From d68da10f75ecab4f86b175981a4f266214cfdee8 Mon Sep 17 00:00:00 2001 From: yaso-meth Date: Wed, 24 Jul 2024 10:18:16 +0200 Subject: [PATCH] Add app authentication when making api calls --- backend/main.py | 32 +++++++++++++++---------------- backend/routers/docOffices.py | 10 +++++++--- backend/routers/fileStorage.py | 9 ++++++--- backend/routers/medicine.py | 9 ++++++--- backend/routers/patients.py | 18 ++++++++++------- backend/routers/patients_files.py | 12 ++++++++---- backend/routers/patients_notes.py | 14 +++++++++----- backend/routers/users.py | 14 +++++++++----- 8 files changed, 72 insertions(+), 46 deletions(-) diff --git a/backend/main.py b/backend/main.py index ed550a1e..f4c76fbf 100644 --- a/backend/main.py +++ b/backend/main.py @@ -60,25 +60,25 @@ app.include_router(medicine.router) def read_root(): return serverRunning() -# Check if server is up -@app.get("/session") -def read_root(): - async def like_comment(session: SessionContainer = Depends(verify_session())): - user_id = session.get_user_id() +# # Check if server is up +# @app.get("/session") +# def read_root(): +# async def like_comment(session: SessionContainer = Depends(verify_session())): +# user_id = session.get_user_id() - return {"Session id": user_id} +# return {"Session id": user_id} -@app.post('/get_user_info_api') -async def get_user_info_api(session: SessionContainer = Depends(verify_session())): - user_id = session.get_user_id() +# @app.post('/get_user_info_api') +# async def get_user_info_api(session: SessionContainer = Depends(verify_session())): +# user_id = session.get_user_id() - thirdparty_user = await get_user_by_id_thirdparty(user_id) - if thirdparty_user is None: - passwordless_user = await get_user_by_id_passwordless(user_id) - if passwordless_user is not None: - print(passwordless_user) - else: - print(thirdparty_user) +# thirdparty_user = await get_user_by_id_thirdparty(user_id) +# if thirdparty_user is None: +# passwordless_user = await get_user_by_id_passwordless(user_id) +# if passwordless_user is not None: +# print(passwordless_user) +# else: +# print(thirdparty_user) def serverRunning(): return {"Status": "Server is Up and Running"} diff --git a/backend/routers/docOffices.py b/backend/routers/docOffices.py index 6c12bccc..cd073d82 100644 --- a/backend/routers/docOffices.py +++ b/backend/routers/docOffices.py @@ -1,12 +1,16 @@ import mysql.connector from fastapi import APIRouter, HTTPException from ..database import dbConnection +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() # Get Doctors Office By ID @router.get("/docOffices/{docOffic_id}", tags="DocOffice") -async def read_docOfficeByID(docOffic_id: int): +async def read_docOfficeByID(docOffic_id: int, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM doctor_offices WHERE iddoctor_offices=%s" @@ -21,7 +25,7 @@ async def read_docOfficeByID(docOffic_id: int): # Get Doctors Office By user @router.get("/docOffices/user/{user}", tags="DocOffice") -async def read_docOfficeByID(user: str): +async def read_docOfficeByID(user: str, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM users WHERE email=%s" @@ -42,7 +46,7 @@ async def read_docOfficeByID(user: str): # Get List of all Doctors Office @router.get("/docOffices/", tags="DocOffice") -async def read_All_DoctorsOffice(): +async def read_All_DoctorsOffice(session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM doctor_offices" diff --git a/backend/routers/fileStorage.py b/backend/routers/fileStorage.py index a2f67a33..c3514e24 100644 --- a/backend/routers/fileStorage.py +++ b/backend/routers/fileStorage.py @@ -7,7 +7,10 @@ from reportlab.lib.pagesizes import A4 from reportlab.lib.utils import ImageReader import io from datetime import datetime -#from minioConnect import minioConnection +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() @@ -19,7 +22,7 @@ class medCertUploud(BaseModel): endDate: str returnDate: str - +#=================understand Supertoken multirequest for file submission================================ # Get List of all files by patient @router.post("/files/upload/file/", tags="patients_files") async def generateAndUploudMedCert( file: UploadFile = File(...)): @@ -34,7 +37,7 @@ async def generateAndUploudMedCert( file: UploadFile = File(...)): # Get List of all files by patient @router.post("/files/generate/med-cert/", tags="patients_files") -async def generateAndUploudMedCert(requestItem: medCertUploud): +async def generateAndUploudMedCert(requestItem: medCertUploud, session: SessionContainer = Depends(verify_session())): uploudMedCert(requestItem.fullName, requestItem.docfname, requestItem.startDate, diff --git a/backend/routers/medicine.py b/backend/routers/medicine.py index 33752488..e9cfd5c1 100644 --- a/backend/routers/medicine.py +++ b/backend/routers/medicine.py @@ -2,7 +2,10 @@ from fastapi import APIRouter, HTTPException from pydantic import BaseModel import os import xlrd - +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() @@ -12,12 +15,12 @@ class medicine(BaseModel): #get all medicines @router.get("/users/medicine/all", tags="medicine") -async def read_all_medicine(): +async def read_all_medicine(session: SessionContainer = Depends(verify_session())): return getMedicineData("") #get all medicines by search @router.get("/users/medicine/{medSearch}", tags="medicine") -async def read_all_medicine(medSearch: str): +async def read_all_medicine(medSearch: str, session: SessionContainer = Depends(verify_session())): return getMedicineData(medSearch) def getMedicineData(medsearch: str): diff --git a/backend/routers/patients.py b/backend/routers/patients.py index 5b509d66..615a75fe 100644 --- a/backend/routers/patients.py +++ b/backend/routers/patients.py @@ -2,6 +2,10 @@ import mysql.connector from fastapi import APIRouter, HTTPException from pydantic import BaseModel from ..database import dbConnection +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() @@ -41,7 +45,7 @@ class patientDeleteRequest(BaseModel): # Get Patient By ID Number @router.get("/patients/id/{pat_id}", tags="patients") -async def read_patientByID(pat_id: str): +async def read_patientByID(pat_id: str, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patients WHERE idpatients=%s" @@ -90,7 +94,7 @@ async def read_patientByID(id_no: str): # Get List of all patients @router.get("/patients/user/{email}", tags="patients") -async def read_all_patientsByUser(email: str): +async def read_all_patientsByUser(email: str, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() #query = "SELECT * FROM patients" @@ -124,7 +128,7 @@ async def read_all_patientsByUser(email: str): # Get List of all patients @router.get("/patients/", tags="patients") -async def read_all_patients(): +async def read_all_patients(session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patients" @@ -151,7 +155,7 @@ async def read_all_patients(): # Get List of all patients by Doctors Office @router.get("/patients/docOffice/{docoff_id}", tags="patients") -async def read_all_patientsby(docoff_id: str): +async def read_all_patientsby(docoff_id: str, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patients where doc_office_id=%s" @@ -178,7 +182,7 @@ async def read_all_patientsby(docoff_id: str): # Insert Patient into table @router.post("/patients/insert/", tags="patients", status_code=201) -async def insertPatient(itemRequest : patientInsertRequest): +async def insertPatient(itemRequest : patientInsertRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "insert into patients " @@ -211,7 +215,7 @@ async def insertPatient(itemRequest : patientInsertRequest): # Update Patient on table @router.put("/patients/update/", tags="patients") -async def UpdatePatient(itemRequest : patientUpdateRequest): +async def UpdatePatient(itemRequest : patientUpdateRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "update patients " @@ -246,7 +250,7 @@ async def UpdatePatient(itemRequest : patientUpdateRequest): # delete Patient on table @router.delete("/patients/delete/", tags="patients") -async def DeletePatient(itemRequest : patientDeleteRequest): +async def DeletePatient(itemRequest : patientDeleteRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "delete from patients " diff --git a/backend/routers/patients_files.py b/backend/routers/patients_files.py index 3ca8a1e2..71350299 100644 --- a/backend/routers/patients_files.py +++ b/backend/routers/patients_files.py @@ -3,6 +3,10 @@ from fastapi import APIRouter, HTTPException from pydantic import BaseModel from ..database import dbConnection from datetime import date +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() @@ -17,7 +21,7 @@ class fileInsertRequest(BaseModel): # Get List of all files @router.get("/files/patients/", tags="patients_files") -async def read_all_files(): +async def read_all_files(session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patient_files" @@ -38,7 +42,7 @@ async def read_all_files(): # Get List of all files by patient @router.get("/files/patients/{patientID}", tags="patients_files") -async def read_all_files_by_patient(patientID: int): +async def read_all_files_by_patient(patientID: int, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patient_files where patient_id = %s ORDER BY insert_date DESC" @@ -59,7 +63,7 @@ async def read_all_files_by_patient(patientID: int): # Get List of all files by patient & DocOffice @router.get("/files/patients-docOffice/", tags="patients_files") -async def read_all_files_by_patient(itemRequest: fileRequest): +async def read_all_files_by_patient(itemRequest: fileRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "select patient_files.idpatient_files, patient_files.file_path, patient_files.file_name, patient_files.patient_id, patient_files.insert_date, patients.doc_office_id " @@ -86,7 +90,7 @@ async def read_all_files_by_patient(itemRequest: fileRequest): # Insert Patient note into table @router.post("/files/insert/", tags="patients_notes", status_code=201) -async def insertPatientFiles(itemRequest : fileInsertRequest): +async def insertPatientFiles(itemRequest : fileInsertRequest, session: SessionContainer = Depends(verify_session())): today = date.today() db = dbConnection.dbConnect() cursor = db.cursor() diff --git a/backend/routers/patients_notes.py b/backend/routers/patients_notes.py index 69021153..fdb48f9f 100644 --- a/backend/routers/patients_notes.py +++ b/backend/routers/patients_notes.py @@ -3,6 +3,10 @@ from fastapi import APIRouter, HTTPException from pydantic import BaseModel from datetime import date from ..database import dbConnection +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() @@ -23,7 +27,7 @@ class patientNoteUpdateRequest(BaseModel): # Get List of all notes @router.get("/notes/patients/", tags="patients_notes") -async def read_all_notes(): +async def read_all_notes(session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patient_notes" @@ -43,7 +47,7 @@ async def read_all_notes(): # Get List of all notes by patient @router.get("/notes/patients/{patientID}", tags="patients_notes") -async def read_all_patientsby(patientID: int): +async def read_all_patientsby(patientID: int, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM patient_notes where patient_id = %s ORDER BY insert_date DESC" @@ -64,7 +68,7 @@ async def read_all_patientsby(patientID: int): # Get List of all notes by patient @router.get("/notes/patients-docOffice/", tags="patients_notes") -async def read_all_patientsby(itemRequest: fileRequest): +async def read_all_patientsby(itemRequest: fileRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "select patient_notes.idpatient_notes, patient_notes.note_name, patient_notes.note_text, patient_notes.patient_id, patient_notes.insert_date, patients.doc_office_id " @@ -88,7 +92,7 @@ async def read_all_patientsby(itemRequest: fileRequest): # Insert Patient note into table @router.post("/notes/insert/", tags="patients_notes", status_code=201) -async def insertPatientNotes(itemRequest : patientNoteInsertRequest): +async def insertPatientNotes(itemRequest : patientNoteInsertRequest, session: SessionContainer = Depends(verify_session())): today = date.today() db = dbConnection.dbConnect() cursor = db.cursor() @@ -111,7 +115,7 @@ async def insertPatientNotes(itemRequest : patientNoteInsertRequest): # Update Patient note on table @router.put("/notes/update/", tags="patients_notes") -async def UpdatePatient(itemRequest : patientNoteUpdateRequest): +async def UpdatePatient(itemRequest : patientNoteUpdateRequest, session: SessionContainer = Depends(verify_session())): today = date.today() db = dbConnection.dbConnect() cursor = db.cursor() diff --git a/backend/routers/users.py b/backend/routers/users.py index 0705997c..66d7c83b 100644 --- a/backend/routers/users.py +++ b/backend/routers/users.py @@ -1,6 +1,10 @@ from fastapi import APIRouter, HTTPException from pydantic import BaseModel from ..database import dbConnection +#SuperToken Auth from front end +from supertokens_python.recipe.session.framework.fastapi import verify_session +from supertokens_python.recipe.session import SessionContainer +from fastapi import Depends router = APIRouter() @@ -20,7 +24,7 @@ class userUpdateRequest(BaseModel): #get user by email & doc Office ID @router.get("/users/profile/{email}", tags="users") -async def read_all_users(email: str): +async def read_all_users(email: str, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM users where email = %s" @@ -44,7 +48,7 @@ async def read_all_users(email: str): # Get List of all files @router.get("/users/", tags="users") -async def read_all_users(): +async def read_all_users(session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM users" @@ -68,7 +72,7 @@ async def read_all_users(): # Get List of all files @router.get("/user/{uid}", tags="users") -async def read_all_users(uid: str): +async def read_all_users(uid: str, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "SELECT * FROM users where app_id = %s" @@ -92,7 +96,7 @@ async def read_all_users(uid: str): # Insert Patient into table @router.post("/user/insert/", tags="user", status_code=201) -async def insertPatient(itemRequest : userInsertRequest): +async def insertPatient(itemRequest : userInsertRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "insert into users " @@ -112,7 +116,7 @@ async def insertPatient(itemRequest : userInsertRequest): # Update User on table @router.put("/user/update/", tags="user") -async def UpdateUser(itemRequest : userUpdateRequest): +async def UpdateUser(itemRequest : userUpdateRequest, session: SessionContainer = Depends(verify_session())): db = dbConnection.dbConnect() cursor = db.cursor() query = "update users "