xCiQddlmZmZmZddlmZmZmZddlmZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZdd lmZmZmZdd lmZdd lmZdd lmZmZm Z m!Z!m"Z"eZ#Gd dZ$y))datetime timedeltatimezone) HTTPExceptionstatusRequest)Session)UserRole) UserSession)UserRepository)UserSessionRepository) hash_passwordverify_password)create_access_tokencreate_refresh_token decode_token) UserCreate) get_settings)ERR_EMAIL_REGISTEREDERR_INVALID_CREDENTIALSERR_INVALID_TOKENERR_REFRESH_TOKEN%ERR_ONLY_SUPERADMIN_CAN_CREATE_ADMINSc eZdZdZededefdZededede defdZ ed edefd Z ed edefd Z ed e defd Zededede fdZy) AuthServicez2Service exposing auth-related business operations.datasessioncltj||j}|rttj t t|j|j|jt|j|jtj}tj||}ddiS)z-Create a new standard user and return tokens. status_codedetailemail first_name last_namehashed_passwordphonerolemessagezUser successfully created)r get_by_emailr$rrHTTP_400_BAD_REQUESTrr r%r&rpasswordr(r USERScreate)rrexistingusers K/var/www/html/story-book/Story-Book-python-api/app/services/auth_service.pysignupzAuthService.signups"..w C F,G,GPde e**nn)$--8**  $$Wd3677r$r-requestc tj||}|rt||jst t j ttj||jt|j}t|j||jjd|j r|j j"ndt%j&t(j*t-t.j0z}tj2||t5|j|j6}||ddS) Nr )subz user-agent)daysuser_id refresh_token user_agent ip_address expires_atr7 session_idbearer access_tokenr; token_type)r r+rr'rrHTTP_401_UNAUTHORIZEDrrcleanup_user_sessionsidrr$r headersgetclienthostrnowrutcrsettingsREFRESH_TOKEN_EXPIRE_DAYSr/rr@)r$r-r5rr1r; user_sessionrCs r2loginzAuthService.login-s**7E:?8T5I5IJ"88.  33GTWWE,< "GG'**<8.5nnw~~**$||HLL1I8CeCe4ff   $$Wl;*tzzlF]F]^ )*"  r4r;cxdtdtfd}t|}|jddk7rttj t tj||}|sh|jd}tj||}|r tj||jttj ttj||j}|jd|j k7rttj t||j"}tj$t&j(}||z } | j+dkrttj tt-|j | } tj.||| t1|j| |j2|j4|j" } tj6|| t9|j | j: } | | d dS)Ndtreturnc|j |jtjS|j tjS)N)tzinfo)rVreplacerrM astimezone)rSs r2ensure_utc_awarez3AuthService.refresh_token..ensure_utc_awareNs4yy zzz66==. .r4typerefreshr r7r)r7 expires_delta)replaced_by_tokenr9r?rArB)rrrIrrrErrget_by_refresh_tokenr r+revoke_all_for_userrGr get_by_idr:r$r>rLrrM total_secondsrrevoker r<r=r/rr@) r;rrYpayloadrPr7r1r>rL remaining_ttl new_refresh new_session new_accesss r2r;zAuthService.refresh_tokenLs / /h /}- ;;v ) +"88( -AA'=Y ++e$C!..w ll8<<("S(  & & (A -F,H,HQbc c*tzzW $$WlkZ!GG%#..#..#..   $$Wk:( "-- '("  r4cftj||}|rtj||ddiS)Nr*zLogged out successfully)rr^rb)r;rrPs r2logoutzAuthService.logouts3,AA'=Y  ! ( (, ?455r4r1cJtj||jddiS)Nr*zLogged out from all devices)rr_rG)r1rs r2 logout_allzAuthService.logout_alls"11'477C899r4 current_superc|jtjk7rttj t tj||j}|rttjtt|j|j|jt|j |j"tj$}tj&||}|S)z SUPERADMIN-only: create an ADMIN user. 'current_super' param is passed from dependency checks in routes. r r#)r)r SUPERADMINrrHTTP_403_FORBIDDENrr r+r$r,rr r%r&rr-r(ADMINr/)rrrlr0admins r2register_adminzAuthService.register_admins    0F,E,ENst t!..w C F,G,GPde e**nn)$--8**  %%gu5 r4N)__name__ __module__ __qualname____doc__ staticmethodrr r3strrrQr;rir rkrrr4r2rrs<8Z8'88$ S C ' G  <4 S4 74 4 l6c6G66::::Z'$r4rN)%rrrfastapirrrsqlmodelr app.models.userr r app.models.user_sessionr app.repositories.user_repor "app.repositories.user_session_reporapp.core.securityrrapp.utils.tokensrrrapp.schemas.userrapp.core.configrapp.core.constantsrrrrrrNrryr4r2rsN2222&/5D<TT'( >PPr4