MikaList/game_collection/user_management.py

from flask import Blueprint, request, jsonify, g
from models import db, User, Game
from datetime import datetime, timedelta
import jwt
from werkzeug.security import generate_password_hash, check_password_hash
import os

user_bp = Blueprint('user', __name__)
SECRET_KEY = os.environ.get('SECRET_KEY', 'your_secret_key')  # Set a secret key for JWT

def generate_token(user):
    payload = {
        'user_id': user.id,
        'exp': datetime.utcnow() + timedelta(days=1)  # Token expires in 1 day
    }
    return jwt.encode(payload, SECRET_KEY, algorithm='HS256')

def authenticate():
    token = request.headers.get('Authorization')
    if token:
        try:
            payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
            g.user = User.query.get(payload['user_id'])
            return True
        except jwt.ExpiredSignatureError:
            return False
        except jwt.InvalidTokenError:
            return False
    return False

@user_bp.before_request
def before_request():
    if request.endpoint not in ['user.login_user', 'user.create_user']:
        if not authenticate():
            return jsonify({'message': 'Unauthorized access!'}), 401

@user_bp.route('/users', methods=['POST'])
def create_user():
    if not authenticate() or g.user.role != 'admin':
        return jsonify({'message': 'Unauthorized access! Only admins can create users.'}), 401
    data = request.json
    hashed_password = generate_password_hash(data['password'])
    new_user = User(
        username=data['username'],
        password=hashed_password,
        role=data.get('role', 'user'),
        last_login=None
    )
    db.session.add(new_user)
    db.session.commit()
    return jsonify({'message': 'User created!'}), 201

@user_bp.route('/users/login', methods=['POST'])
def login_user():
    data = request.json
    user = User.query.filter_by(username=data['username']).first()
    if user and check_password_hash(user.password, data['password']):
        user.last_login = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        db.session.commit()
        token = generate_token(user)
        return jsonify({'message': 'Login successful!', 'token': token, 'role': user.role}), 200
    return jsonify({'message': 'Invalid credentials!'}), 401

@user_bp.route('/users', methods=['GET'])
def get_users():
    users = User.query.all()
    return jsonify([{
        'id': user.id,
        'username': user.username,
        'role': user.role,
        'last_login': user.last_login
    } for user in users])

@user_bp.route('/users/<int:user_id>', methods=['PUT'])
def edit_user(user_id):
    if not authenticate() or g.user.role != 'admin':
        return jsonify({'message': 'Unauthorized access! Only admins can edit users.'}), 401
    data = request.json
    user = User.query.get(user_id)
    if not user:
        return jsonify({'message': 'User not found!'}), 404
    user.username = data.get('username', user.username)
    user.role = data.get('role', user.role)
    
    # Update password if provided
    if 'password' in data:
        user.password = generate_password_hash(data['password'])
    
    db.session.commit()
    return jsonify({'message': 'User updated!'}), 200

@user_bp.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
    if not authenticate() or g.user.role != 'admin':
        return jsonify({'message': 'Unauthorized access! Only admins can delete users.'}), 401
    user = User.query.get(user_id)
    if not user:
        return jsonify({'message': 'User not found!'}), 404
    db.session.delete(user)
    db.session.commit()
    return jsonify({'message': 'User deleted!'}), 200

@user_bp.route('/games/<int:game_id>', methods=['PUT'])
def edit_game(game_id):
    if not authenticate():
        return jsonify({'message': 'Unauthorized access!'}), 401
    data = request.json
    game = Game.query.get(game_id)
    if not game:
        return jsonify({'message': 'Game not found!'}), 404
    game.title = data.get('title', game.title)
    game.image = data.get('image', game.image)
    game.owned = data.get('owned', game.owned)  # Update owned status if provided
    
    db.session.commit()
    return jsonify({'message': 'Game updated!'}), 200

@user_bp.route('/games/<int:game_id>', methods=['DELETE'])
def delete_game(game_id):
    if not authenticate() or g.user.role != 'admin':
        return jsonify({'message': 'Unauthorized access! Only admins can delete games.'}), 401
    game = Game.query.get(game_id)
    if not game:
        return jsonify({'message': 'Game not found!'}), 404
    db.session.delete(game)
    db.session.commit()
    return jsonify({'message': 'Game deleted!'}), 200
feat: add authentication middleware to restrict access to logged-in users only 2024-09-02 10:40:44 +02:00			`from flask import Blueprint, request, jsonify, g`
feat: add edit_game endpoint to allow users to update game title and image 2024-09-02 11:42:20 +02:00			`from models import db, User, Game`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`from datetime import datetime, timedelta`
			`import jwt`
feat: implement password hashing for user authentication and storage 2024-09-02 10:43:07 +02:00			`from werkzeug.security import generate_password_hash, check_password_hash`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`import os`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00
			`user_bp = Blueprint('user', __name__)`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`SECRET_KEY = os.environ.get('SECRET_KEY', 'your_secret_key') # Set a secret key for JWT`

			`def generate_token(user):`
			`payload = {`
			`'user_id': user.id,`
			`'exp': datetime.utcnow() + timedelta(days=1) # Token expires in 1 day`
			`}`
			`return jwt.encode(payload, SECRET_KEY, algorithm='HS256')`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00
feat: add authentication middleware to restrict access to logged-in users only 2024-09-02 10:40:44 +02:00			`def authenticate():`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`token = request.headers.get('Authorization')`
			`if token:`
			`try:`
			`payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])`
			`g.user = User.query.get(payload['user_id'])`
feat: add authentication middleware to restrict access to logged-in users only 2024-09-02 10:40:44 +02:00			`return True`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`except jwt.ExpiredSignatureError:`
			`return False`
			`except jwt.InvalidTokenError:`
			`return False`
feat: add authentication middleware to restrict access to logged-in users only 2024-09-02 10:40:44 +02:00			`return False`

			`@user_bp.before_request`
			`def before_request():`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`if request.endpoint not in ['user.login_user', 'user.create_user']:`
feat: add authentication middleware to restrict access to logged-in users only 2024-09-02 10:40:44 +02:00			`if not authenticate():`
			`return jsonify({'message': 'Unauthorized access!'}), 401`

feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00			`@user_bp.route('/users', methods=['POST'])`
			`def create_user():`
fix: restrict user creation to admin users only 2024-09-02 11:09:26 +02:00			`if not authenticate() or g.user.role != 'admin':`
			`return jsonify({'message': 'Unauthorized access! Only admins can create users.'}), 401`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00			`data = request.json`
feat: implement password hashing for user authentication and storage 2024-09-02 10:43:07 +02:00			`hashed_password = generate_password_hash(data['password'])`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00			`new_user = User(`
			`username=data['username'],`
feat: implement password hashing for user authentication and storage 2024-09-02 10:43:07 +02:00			`password=hashed_password,`
			`role=data.get('role', 'user'),`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00			`last_login=None`
			`)`
			`db.session.add(new_user)`
			`db.session.commit()`
			`return jsonify({'message': 'User created!'}), 201`

			`@user_bp.route('/users/login', methods=['POST'])`
			`def login_user():`
			`data = request.json`
feat: implement password hashing for user authentication and storage 2024-09-02 10:43:07 +02:00			`user = User.query.filter_by(username=data['username']).first()`
			`if user and check_password_hash(user.password, data['password']):`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00			`user.last_login = datetime.now().strftime('%Y-%m-%d %H:%M:%S')`
			`db.session.commit()`
feat: implement JWT authentication for user management 2024-09-02 10:51:50 +02:00			`token = generate_token(user)`
			`return jsonify({'message': 'Login successful!', 'token': token, 'role': user.role}), 200`
feat: implement user management with roles and last login tracking 2024-09-02 10:32:26 +02:00			`return jsonify({'message': 'Invalid credentials!'}), 401`

			`@user_bp.route('/users', methods=['GET'])`
			`def get_users():`
			`users = User.query.all()`
			`return jsonify([{`
			`'id': user.id,`
			`'username': user.username,`
			`'role': user.role,`
			`'last_login': user.last_login`
			`} for user in users])`
feat: add user editing and deletion functionality for admins 2024-09-02 11:12:18 +02:00
			`@user_bp.route('/users/<int:user_id>', methods=['PUT'])`
			`def edit_user(user_id):`
			`if not authenticate() or g.user.role != 'admin':`
			`return jsonify({'message': 'Unauthorized access! Only admins can edit users.'}), 401`
			`data = request.json`
			`user = User.query.get(user_id)`
			`if not user:`
			`return jsonify({'message': 'User not found!'}), 404`
			`user.username = data.get('username', user.username)`
			`user.role = data.get('role', user.role)`
feat: allow admin to update user password without viewing it 2024-09-02 11:14:15 +02:00
			`# Update password if provided`
			`if 'password' in data:`
			`user.password = generate_password_hash(data['password'])`

feat: add user editing and deletion functionality for admins 2024-09-02 11:12:18 +02:00			`db.session.commit()`
			`return jsonify({'message': 'User updated!'}), 200`

			`@user_bp.route('/users/<int:user_id>', methods=['DELETE'])`
			`def delete_user(user_id):`
			`if not authenticate() or g.user.role != 'admin':`
			`return jsonify({'message': 'Unauthorized access! Only admins can delete users.'}), 401`
			`user = User.query.get(user_id)`
			`if not user:`
			`return jsonify({'message': 'User not found!'}), 404`
			`db.session.delete(user)`
			`db.session.commit()`
			`return jsonify({'message': 'User deleted!'}), 200`
feat: add edit_game endpoint to allow users to update game title and image 2024-09-02 11:42:20 +02:00
			`@user_bp.route('/games/<int:game_id>', methods=['PUT'])`
			`def edit_game(game_id):`
			`if not authenticate():`
			`return jsonify({'message': 'Unauthorized access!'}), 401`
			`data = request.json`
			`game = Game.query.get(game_id)`
			`if not game:`
			`return jsonify({'message': 'Game not found!'}), 404`
			`game.title = data.get('title', game.title)`
			`game.image = data.get('image', game.image)`
feat: allow admins to edit the "owned" status of games 2024-09-02 11:43:41 +02:00			`game.owned = data.get('owned', game.owned) # Update owned status if provided`
feat: add edit_game endpoint to allow users to update game title and image 2024-09-02 11:42:20 +02:00
			`db.session.commit()`
			`return jsonify({'message': 'Game updated!'}), 200`
feat: add delete game functionality for admins 2024-09-02 11:42:55 +02:00
			`@user_bp.route('/games/<int:game_id>', methods=['DELETE'])`
			`def delete_game(game_id):`
			`if not authenticate() or g.user.role != 'admin':`
			`return jsonify({'message': 'Unauthorized access! Only admins can delete games.'}), 401`
			`game = Game.query.get(game_id)`
			`if not game:`
			`return jsonify({'message': 'Game not found!'}), 404`
			`db.session.delete(game)`
			`db.session.commit()`
			`return jsonify({'message': 'Game deleted!'}), 200`