82 lines
2.9 KiB
Python
82 lines
2.9 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status, Body
|
|
from sqlalchemy.orm import Session
|
|
from app.schemas.user import UserOut, UserCreate, UserUpdate, UserRole
|
|
from app.models.user import User
|
|
from app.core.database import SessionLocal
|
|
from passlib.context import CryptContext
|
|
from typing import List
|
|
|
|
router = APIRouter(prefix="/users", tags=["users"])
|
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
|
|
|
def get_db():
|
|
db = SessionLocal()
|
|
try:
|
|
yield db
|
|
finally:
|
|
db.close()
|
|
|
|
# — Endpoints —
|
|
|
|
@router.get("/", response_model=List[UserOut])
|
|
def list_users(db: Session = Depends(get_db)):
|
|
return db.query(User).all()
|
|
|
|
@router.get("/{user_id}", response_model=UserOut)
|
|
def get_user(user_id: int, db: Session = Depends(get_db)):
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
raise HTTPException(status_code=404, detail="User not found")
|
|
return user
|
|
|
|
@router.post("/", response_model=UserOut, status_code=status.HTTP_201_CREATED)
|
|
def create_user(user: UserCreate, db: Session = Depends(get_db)):
|
|
if db.query(User).filter(User.email == user.email).first():
|
|
raise HTTPException(status_code=409, detail="E-Mail already exists")
|
|
if user.alias and db.query(User).filter(User.alias == user.alias).first():
|
|
raise HTTPException(status_code=409, detail="Alias already exists")
|
|
hashed_password = pwd_context.hash(user.password)
|
|
hashed_pin = pwd_context.hash(user.pin)
|
|
db_user = User(
|
|
name=user.name,
|
|
email=user.email,
|
|
hashed_password=hashed_password,
|
|
hashed_pin=hashed_pin,
|
|
alias=user.alias,
|
|
paypal_email=user.paypal_email,
|
|
role=user.role,
|
|
is_active=True
|
|
)
|
|
db.add(db_user)
|
|
db.commit()
|
|
db.refresh(db_user)
|
|
return db_user
|
|
|
|
@router.patch("/{user_id}", response_model=UserOut)
|
|
def update_user(user_id: int, user: UserUpdate, db: Session = Depends(get_db)):
|
|
db_user = db.query(User).filter(User.id == user_id).first()
|
|
if not db_user:
|
|
raise HTTPException(status_code=404, detail="User not found")
|
|
# ... (bestehende Update-Logik) ...
|
|
db.commit()
|
|
db.refresh(db_user)
|
|
return db_user
|
|
|
|
@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
|
|
def delete_user(user_id: int, db: Session = Depends(get_db)):
|
|
db_user = db.query(User).filter(User.id == user_id).first()
|
|
if not db_user:
|
|
raise HTTPException(status_code=404, detail="User not found")
|
|
db.delete(db_user)
|
|
db.commit()
|
|
|
|
# — NEU: PIN-Login endpoint —
|
|
@router.post("/login/pin", response_model=UserOut)
|
|
def login_with_pin(pin: str = Body(...), db: Session = Depends(get_db)):
|
|
# alle aktiven User laden und PIN gegen hashed_pin prüfen
|
|
users = db.query(User).filter(User.is_active == True).all()
|
|
for u in users:
|
|
if pwd_context.verify(pin, u.hashed_pin):
|
|
return u
|
|
raise HTTPException(status_code=401, detail="Invalid PIN")
|