julius/cutt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: julius:15c9a64de26fe903d3eca703efbb12c1ec18a59e
Branches Tags
julius:main
julius:feat/interactive_network
julius:feat/security
julius:floating_button
..
compare: julius:8a9af450d481bbf34837f49814b26138678dcb8e
Branches Tags
julius:main
julius:feat/interactive_network
julius:feat/security
julius:floating_button

No commits in common. "15c9a64de26fe903d3eca703efbb12c1ec18a59e" and "8a9af450d481bbf34837f49814b26138678dcb8e" have entirely different histories.
15c9a64de2 ... 8a9af450d4

9 changed files with 139 additions and 138 deletions
Show Stats Expand all files Collapse all files

118
analysis.py
View File

@ -1,20 +1,130 @@
from datetime import datetime from datetime import timedelta, timezone, datetime
import io import io
from typing import Annotated
import base64 import base64
from fastapi import APIRouter from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.responses import JSONResponse from fastapi.responses import JSONResponse
from pydantic import BaseModel, Field from pydantic import BaseModel, Field
import jwt
from jwt.exceptions import InvalidTokenError
from sqlmodel import Session, func, select from sqlmodel import Session, func, select
from sqlmodel.sql.expression import SelectOfScalar from sqlmodel.sql.expression import SelectOfScalar
from db import Chemistry, Player, engine from db import Chemistry, Player, engine, User
import networkx as nx import networkx as nx
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic_settings import BaseSettings, SettingsConfigDict
from passlib.context import CryptContext
import matplotlib import matplotlib
matplotlib.use("agg") matplotlib.use("agg")
import matplotlib.pyplot as plt import matplotlib.pyplot as plt
analysis_router = APIRouter(prefix="/analysis") class Config(BaseSettings):
secret_key: str = ""
access_token_expire_minutes: int = 30
model_config = SettingsConfigDict(
env_file=".env", env_file_encoding="utf-8", extra="ignore"
)
config = Config()
class Token(BaseModel):
access_token: str
token_type: str
class TokenData(BaseModel):
username: str | None = None
pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
analysis_router = APIRouter(prefix="/analysis", dependencies=[Depends(oauth2_scheme)])
def verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password):
return pwd_context.hash(password)
def get_user(username: str):
with Session(engine) as session:
return session.exec(select(User).where(User.username == username)).one_or_none()
def authenticate_user(username: str, password: str):
user = get_user(username)
if not user:
return False
if not verify_password(password, user.hashed_password):
return False
return user
def create_access_token(data: dict, expires_delta: timedelta | None = None):
to_encode = data.copy()
if expires_delta:
expire = datetime.now(timezone.utc) + expires_delta
else:
expire = datetime.now(timezone.utc) + timedelta(minutes=15)
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, config.secret_key, algorithm="HS256")
return encoded_jwt
async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
try:
payload = jwt.decode(token, config.secret_key, algorithms=["HS256"])
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_data = TokenData(username=username)
except InvalidTokenError:
raise credentials_exception
user = get_user(fake_users_db, username=token_data.username)
if user is None:
raise credentials_exception
return user
async def get_current_active_user(
current_user: Annotated[User, Depends(get_current_user)],
):
if current_user.disabled:
raise HTTPException(status_code=400, detail="Inactive user")
return current_user
@analysis_router.post("/token")
async def login_for_access_token(
form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
) -> Token:
user = authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=config.access_token_expire_minutes)
access_token = create_access_token(
data={"sub": user.username}, expires_delta=access_token_expires
)
return Token(access_token=access_token, token_type="bearer")
C = Chemistry C = Chemistry

13
main.py
View File

@ -1,4 +1,4 @@
from fastapi import APIRouter, Depends, FastAPI, status from fastapi import APIRouter, FastAPI, status
from fastapi.staticfiles import StaticFiles from fastapi.staticfiles import StaticFiles
from db import Player, Team, Chemistry, MVPRanking, engine from db import Player, Team, Chemistry, MVPRanking, engine
from sqlmodel import ( from sqlmodel import (
@ -7,12 +7,7 @@ from sqlmodel import (
) )
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from analysis import analysis_router from analysis import analysis_router
from security import ( from security import login_for_access_token, read_users_me, read_own_items
get_current_active_user,
login_for_access_token,
read_users_me,
read_own_items,
)
app = FastAPI(title="cutt") app = FastAPI(title="cutt")
@ -97,9 +92,7 @@ class SPAStaticFiles(StaticFiles):
api_router.include_router(player_router) api_router.include_router(player_router)
api_router.include_router(team_router) api_router.include_router(team_router)
api_router.include_router( api_router.include_router(analysis_router)
analysis_router, dependencies=[Depends(get_current_active_user)]
)
api_router.add_api_route("/token", endpoint=login_for_access_token, methods=["POST"]) api_router.add_api_route("/token", endpoint=login_for_access_token, methods=["POST"])
api_router.add_api_route("/users/me/", endpoint=read_users_me, methods=["GET"]) api_router.add_api_route("/users/me/", endpoint=read_users_me, methods=["GET"])
api_router.add_api_route("/users/me/items/", endpoint=read_own_items, methods=["GET"]) api_router.add_api_route("/users/me/items/", endpoint=read_own_items, methods=["GET"])

2
package.json
View File

@ -27,7 +27,7 @@
"eslint-plugin-react-hooks": "^5.0.0", "eslint-plugin-react-hooks": "^5.0.0",
"eslint-plugin-react-refresh": "^0.4.16", "eslint-plugin-react-refresh": "^0.4.16",
"globals": "^15.14.0", "globals": "^15.14.0",
"react-router": "^7.1.5", "react-router-dom": "^7.1.5",
"typescript": "~5.6.2", "typescript": "~5.6.2",
"typescript-eslint": "^8.18.2", "typescript-eslint": "^8.18.2",
"vite": "^6.0.5" "vite": "^6.0.5"

9
security.py
View File

@ -1,6 +1,6 @@
from datetime import timedelta, timezone, datetime from datetime import timedelta, timezone, datetime
from typing import Annotated from typing import Annotated
from fastapi import Depends, HTTPException, Response, status from fastapi import Depends, HTTPException, status
from pydantic import BaseModel from pydantic import BaseModel
import jwt import jwt
from jwt.exceptions import InvalidTokenError from jwt.exceptions import InvalidTokenError
@ -34,7 +34,7 @@ class TokenData(BaseModel):
pwd_context = CryptContext(schemes=["argon2"], deprecated="auto") pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/token") oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/token")
def verify_password(plain_password, hashed_password): def verify_password(plain_password, hashed_password):
@ -102,7 +102,7 @@ async def get_current_active_user(
async def login_for_access_token( async def login_for_access_token(
form_data: Annotated[OAuth2PasswordRequestForm, Depends()], response: Response form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
) -> Token: ) -> Token:
user = authenticate_user(form_data.username, form_data.password) user = authenticate_user(form_data.username, form_data.password)
if not user: if not user:
@ -115,9 +115,6 @@ async def login_for_access_token(
access_token = create_access_token( access_token = create_access_token(
data={"sub": user.username}, expires_delta=access_token_expires data={"sub": user.username}, expires_delta=access_token_expires
) )
response.set_cookie(
"Authorization", value=f"Bearer {access_token}", httponly=True, samesite="none"
)
return Token(access_token=access_token, token_type="bearer") return Token(access_token=access_token, token_type="bearer")

20
src/Analysis.tsx
View File

@ -1,6 +1,5 @@
import { useEffect, useState } from "react"; import { useEffect, useState } from "react";
import { apiAuth, baseUrl, token } from "./api"; import { baseUrl } from "./api";
import useAuthContext from "./AuthContext";
//const debounce = <T extends (...args: any[]) => void>( //const debounce = <T extends (...args: any[]) => void>(
// func: T, // func: T,
@ -62,14 +61,18 @@ export default function Analysis() {
// Function to generate and fetch the graph image // Function to generate and fetch the graph image
async function loadImage() { async function loadImage() {
setLoading(true); setLoading(true);
await apiAuth("analysis/image", params, "POST") await fetch(`${baseUrl}api/analysis/image`, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(params)
})
.then((resp) => resp.json())
.then((data) => { .then((data) => {
setImage(data.image); setImage(data.image);
setLoading(false); setLoading(false);
}).catch((e) => { });
const { checkAuth } = useAuthContext();
checkAuth();
})
} }
useEffect(() => { useEffect(() => {
@ -89,9 +92,6 @@ export default function Analysis() {
} }
} }
const { user } = useAuthContext()!
console.log(`logged in as ${user.username}`);
return ( return (
<div className="stack column dropdown"> <div className="stack column dropdown">
<button onClick={() => setShowControlPanel(!showControlPanel)}> <button onClick={() => setShowControlPanel(!showControlPanel)}>

17
src/App.css
View File

@ -12,17 +12,16 @@ body {
height: 100%; height: 100%;
} }
footer {
font-size: x-small;
}
#root { #root {
max-width: 1280px; max-width: 1280px;
margin: 0 auto; margin: 0 auto;
padding: 8px; padding: 8px;
} }
footer {
font-size: x-small;
}
.grey { .grey {
color: #444; color: #444;
} }
@ -38,11 +37,6 @@ footer {
z-index: -1; z-index: -1;
} }
input {
padding: 0.2em 16px;
margin-bottom: 0.5em;
}
h1, h1,
h2, h2,
h3 { h3 {
@ -126,8 +120,7 @@ h3 {
margin: auto; margin: auto;
} }
button, button {
.button {
font-weight: bold; font-weight: bold;
font-size: large; font-size: large;
color: aliceblue; color: aliceblue;

9
src/App.tsx
View File

@ -1,10 +1,9 @@
import Analysis from "./Analysis"; import Analysis from "./Analysis";
import "./App.css"; import "./App.css";
import { AuthProvider } from "./AuthContext";
import Footer from "./Footer"; import Footer from "./Footer";
import Header from "./Header"; import Header from "./Header";
import Rankings from "./Rankings"; import Rankings from "./Rankings";
import { BrowserRouter, Routes, Route } from "react-router"; import { BrowserRouter, Routes, Route } from "react-router-dom";
function App() { function App() {
//const [data, setData] = useState({ nodes: [], links: [] } as SociogramData); //const [data, setData] = useState({ nodes: [], links: [] } as SociogramData);
@ -18,11 +17,7 @@ function App() {
<Header /> <Header />
<Routes> <Routes>
<Route index element={<Rankings />} /> <Route index element={<Rankings />} />
<Route path="/analysis" element={ <Route path="/analysis" element={<Analysis />} />
<AuthProvider>
<Analysis />
</AuthProvider>
} />
</Routes> </Routes>
<Footer /> <Footer />
</BrowserRouter> </BrowserRouter>

2
src/Rankings.tsx
View File

@ -334,7 +334,7 @@ export default function Rankings() {
</button> </button>
</div> </div>
<span className="grey">assign as many or as few players as you want and don't forget to <b>submit</b> (💾) when you're done :)</span> <span className="grey">assign as many or as few players as you want :)</span>
<div id="Chemistry" className="tabcontent"> <div id="Chemistry" className="tabcontent">
<Chemistry {...{ user, players }} /> <Chemistry {...{ user, players }} />

87
src/api.ts
View File

@ -1,10 +1,4 @@
import { useContext } from "react";
import useAuthContext from "./AuthContext";
import { createCookie } from "react-router";
export const baseUrl = import.meta.env.VITE_BASE_URL as string; export const baseUrl = import.meta.env.VITE_BASE_URL as string;
export const token = () => localStorage.getItem("access_token") as string;
export default async function api(path: string, data: any): Promise<any> { export default async function api(path: string, data: any): Promise<any> {
const request = new Request(`${baseUrl}${path}/`, { const request = new Request(`${baseUrl}${path}/`, {
method: "POST", method: "POST",
@ -21,84 +15,3 @@ export default async function api(path: string, data: any): Promise<any> {
} }
return response; return response;
} }
export async function apiAuth(path: string, data: any, method: string = "GET"): Promise<any> {
const req = new Request(`${baseUrl}api/${path}`, {
method: method, headers: {
"Authorization": `Bearer ${token()} `,
'Content-Type': 'application/json'
},
body: JSON.stringify(data),
});
let resp: Response;
try {
resp = await fetch(req);
} catch (e) {
throw new Error(`request failed: ${e}`);
}
if (!resp.ok) {
if (resp.status === 401) {
logout()
throw new Error('Unauthorized');
}
}
return resp.json()
}
export type User = {
username: string;
fullName: string;
}
export async function currentUser(): Promise<User> {
if (!token()) throw new Error("you have no access token")
const req = new Request(`${baseUrl}api/users/me/`, {
method: "GET", headers: {
"Authorization": `Bearer ${token()} `,
'Content-Type': 'application/json'
}
});
let resp: Response;
try {
resp = await fetch(req);
} catch (e) {
throw new Error(`request failed: ${e}`);
}
if (!resp.ok) {
if (resp.status === 401) {
logout()
throw new Error('Unauthorized');
}
}
return resp.json() as Promise<User>;
}
export type LoginRequest = {
username: string;
password: string;
};
export type Token = {
access_token: string;
token_type: string;
};
export const login = (req: LoginRequest) => {
fetch(`${baseUrl}api/token`, {
method: "POST", headers: {
'Content-Type': 'application/x-www-form-urlencoded',
}, body: new URLSearchParams(req).toString()
}).then(resp => resp.json() as unknown as Token).then(token => token ? localStorage.setItem("access_token", token.access_token) : console.log("token not acquired")).catch((e) => console.log("catch error " + e + " in login"));
}
export const cookielogin = (req: LoginRequest) => {
fetch(`${baseUrl}api/token`, {
method: "POST", headers: {
'Content-Type': 'application/x-www-form-urlencoded',
}, body: new URLSearchParams(req).toString()
}).then(resp => { createCookie(resp.headers.getSetCookie()) }).catch((e) => console.log("catch error " + e + " in login"));
}
export const logout = () => localStorage.removeItem("access_token");