Hugging Face's logo

Spaces:
slabstech
/
dhwani-server
Running on CPU Upgrade

App Files Community
sachin commited on
Commit
5a8554e
·
1 Parent(s): 8d6faeb

add-hash pwd

Browse files
Files changed (2) hide show
  1. requirements.txt +2 -1
  2. src/server/utils/auth.py +12 -3
requirements.txt CHANGED
@@ -6,4 +6,5 @@ requests
6
  python-multipart
7
  pillow
8
  pyjwt
9
- sqlalchemy
 
 
6
  python-multipart
7
  pillow
8
  pyjwt
9
+ sqlalchemy
10
+ passlib[bcrypt]
src/server/utils/auth.py CHANGED
@@ -9,16 +9,23 @@ from sqlalchemy import create_engine, Column, String
9
  from sqlalchemy.ext.declarative import declarative_base
10
  from sqlalchemy.orm import sessionmaker
11
 
 
 
12
  # SQLite database setup
13
  DATABASE_URL = "sqlite:///users.db"
14
  engine = create_engine(DATABASE_URL, connect_args={"check_same_thread": False}) # For SQLite threading
15
  Base = declarative_base()
16
  SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
17
 
 
 
 
 
 
18
  class User(Base):
19
  __tablename__ = "users"
20
  username = Column(String, primary_key=True, index=True)
21
- password = Column(String) # In production, hash this with bcrypt
22
 
23
  # Create the database tables
24
  Base.metadata.create_all(bind=engine)
@@ -27,12 +34,14 @@ Base.metadata.create_all(bind=engine)
27
  def seed_initial_data():
28
  db = SessionLocal()
29
  if not db.query(User).filter_by(username="testuser").first():
30
- db.add(User(username="testuser", password="password123"))
 
31
  db.commit()
32
  db.close()
33
 
34
  seed_initial_data() # Run once at startup
35
 
 
36
  class Settings(BaseSettings):
37
  api_key_secret: str = Field(..., env="API_KEY_SECRET")
38
  token_expiration_minutes: int = Field(30, env="TOKEN_EXPIRATION_MINUTES")
@@ -123,7 +132,7 @@ async def login(login_request: LoginRequest) -> TokenResponse:
123
  db = SessionLocal()
124
  user = db.query(User).filter_by(username=login_request.username).first()
125
  db.close()
126
- if not user or user.password != login_request.password: # Use password hashing in production
127
  logger.warning(f"Login failed for user: {login_request.username}")
128
  raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid username or password")
129
  token = await create_access_token(user_id=user.username)
 
9
  from sqlalchemy.ext.declarative import declarative_base
10
  from sqlalchemy.orm import sessionmaker
11
 
12
+ from passlib.context import CryptContext
13
+
14
  # SQLite database setup
15
  DATABASE_URL = "sqlite:///users.db"
16
  engine = create_engine(DATABASE_URL, connect_args={"check_same_thread": False}) # For SQLite threading
17
  Base = declarative_base()
18
  SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
19
 
20
+ # Password hashing setup
21
+ pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
22
+
23
+
24
+
25
  class User(Base):
26
  __tablename__ = "users"
27
  username = Column(String, primary_key=True, index=True)
28
+ password = Column(String) # Now stores hashed passwords
29
 
30
  # Create the database tables
31
  Base.metadata.create_all(bind=engine)
 
34
  def seed_initial_data():
35
  db = SessionLocal()
36
  if not db.query(User).filter_by(username="testuser").first():
37
+ hashed_password = pwd_context.hash("password123")
38
+ db.add(User(username="testuser", password=hashed_password))
39
  db.commit()
40
  db.close()
41
 
42
  seed_initial_data() # Run once at startup
43
 
44
+
45
  class Settings(BaseSettings):
46
  api_key_secret: str = Field(..., env="API_KEY_SECRET")
47
  token_expiration_minutes: int = Field(30, env="TOKEN_EXPIRATION_MINUTES")
 
132
  db = SessionLocal()
133
  user = db.query(User).filter_by(username=login_request.username).first()
134
  db.close()
135
+ if not user or not pwd_context.verify(login_request.password, user.password):
136
  logger.warning(f"Login failed for user: {login_request.username}")
137
  raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid username or password")
138
  token = await create_access_token(user_id=user.username)