mish/evo-sync
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 5 Wiki Activity
Files
951c12a2084f8d997512c2a8f053b7b370232db5
evo-sync/web/routes/auth.py

124 lines
4.2 KiB
Python
Raw Normal View History

Add user registration and auth web app FastAPI + Jinja2 + MariaDB web application with registration, login, profile, password reset, and email confirmation flows. All UI in Russian. Styled with Evotor brand colors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 22:01:58 +03:00
import uuid
from fastapi import APIRouter, Request, Depends
from fastapi.responses import RedirectResponse
from fastapi.templating import Jinja2Templates
from sqlalchemy.orm import Session
from web.auth import hash_password, verify_password, get_current_user
from web.config import settings
from web.database import get_db
from web.models import User
from web.schemas import validate_registration, validate_login
router = APIRouter()
templates = Jinja2Templates(directory="web/templates")
@router.get("/register")
def register_form(request: Request, user: User | None = Depends(get_current_user)):
if user:
return RedirectResponse("/profile", 303)
return templates.TemplateResponse("register.html", {"request": request, "user": None})
@router.post("/register")
async def register_submit(request: Request, db: Session = Depends(get_db)):
form = await request.form()
data = dict(form)
errors = validate_registration(data)
if not errors:
existing = db.query(User).filter(
(User.email == data["email"].strip()) | (User.phone == data["phone"].strip())
).first()
if existing:
if existing.email == data["email"].strip():
errors.append("Пользователь с таким email уже существует")
else:
errors.append("Пользователь с таким телефоном уже существует")
if errors:
return templates.TemplateResponse("register.html", {
"request": request, "user": None, "errors": errors, "form": data,
})
token = uuid.uuid4().hex
user = User(
first_name=data["first_name"].strip(),
last_name=data["last_name"].strip(),
email=data["email"].strip(),
phone=data["phone"].strip(),
password_hash=hash_password(data["password"]),
email_confirm_token=token,
)
db.add(user)
db.commit()
confirm_url = f"{settings.BASE_URL}/confirm-email?token={token}"
print("=" * 40)
print("ПОДТВЕРЖДЕНИЕ EMAIL")
print(f"Пользователь: {user.email}")
print(f"Ссылка: {confirm_url}")
print("=" * 40)
return templates.TemplateResponse("confirm_email.html", {"request": request, "user": None})
@router.get("/confirm-email")
def confirm_email(request: Request, token: str, db: Session = Depends(get_db)):
user = db.query(User).filter(User.email_confirm_token == token).first()
if not user:
return templates.TemplateResponse("message.html", {
"request": request, "user": None,
"title": "Ошибка", "message": "Неверная или устаревшая ссылка.",
})
user.is_email_confirmed = True
user.email_confirm_token = None
db.commit()
return templates.TemplateResponse("email_confirmed.html", {"request": request, "user": None})
@router.get("/login")
def login_form(request: Request, user: User | None = Depends(get_current_user)):
if user:
return RedirectResponse("/profile", 303)
return templates.TemplateResponse("login.html", {"request": request, "user": None})
@router.post("/login")
async def login_submit(request: Request, db: Session = Depends(get_db)):
form = await request.form()
data = dict(form)
errors = validate_login(data)
if errors:
return templates.TemplateResponse("login.html", {
"request": request, "user": None, "errors": errors, "form": data,
})
user = db.query(User).filter(User.email == data["email"].strip()).first()
if not user or not verify_password(data["password"], user.password_hash):
return templates.TemplateResponse("login.html", {
"request": request, "user": None,
"errors": ["Неверный email или пароль"], "form": data,
})
if not user.is_email_confirmed:
return templates.TemplateResponse("login.html", {
"request": request, "user": None,
"errors": ["Пожалуйста, подтвердите ваш email"], "form": data,
})
request.session["user_id"] = user.id
return RedirectResponse("/profile", 303)
@router.get("/logout")
def logout(request: Request):
request.session.clear()
return RedirectResponse("/login", 303)
Reference in New Issue Copy Permalink