office auth

This commit is contained in:
CHIEFSOFT\ameye
2025-07-21 06:19:06 -04:00
parent 9710390254
commit 45e7d64963
3 changed files with 96 additions and 1 deletions
+25
View File
@@ -14,6 +14,7 @@ from app.api.services import (
AuthorizationService, AuthorizationService,
MyProductsService, MyProductsService,
ContactService, ContactService,
OfficeAuthService
) )
from app.utils.logger import logger from app.utils.logger import logger
from app.api.middlewares import enforce_json, require_auth from app.api.middlewares import enforce_json, require_auth
@@ -195,6 +196,30 @@ def test_check():
#response = ProductsService.process_request(data) #response = ProductsService.process_request(data)
return {"status": "ok"}, 200 return {"status": "ok"}, 200
#======================================================
@api.route('/office/login', methods=['POST'])
def login():
data = request.get_json()
# Check if username and password are provided
if not data or 'username' not in data or 'password' not in data:
return jsonify({
'error': 'Missing credentials',
'message': 'Username and password are required'
}), 400
username = data.get('username', '')
password = data.get('password', '')
# Call the login method from AuthService
result = OfficeAuthService.login(username, password)
# Check if result is a tuple (error response)
if isinstance(result, tuple):
return jsonify(result[0]), result[1]
return jsonify(result)
#=====================================================
# # EligibilityCheck Endpoint # # EligibilityCheck Endpoint
# @api.route("/EligibilityCheck", methods=["POST"]) # @api.route("/EligibilityCheck", methods=["POST"])
+2 -1
View File
@@ -12,4 +12,5 @@ from app.api.services.register import RegisterService
from app.api.services.products import ProductsService from app.api.services.products import ProductsService
from app.api.services.account import AccountService from app.api.services.account import AccountService
from app.api.services.myproduct import MyProductsService from app.api.services.myproduct import MyProductsService
from app.api.services.contacts import ContactService from app.api.services.contacts import ContactService
from app.api.services.office_auth import OfficeAuthService
+69
View File
@@ -0,0 +1,69 @@
from flask import session, jsonify
from marshmallow import ValidationError
from werkzeug.security import generate_password_hash, check_password_hash
import datetime
import jwt
from app.config import Config
class OfficeAuthService:
@staticmethod
def login(username, password):
"""
Login method that checks for specific credentials and returns a JWT token
"""
# Define valid credentials for testing
valid_credentials = {
"mermsuser": "mermsuser",
"admin": "admin123",
"test": "test123"
}
# Check if the provided credentials are valid
if username in valid_credentials and password == valid_credentials[username]:
# Generate JWT token with 15 minutes expiration
payload = {
'sub': username, # Subject (typically user ID)
'iat': datetime.datetime.utcnow(), # Issued at
'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15), # Expiration (15 minutes)
'role': 'admin' if username == 'admin' else 'user' # Role based on username
}
# Get the secret key from config
secret_key = Config.JWT_SECRET_KEY
# Generate the token
token = jwt.encode(payload, secret_key, algorithm='HS256')
# Return the token and user info
return {
'jwt_token': token,
'user': {
'username': username,
'role': 'admin' if username == 'admin' else 'user'
},
'expires_in': 900 # 15 minutes in seconds
}
else:
# Return error for invalid credentials
return {
'error': 'Invalid credentials',
'message': 'The username or password is incorrect'
}, 401
@staticmethod
def verify_token(token):
"""
Verify the JWT token
"""
try:
# Get the secret key from config
secret_key = Config.JWT_SECRET_KEY
# Decode the token
payload = jwt.decode(token, secret_key, algorithms=['HS256'])
return payload
except jwt.ExpiredSignatureError:
return None # Token has expired
except jwt.InvalidTokenError:
return None # Invalid token