From 45e7d649639d5855e23376a0762c5d7af05572e2 Mon Sep 17 00:00:00 2001
From: "CHIEFSOFT\\ameye" <ameye@chiefsfot.com>
Date: Mon, 21 Jul 2025 06:19:06 -0400
Subject: [PATCH] office auth

---
 app/api/routes/routes.py        | 25 ++++++++++++
 app/api/services/__init__.py    |  3 +-
 app/api/services/office_auth.py | 69 +++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 app/api/services/office_auth.py

diff --git a/app/api/routes/routes.py b/app/api/routes/routes.py
index b148496..0c6cc01 100644
--- a/app/api/routes/routes.py
+++ b/app/api/routes/routes.py
@@ -14,6 +14,7 @@ from app.api.services import (
     AuthorizationService,
     MyProductsService,
     ContactService,
+    OfficeAuthService
 )
 from app.utils.logger import logger
 from app.api.middlewares import enforce_json, require_auth
@@ -195,6 +196,30 @@ def test_check():
     #response = ProductsService.process_request(data)
     return {"status": "ok"}, 200
 
+#======================================================
+@api.route('/office/login', methods=['POST'])
+def login():
+    data = request.get_json()
+
+    # Check if username and password are provided
+    if not data or 'username' not in data or 'password' not in data:
+        return jsonify({
+            'error': 'Missing credentials',
+            'message': 'Username and password are required'
+        }), 400
+
+    username = data.get('username', '')
+    password = data.get('password', '')
+
+    # Call the login method from AuthService
+    result = OfficeAuthService.login(username, password)
+
+    # Check if result is a tuple (error response)
+    if isinstance(result, tuple):
+        return jsonify(result[0]), result[1]
+
+    return jsonify(result)
+#=====================================================
 
 # # EligibilityCheck Endpoint
 # @api.route("/EligibilityCheck", methods=["POST"])
diff --git a/app/api/services/__init__.py b/app/api/services/__init__.py
index 4aee5f3..e57341e 100644
--- a/app/api/services/__init__.py
+++ b/app/api/services/__init__.py
@@ -12,4 +12,5 @@ from app.api.services.register import RegisterService
 from app.api.services.products import ProductsService
 from app.api.services.account import AccountService
 from app.api.services.myproduct import MyProductsService
-from app.api.services.contacts import ContactService
\ No newline at end of file
+from app.api.services.contacts import ContactService
+from app.api.services.office_auth import OfficeAuthService
diff --git a/app/api/services/office_auth.py b/app/api/services/office_auth.py
new file mode 100644
index 0000000..eb3a62e
--- /dev/null
+++ b/app/api/services/office_auth.py
@@ -0,0 +1,69 @@
+from flask import session, jsonify
+from marshmallow import ValidationError
+from werkzeug.security import generate_password_hash, check_password_hash
+import datetime
+import jwt
+from app.config import Config
+
+
+class OfficeAuthService:
+    @staticmethod
+    def login(username, password):
+        """
+        Login method that checks for specific credentials and returns a JWT token
+        """
+        # Define valid credentials for testing
+        valid_credentials = {
+            "mermsuser": "mermsuser",
+            "admin": "admin123",
+            "test": "test123"
+        }
+
+        # Check if the provided credentials are valid
+        if username in valid_credentials and password == valid_credentials[username]:
+            # Generate JWT token with 15 minutes expiration
+            payload = {
+                'sub': username,  # Subject (typically user ID)
+                'iat': datetime.datetime.utcnow(),  # Issued at
+                'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15),  # Expiration (15 minutes)
+                'role': 'admin' if username == 'admin' else 'user'  # Role based on username
+            }
+
+            # Get the secret key from config
+            secret_key = Config.JWT_SECRET_KEY
+
+            # Generate the token
+            token = jwt.encode(payload, secret_key, algorithm='HS256')
+
+            # Return the token and user info
+            return {
+                'jwt_token': token,
+                'user': {
+                    'username': username,
+                    'role': 'admin' if username == 'admin' else 'user'
+                },
+                'expires_in': 900  # 15 minutes in seconds
+            }
+        else:
+            # Return error for invalid credentials
+            return {
+                'error': 'Invalid credentials',
+                'message': 'The username or password is incorrect'
+            }, 401
+
+    @staticmethod
+    def verify_token(token):
+        """
+        Verify the JWT token
+        """
+        try:
+            # Get the secret key from config
+            secret_key = Config.JWT_SECRET_KEY
+
+            # Decode the token
+            payload = jwt.decode(token, secret_key, algorithms=['HS256'])
+            return payload
+        except jwt.ExpiredSignatureError:
+            return None  # Token has expired
+        except jwt.InvalidTokenError:
+            return None  # Invalid token
\ No newline at end of file