backend.im/onlinebookstorebackendapi-e7i1yn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
onlinebookstorebackendapi-e.../app/api/routes/users.py
Automated Action f1c2b73ade Implement online bookstore backend API 
- Set up FastAPI project structure with SQLite and SQLAlchemy
- Create models for users, books, authors, categories, and orders
- Implement JWT authentication and authorization
- Add CRUD endpoints for all resources
- Set up Alembic for database migrations
- Add health check endpoint
- Add proper error handling and validation
- Create comprehensive documentation
2025-05-20 12:04:27 +00:00

202 lines
5.8 KiB
Python
Raw Permalink Blame History

from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session
from datetime import timedelta
from app.db.database import get_db
from app.models.user import User
from app.api.schemas.user import (
User as UserSchema,
UserCreate,
UserUpdate,
Token,
)
from app.auth.auth import (
get_password_hash,
authenticate_user,
create_access_token,
get_current_active_user,
get_current_admin_user,
ACCESS_TOKEN_EXPIRE_MINUTES,
)
router = APIRouter()
@router.post(
"/register", response_model=UserSchema, status_code=status.HTTP_201_CREATED
)
async def register_user(user: UserCreate, db: Session = Depends(get_db)):
"""
Register a new user
"""
# Check if user with the same email already exists
db_user_email = db.query(User).filter(User.email == user.email).first()
if db_user_email:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered",
)
# Check if user with the same username already exists
db_user_username = db.query(User).filter(User.username == user.username).first()
if db_user_username:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Username already taken",
)
# Create new user
hashed_password = get_password_hash(user.password)
db_user = User(
email=user.email,
username=user.username,
hashed_password=hashed_password,
full_name=user.full_name,
is_active=user.is_active,
)
db.add(db_user)
db.commit()
db.refresh(db_user)
return db_user
@router.post("/login", response_model=Token)
async def login_for_access_token(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db),
):
"""
OAuth2 compatible token login, get an access token for future requests
"""
user = authenticate_user(db, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username}, expires_delta=access_token_expires
)
return {"access_token": access_token, "token_type": "bearer"}
@router.get("/me", response_model=UserSchema)
async def read_users_me(current_user: User = Depends(get_current_active_user)):
"""
Get current user information
"""
return current_user
@router.put("/me", response_model=UserSchema)
async def update_user_me(
user: UserUpdate,
current_user: User = Depends(get_current_active_user),
db: Session = Depends(get_db),
):
"""
Update current user information
"""
db_user = db.query(User).filter(User.id == current_user.id).first()
update_data = user.model_dump(exclude_unset=True)
# If email is being updated, check for uniqueness
if "email" in update_data and update_data["email"] != db_user.email:
db_user_email = (
db.query(User).filter(User.email == update_data["email"]).first()
)
if db_user_email:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered",
)
# Hash the password if it's being updated
if "password" in update_data:
update_data["hashed_password"] = get_password_hash(update_data.pop("password"))
for key, value in update_data.items():
setattr(db_user, key, value)
db.commit()
db.refresh(db_user)
return db_user
@router.get("/{user_id}", response_model=UserSchema)
async def read_user(
user_id: int,
db: Session = Depends(get_db),
_: User = Depends(get_current_admin_user),
):
"""
Get user by ID (admin only)
"""
db_user = db.query(User).filter(User.id == user_id).first()
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")
return db_user
@router.put("/{user_id}", response_model=UserSchema)
async def update_user(
user_id: int,
user: UserUpdate,
db: Session = Depends(get_db),
_: User = Depends(get_current_admin_user),
):
"""
Update user information (admin only)
"""
db_user = db.query(User).filter(User.id == user_id).first()
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")
update_data = user.model_dump(exclude_unset=True)
# If email is being updated, check for uniqueness
if "email" in update_data and update_data["email"] != db_user.email:
db_user_email = (
db.query(User).filter(User.email == update_data["email"]).first()
)
if db_user_email:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered",
)
# Hash the password if it's being updated
if "password" in update_data:
update_data["hashed_password"] = get_password_hash(update_data.pop("password"))
for key, value in update_data.items():
setattr(db_user, key, value)
db.commit()
db.refresh(db_user)
return db_user
@router.delete(
"/{user_id}", status_code=status.HTTP_204_NO_CONTENT, response_model=None
)
async def delete_user(
user_id: int,
db: Session = Depends(get_db),
_: User = Depends(get_current_admin_user),
):
"""
Delete a user (admin only)
"""
db_user = db.query(User).filter(User.id == user_id).first()
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")
db.delete(db_user)
db.commit()
return None
Reference in New Issue View Git Blame Copy Permalink