diff --git a/backend/app/models.py b/backend/app/models.py index 290cdcb..5a7b163 100644 --- a/backend/app/models.py +++ b/backend/app/models.py @@ -1,7 +1,7 @@ from app import db from flask_login import UserMixin from datetime import datetime - +from werkzeug.security import check_password_hash, generate_password_hash class User(UserMixin, db.Model): id = db.Column(db.Integer, primary_key=True) @@ -12,6 +12,9 @@ class User(UserMixin, db.Model): last_seen = db.Column(db.DateTime, default=datetime.utcnow) token = db.Column(db.String(32), index=True, unique=True) + def __repr__(self): + return f'' + def to_dict(self): return { "id": self.id, @@ -19,3 +22,11 @@ class User(UserMixin, db.Model): "email": self.email, "about_me": self.about_me, } + + + def set_password(self, password): + self.password_hash = generate_password_hash(password) + + def check_password(self, password): + return check_password_hash(self.password_hash, password) + diff --git a/backend/app/routes.py b/backend/app/routes.py index 5940339..51b49b7 100644 --- a/backend/app/routes.py +++ b/backend/app/routes.py @@ -1,22 +1,44 @@ +from flask_login import login_user, logout_user from app.bp import bp from flask import Response, jsonify, request from app.errors import error_response +from flask_login import current_user -from app import db +from app import login from app.models import User +@login.user_loader +def load_user(user_id): + return User.query.get(user_id) + + @bp.route("/login", methods=["POST"]) -def login(): +def login_route(): data = request.get_json() - print(data) - if not data.get("user_id"): - return error_response(400, "Must supply user_id") + + if current_user.is_authenticated: + return error_response(400, 'A user is already logged in!') + + if not data.get("user_id") or not data.get("password"): + return error_response(400, "Must supply user_id and password") user = User.query.get(data.get("user_id")) if not user: return error_response(400, "User not found") + if not user.check_password(data.get("password")): + return error_response(400, "Invalid password") + + login_user(user) resp = jsonify(user.to_dict()) resp.status_code = 200 return resp + +@bp.route("/logout", methods=["POST"]) +def logout_route(): + if not current_user.is_authenticated: + return error_response(400, "No users are logged in!") + + logout_user() + return Response(status=200)