
+def create_access_token(data: dict, expires_delta: timedelta = None):
+    to_encode = data.copy()
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=15)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+def verify_token(token: str):
+    credentials_exception = HTTPException(status_code=403, detail="Could not validate credentials")
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        email: str = payload.get("email")
+        if email is None:
+            raise credentials_exception
+        token_data = payload
+    except JWTError:
+        raise credentials_exception
+    user = get_user_by_email(email)
+    if user is None:
+        raise HTTPException(status_code=404, detail="User not found")
+    return user
+
+
+def get_current_user(token: HTTPAuthorizationCredentials = Security(security)):
+    return verify_token(token.credentials)

auth.py

@@ -0,0 +1,16 @@
+{
+  "users": [
+    {
+      "uuid": "123e4567-e89b-12d3-a456-426614174000",
+      "email": "user@example.com",
+      "create_time": "2024-04-22T12:00:00Z",
+      "scopes": ["protected:route:user"]
+    },
+    {
+      "uuid": "987e6543-e21b-45d3-a457-126614174999",
+      "email": "admin@example.com",
+      "create_time": "2024-04-22T12:10:00Z",
+      "scopes": ["protected:route:admin"]
+    }
+  ]
+}

db.json

@@ -0,0 +1,10 @@
+import json
+
+
+def get_user_by_email(email):
+    with open("db.json", "r") as file:
+        data = json.load(file)
+    for user in data["users"]:
+        if user["email"] == email:
+            return user
+    return None

db.py

@@ -0,0 +1,18 @@
+annotated-types==0.6.0
+anyio==4.3.0
+click==8.1.7
+colorama==0.4.6
+ecdsa==0.19.0
+fastapi==0.110.2
+h11==0.14.0
+idna==3.7
+pyasn1==0.6.0
+pydantic==2.7.0
+pydantic_core==2.18.1
+python-jose==3.3.0
+rsa==4.9
+six==1.16.0
+sniffio==1.3.1
+starlette==0.37.2
+typing_extensions==4.11.0
+uvicorn==0.29.0