Merge pull request #10 from C216-Distribuid-System-Project/feat/AR-token_auth

Feat/ar token auth

Author: matheusAFONSECA

requirements.txt

@@ -1,11 +1,13 @@
 annotated-types==0.7.0
 anyio==4.10.0
+bcrypt==4.3.0
 certifi==2025.8.3
 cffi==2.0.0
 click==8.1.8
 colorama==0.4.6
 cryptography==46.0.1
 dnspython==2.7.0
+ecdsa==0.19.1
 email-validator==2.3.0
 exceptiongroup==1.3.0
 fastapi==0.117.1
@@ -18,23 +20,28 @@ httptools==0.6.4
 httpx==0.28.1
 idna==3.10
 Jinja2==3.1.6
+jose==1.0.0
 markdown-it-py==3.0.0
 MarkupSafe==3.0.2
 mdurl==0.1.2
 passlib==1.7.4
+pyasn1==0.6.1
 pycparser==2.23
 pydantic==2.11.9
 pydantic_core==2.33.2
 Pygments==2.19.2
 PyMySQL==1.1.2
 python-dotenv==1.1.1
+python-jose==3.5.0
 python-multipart==0.0.20
 PyYAML==6.0.2
 rich==14.1.0
 rich-toolkit==0.15.1
 rignore==0.6.4
+rsa==4.9.1
 sentry-sdk==2.38.0
 shellingham==1.5.4
+six==1.17.0
 sniffio==1.3.1
 SQLAlchemy==2.0.43
 starlette==0.48.0
@@ -43,5 +50,6 @@ typing-inspection==0.4.1
 typing_extensions==4.15.0
 urllib3==2.5.0
 uvicorn==0.36.0
+uvloop==0.21.0
 watchfiles==1.1.0
 websockets==15.0.1

src/modules/config.py

@@ -0,0 +1,3 @@
+SECRET_KEY = "peteco"
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 30

src/modules/modules_api.py

@@ -1,7 +1,9 @@
 from fastapi import APIRouter
 from routes.authentication_routes import authentication_router
+from routes.user_routes import user_router
 
 # -------------------- API ROUTES -------------------- #
 router = APIRouter()
 
 router.include_router(authentication_router)
+router.include_router(user_router)

src/routes/authentication_routes.py

@@ -1,51 +1,58 @@
-from fastapi import APIRouter, Depends, HTTPException
+from utils.utils import get_db
 from sqlalchemy.orm import Session
-from schemas.users.users_schema import UserCreate, UserLogin, UserResponse
+from schemas.token_schema import Token
+from utils.security import create_access_token
 from schemas.users.CRUD.create import create_user
-from schemas.users.CRUD.read import authenticate_user
-from utils.utils import get_db
+from fastapi import APIRouter, Depends, HTTPException
+from schemas.users.CRUD.read import authenticate_user, get_user_by_email
+from schemas.users.users_schema import UserCreate, UserLogin, UserResponse
 
 authentication_router = APIRouter(prefix="/auth", tags=["auth"])
 
 
 @authentication_router.post("/register", response_model=UserResponse)
 def register_user(user: UserCreate, db: Session = Depends(get_db)):
     """
-    Registers a new user in the system.
+    Register a new user in the system.
 
     Args:
         user (UserCreate): The user data to be registered.
         db (Session, optional): The database session dependency.
 
     Raises:
-        HTTPException: If a user with the provided email already exists.
+        HTTPException: Raised if a user with the provided email already exists.
 
     Returns:
         UserResponse: The newly created user information.
     """
-    existing = authenticate_user(db, user.email, user.password)
-    if existing:
-        raise HTTPException(status_code=400, detail="User already exists.")
+    existing_user = get_user_by_email(db, email=user.email)
+    if existing_user:
+        raise HTTPException(
+            status_code=400, detail="User with this email already exists."
+        )
     return create_user(db, user)
 
 
-@authentication_router.post("/login")
+@authentication_router.post("/login", response_model=Token)
 def login_user(user: UserLogin, db: Session = Depends(get_db)):
     """
-    Handles user login by verifying credentials.
+    Handle user login by verifying credentials and returning a JWT token.
 
     Args:
-        user (UserLogin): The user login data containing email and password.
+        user (UserLogin): The login data containing email and password.
         db (Session, optional): The database session dependency.
 
-    Returns:
-        dict: A message indicating successful login.
-
     Raises:
-        HTTPException: If the credentials are invalid (status code 401).
+        HTTPException: Raised if the credentials are invalid (401).
+
+    Returns:
+        dict: A dictionary containing the access token and its type.
     """
     auth_user = authenticate_user(db, user.email, user.password)
     if not auth_user:
         raise HTTPException(status_code=401, detail="Invalid credentials.")
-    # TODO: gerar JWT
-    return {"msg": "Login successful!"}
+
+    # NOVO: Geração do token JWT
+    access_token = create_access_token(data={"sub": auth_user.email})
+
+    return {"access_token": access_token, "token_type": "bearer"}

src/routes/user_routes.py

@@ -0,0 +1,23 @@
+from models.user_model import User
+from fastapi import APIRouter, Depends
+from utils.security import get_current_user
+from schemas.users.users_schema import UserResponse
+
+user_router = APIRouter(prefix="/users", tags=["users"])
+
+
+@user_router.get("/me", response_model=UserResponse)
+def read_users_me(current_user: User = Depends(get_current_user)):
+    """
+    Get the details of the currently authenticated user.
+
+    This route is protected and requires a valid JWT token. The `get_current_user`
+    dependency handles token validation and user retrieval.
+
+    Args:
+        current_user (User): The user object injected by the dependency.
+
+    Returns:
+        UserResponse: The details of the authenticated user.
+    """
+    return current_user

src/schemas/token_schema.py

@@ -0,0 +1,12 @@
+from pydantic import BaseModel
+
+class Token(BaseModel):
+    """
+    Pydantic model for the JWT access token response.
+
+    Attributes:
+        access_token (str): The JWT token string.
+        token_type (str): The type of the token (e.g., "bearer").
+    """
+    access_token: str
+    token_type: str

src/utils/security.py

@@ -0,0 +1,69 @@
+from utils.utils import get_db
+from jose import JWTError, jwt
+from sqlalchemy.orm import Session
+from models.user_model import User
+from datetime import datetime, timedelta, timezone
+from fastapi import Depends, HTTPException, status
+from schemas.users.CRUD.read import get_user_by_email
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from modules.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
+
+security_scheme = HTTPBearer()
+
+
+def create_access_token(data: dict) -> str:
+    """
+    Create a JWT access token.
+
+    Args:
+        data (dict): Data to encode inside the token payload.
+
+    Returns:
+        str: The encoded JWT access token.
+    """
+    to_encode = data.copy()
+    expire = datetime.now(timezone.utc) + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+def get_current_user(
+    db: Session = Depends(get_db),
+    token: HTTPAuthorizationCredentials = Depends(security_scheme),
+) -> User:
+    """
+    Decode the JWT token to get the current authenticated user.
+
+    Acts as a dependency for protected routes: validates the token,
+    extracts the subject (email), and fetches the user from the database.
+
+    Args:
+        db (Session): Database session dependency.
+        token (HTTPAuthorizationCredentials): JWT token passed in the
+            Authorization header.
+
+    Raises:
+        HTTPException: Raised if the token is invalid, expired,
+            or the user is not found.
+
+    Returns:
+        User: The authenticated user object.
+    """
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+    try:
+        payload = jwt.decode(token.credentials, SECRET_KEY, algorithms=[ALGORITHM])
+        email: str = payload.get("sub")
+        if email is None:
+            raise credentials_exception
+    except JWTError:
+        raise credentials_exception
+
+    user = get_user_by_email(db, email=email)
+    if user is None:
+        raise credentials_exception
+    return user