Fix bugs,add sign-out and delete record features

Author: CSWorldTelugu

Pipfile

@@ -11,4 +11,4 @@ requests = "*"
 [dev-packages]
 
 [requires]
-python_version = "3.11"
+python_version = "3.13"

Pipfile.lock

@@ -3,13 +3,11 @@
 import requests
 from typing import Annotated
 
-auth = FastAPI()
 
 
-@auth.middleware("http")
-async def validate_token(request: Request, call_next, headers:Annotated[str | None, Header()] = None):
-    print("reaching here---validateToken",headers)
-    auth_header = request.headers.get("Authorization")
+async def validate_token(req: Request):
+    print("reaching here---validateToken")
+    auth_header = req.headers.get("Authorization")
 
     if not auth_header:
         raise HTTPException(status_code=401, detail="Authorization header is missing")
@@ -19,54 +17,47 @@ async def validate_token(request: Request, call_next, headers:Annotated[str | No
     if len(auth_header_parts) != 2 or auth_header_parts[0].lower() != "basic":
         raise HTTPException(status_code=400, detail="Invalid Authorization header format")
 
-    request.basicAuthToken = auth_header_parts[1]
+    req.basicAuthToken = auth_header_parts[1]
 
-    return await call_next(request)
 
-@auth.middleware("http")
-async def validate_session(request: Request, call_next):
-    basic_auth_token = request.basicAuthToken
-    session = request.json().get("session", {})
+async def validate_session(req: Request):
+    basic_auth_token = req.basicAuthToken
+    body= req.state.body
+    session = body.get("session", {})
     token = session.get("token")
     required = session.get("required", False) if session else False
-    method_body = request.json().get("methodBody", {})
+    method_body =body.get("methodBody", {})
     database = method_body.get("database")
-    fm_server = request.json().get("fmServer")
-
-    should_call_next = False  # Flag to track if next() should be called
+    fm_server = body.get("fmServer")
+    method=body.get("method")
 
     if not session or not token:
         try:
             fm_session_token = await fm_login(fm_server, database, basic_auth_token)
 
             if fm_session_token:
                 is_session_valid = await fm_validate_session(fm_server, fm_session_token)
-
                 if is_session_valid:
-                    request.fmSessionToken = fm_session_token
-                    should_call_next = True
+                    req.state.body["fmSessionToken"] = fm_session_token
+
                 else:
                     return JSONResponse(status_code=401, content={"error": "Session token validation failed"})
         except Exception as error:
             return JSONResponse(status_code=401, content={"error": str(error)})
     else:
         try:
             is_session_valid = await fm_validate_session(fm_server, token)
-
             if is_session_valid:
-                request.fmSessionToken = token
-                should_call_next = True
+                req.state.body["fmSessionToken"] = token
             else:
-                if token and (not required or required is False):
+                if token:
                     try:
                         fm_session_token = await fm_login(fm_server, database, basic_auth_token)
-
                         if fm_session_token:
-                            is_session_valid = await fm_validate_session(fm_server, fm_session_token)
-
+                            is_session_valid = await fm_validate_session(fm_server, fm_session_token)                            
                             if is_session_valid:
-                                request.fmSessionToken = fm_session_token
-                                should_call_next = True
+                                 req.state.body["fmSessionToken"] = fm_session_token
+
                             else:
                                 return JSONResponse(status_code=401, content={"error": "Re-validation of session token failed"})
                         else:
@@ -78,11 +69,31 @@ async def validate_session(request: Request, call_next):
         except Exception as error:
             return JSONResponse(status_code=401, content={"error": "Session validation failed"})
 
-    if should_call_next:
-        await call_next(request)
 
 
+async def signin(req: Request):
+  try:
+        await validate_token(req)
+        basic_auth_token = req.basicAuthToken
+        body =req.state.body
+        fm_server = body.get("fmServer")
+        method_body = body.get("methodBody", {})
+        database = method_body.get("database")
+
+        if not fm_server or not database:
+          raise HTTPException(status_code=400, detail="Missing fmServer or database in request body")
+
+        session_token = await fm_login(fm_server, database, basic_auth_token)
 
+        return {
+          "message": "Signin Successful",
+          "database": database,
+          "session": session_token
+        }
+  except HTTPException as e:
+        raise e
+  except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Signin failed: {str(e)}")
 
 async def fm_login(fm_server, database, basic_auth_token):
     print("reaching here---fmlogin")
@@ -95,7 +106,6 @@ async def fm_login(fm_server, database, basic_auth_token):
 
     try:
         login_response = requests.post(url, headers=headers, json={}, verify=False)
-        print(login_response)
         login_response.raise_for_status()
         return login_response.json()["response"]["token"]
     except requests.HTTPError as error:
@@ -111,7 +121,7 @@ async def fm_login(fm_server, database, basic_auth_token):
 async def fm_validate_session(fm_server, session_token):
     print("reaching here---fmValidateSession")
     url = f"https://{fm_server}/fmi/data/vLatest/validateSession"
-    
+
     headers = {
         "Authorization": f"Bearer {session_token}"
     }
@@ -120,7 +130,43 @@ async def fm_validate_session(fm_server, session_token):
         validate_response = requests.get(url, headers=headers, verify=False)
         validate_response.raise_for_status()
         return validate_response.json()["messages"][0]["message"] == "OK"
-    except requests.HTTPError:
+    except requests.HTTPError as error:
         return False  # Return false if there was an error
 
 
+
+async def signout(req: Request):
+    try:
+        body = req.state.body
+        method_body = body.get("methodBody", {})
+        database = method_body.get("database")
+        fm_server = body.get("fmServer")
+        token = body.get("fmSessionToken")
+
+        if not (fm_server and database):
+            raise HTTPException(status_code=400, detail="Missing fmServer, database.")
+       
+        url = f"https://{fm_server}/fmi/data/vLatest/databases/{database}/sessions/{token}"
+        headers = {
+        "Authorization": f"Bearer {token}"
+        }
+
+
+
+        response = requests.delete(url, headers=headers, verify=False)
+        if response.status_code == 200 and response.json().get("messages", [{}])[0].get("message") == "OK":
+            return {"message": "Signout success"}
+        else:
+            return JSONResponse(status_code=401, content={"error": "Signout failed"})
+
+    except requests.RequestException as error:
+        response_json = {
+            "error": "An error occurred while signing out.",
+        }
+        if error.response and error.response.status_code:
+            response_json["statusText"] = error.response.status_code
+            try:
+                response_json["error"] = error.response.json()
+            except Exception:
+                response_json["error"] = str(error)
+        return JSONResponse(status_code=500, content=response_json)

controllers/auth.py

@@ -1,44 +1,36 @@
 from fastapi import FastAPI, Request, Response
-from .auth import validate_session, validate_token
+from .auth import validate_session, validate_token,signin,signout
 from .records import (
     create_record,
     get_all_records,
     find_record,
     update_record,
+    delete_record
 )
 
-controllers_to_skip_validation = []
+controllers_to_skip_validation = ["signin"]
+METHOD_HANDLERS = {
+    "createRecord": create_record,
+    "getAllRecords": get_all_records,
+    "findRecord": find_record,
+    "updateRecord": update_record,
+    "deleteRecord": delete_record,
+    "signin": signin,
+    "signout" : signout
+    
+}
 
 
 async def data_api(req: Request, res: Response):
-    method = req.get("method")
-
-    print("In this function", res.headers)
-
-    # Check if the method should skip validation
+    method = req.state.body.get("method")
+    if method not in METHOD_HANDLERS:
+        return {"error": f"Invalid method ${method}"}
     if method not in controllers_to_skip_validation:
-        # If the method is not in the skip list, apply the validateToken middleware first
-        await validate_token(req, res)
-        
+        # If the method is not in the skip list, apply the validateToken  first
+        await validate_token(req)        
         # After token validation, apply the validateSession middleware
-        await validate_session(req, res)
+        await validate_session(req)
+               
+    handler = METHOD_HANDLERS[method]
+    return await handler(req)
 
-    # Once validated, call the appropriate controller method
-    if method == "createRecord":
-        return await create_record(req)
-    # elif method == "getRecordById":
-    #     return await get_record_by_id(req)
-    elif method == "getAllRecords":
-        return await get_all_records(req)
-    elif method == "findRecord":
-        return await find_record(req)
-    # elif method == "executeScript":
-    #     return await execute_script(req)
-    elif method == "updateRecord":
-        return await update_record(req)
-    # elif method == "test":
-    #     return await test(req)
-    # elif method == "syncCollection":
-    #     return await sync_collection(req)
-    else:
-        return {"error": "Invalid method"}