Masterstreet
/
pedidos-express


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
							from logging import getLogger
from fastapi import APIRouter
from fastapi.responses import JSONResponse
from httpx import RequestError
import redis
import config
from models import user
from models.user import  LoginRequest, UserIDRequest, RegisterUserRequest
from services.data_service import UserDataService
from cryptography.fernet import Fernet
from config.settings import PIN_KEY
from auth.security import generate_token
from services.email_service import send_email
from config.mails import REGISTER_MAIL
from config.settings import APPNAME
fernet = Fernet(PIN_KEY.encode())
logger = getLogger(__name__)
user_data_service = UserDataService()

user_router = APIRouter()


def unique_pin_generate():
    """Generate a unique 4-digit PIN"""
    import random
    pin = str(random.randint(1000, 9999))
    return pin

@user_router.post("/exists")
async def exists_user(request: UserIDRequest):
        """Check if user exists"""
        user = user_data_service.get_by_id(request.id)
        if user:
            return JSONResponse(status_code=200, content={"exists": True})
        else:
            return JSONResponse(status_code=404, content={"exists": False, "data": {"message": "User does not exist."}})

@user_router.post("/register")
async def register_user(request: RegisterUserRequest):
    """Register a new user"""
    pin = unique_pin_generate()
    userID = user_data_service.create(request.name, request.email, request.rut, pin)
    if userID == -1:
        return JSONResponse(status_code=400, content={"message": "User already exists."})
    user = user_data_service.get_by_id(userID)
    if not user:
        return JSONResponse(status_code=500, content={"message": "Error creating user."})
    send_email(
        REGISTER_MAIL["subject"],
        REGISTER_MAIL["body"],
        [user.email], name=user.nombre, app_name=APPNAME, pin=pin
    )
    return JSONResponse(status_code=201, content={"message": "User created successfully.", "data": {
        **user.model_dump(exclude={"pin_hash"}),
        "token": generate_token(user.email)
    }})

@user_router.post("/login")
async def login_user(request: LoginRequest):
    """Login user with email and PIN"""
    logger.debug(f"Login attempt for email: {request.email}")
    user = user_data_service.login(request.email, request.pin)
    if user:
        # Successful login, return user data and token
        return JSONResponse(status_code=200, content={"message": "Login successful.", "data": {
            "id": user.id,
            "name": user.nombre,
            "email": user.email,
            "kleincoins": user.kleincoins,
            "created_at": user.created_at,
            "token": generate_token(user.email)
        }})
    else:
        # Failed login: increment attempts in Redis
        redis_client = redis.Redis(host='localhost', port=6379, db=0)
        redis_client.incr(f"login_attempts:{request.email}")
        redis_client.expire(f"login_attempts:{request.email}", 3600)
        redis_attempts = redis_client.get(f"login_attempts:{request.email}")
        attempts = int(redis_attempts) if redis_attempts else 0 # type: ignore
        if attempts and int(attempts) > 5:
            # Too many attempts, block login
            return JSONResponse(status_code=429, content={"message": "Too many login attempts. Please try again later."})
        else:
            # Set flag for last failed login
            redis_client.set(f"last_failed_login:{request.email}", "true")
            redis_client.expire(f"last_failed_login:{request.email}", 3600)
            logger.warning(f"Failed login attempt for {request.email}. Attempts: {attempts}")
            logger.error("Invalid email or PIN.")
        # Return unauthorized with attempts remaining
        return JSONResponse(status_code=401, content={"message": "Invalid email or PIN.", "attempts_remaining": 5 - attempts if attempts else 5})

@user_router.delete("/delete")
async def delete_user(request: UserIDRequest):
    """Delete a user by ID"""
    user = user_data_service.delete(request.id)
    if user:
        return JSONResponse(status_code=200, content={"message": "User deleted successfully.", "data": user})
    else:
        return JSONResponse(status_code=404, content={"message": "User not found."})

@user_router.get("/all")
async def get_all_users():
    """Get all users"""
    users = list(map(lambda u: u.model_dump(), user_data_service.get_all()))
    return JSONResponse(status_code=200, content={"data": users})