o sg$@s$ddlZddlZddlZddlZddlmZddlZddlZddlZddl Z ddl m Z m Z ddl mZddlmZmZddlmZmZmZmZmZmZmZmZmZmZddlmZeZ ej!ded Z"Gd d d eZ#Gd d d eZ$ddZ%de&fddZ'de#de&fddZ(GdddZ)dS)N) urlencode) HTTPExceptionstatus) RSAAlgorithm) BaseModelEmailStr) ACCESS_TOKENCOGNITO_CLIENT_IDCOGNITO_CLIENT_SECRETCOGNITO_DOMAINCOGNITO_LOGOUT_REDIRECT_URICOGNITO_REDIRECT_URICOGNITO_REGIONCOGNITO_USER_POOL_IDID_TOKEN REFRESH_TOKEN) UserServicez cognito-idp) region_namec@s.eZdZUeed<eed<eed<eed<dS)CreateUserRequestemail first_name last_nameroleN)__name__ __module__ __qualname__r__annotations__strrr1/var/www/html/XCapMarket/services/auth_service.pyrs  rc@s6eZdZUeed<eed<eed<eed<eed<dS) TokenResponse access_tokenid_token refresh_token expires_in token_typeN)rrrrrintrrrrr &s  r cCs(dtdtd}t|}|dS)Nzhttps://cognito-idp.z.amazonaws.com/z/.well-known/jwks.jsonkeys)rrrequestsgetjson)keys_urlresponserrrget_cognito_public_keys.s  r-tokenc szTt|}|dt}tfdd|Dd}|s!tdddtt|}ddl }tj ||dgt d d }| d d}t | }||} | dkrRtd | d |WStyi} z tdt| d| d} ~ ww)Nkidc3s |] }|dkr|VqdS)r/Nr).0kkey_idrr ;sz%validate_jwt_token..iz Invalid token status_codedetailrRS256 ) algorithmsaudienceleewayiatu.⚠️ WARNING: Your server clock is behind byzseconds.)jwtget_unverified_headerr-nextrrfrom_jwkr*dumpstimedecoder r)r&print Exceptionr) r.headers public_keyskey public_keyrCpayloadr= current_timetime_differenceerr2rvalidate_jwt_token4s8    rO user_datatemporary_passwordc s(z\tjt|jd|jddddg|jrd|jdgng|jr'd|jdgng|d}|di}|d g}d d |D}td |jd |d|d|d|ddWStj j yr}zt ddd|d}~wt y}zt dt|t ddt|d|d}~ww)z Creates a new user in Cognito user pool with the specified email and temporary password. The user will be required to change their password on first login. rNameValueemail_verifiedtrue given_name family_name) UserPoolIdUsernameUserAttributesTemporaryPasswordUser AttributescSsi|] }|d|dqSrRr)r0attrrrr |sz,create_user_cognito_pool..zCreated new user: zUser created successfullyrZ)messageusernamerrrz#User with this email already existsr5NzError creating user: )cognito_clientadmin_create_userrrrrr) XCM_loggerinfo exceptionsUsernameExistsExceptionrrFerrorr)rPrQr,userattributes_listuser_attributesrNrrrcreate_user_cognito_pool[sX    roc@sPeZdZddZddZdefddZdefd d Zd d Zd dZ ddZ dS) AuthServicecCsdS)Nrselfrrr__init__szAuthService.__init__cs"ttddd}tdt|S)zGenerates Cognito login URLcodezopenid email profile) redirect_uri client_id response_typescopez/login?)r r r r)rrparamsrrrloginszAuthService.loginrtc s|s tdddtd}|}dt|td}dd|d }zzt4Id Hd}|j|||d 4Id H@}|jd krS| Id H}t d |t|jdd| Id H} | | Id HWd Id HWd Id HWS1Id Hs}wYWd Id HWd S1Id HswYWd Stj y} zt dt| t| tddt| d| d } ~ ww)z-Handles the OAuth callback and token exchangercz Authorization code not provided.r5 /oauth2/tokenauthorization_code) grant_typervrtru!application/x-www-form-urlencodedBasic z Content-Type AuthorizationNdatarGzToken exchange failed: zFailed to retrieve tokens.zCognito API error: %srdz!Error connecting to Cognito API: )rr _create_basic_auth_headerr r aiohttp ClientSessionpostrr*rgrk_process_tokens ClientErrorrrE) rrrt token_url auth_headerrKrGsessionr, error_detailtokensrNrrrhandle_callbacksZ  2 zAuthService.handle_callbackr#c s8|s ttjddtd}|}tt|d}dd|d}z]t4IdHG}|j |||d 4IdH#}| | IdH}|WdIdHWdIdHWS1IdHs`wYWdIdHWdS1IdHswwYWdStj y} zt d t| ttjd d| d} ~ ww) z0Refreshes the access token using a refresh tokenzRefresh token not providedr5r{)r}rvr#r~rrNrzToken refresh failed: %szFailed to refresh token)rrHTTP_401_UNAUTHORIZEDr rrr rrrraise_for_statusr*rrgrkr) rrr#rrrKrGrr,rrNrrrr#sL 2zAuthService.refresh_tokencCstdtdtS)z Generates the Cognito logout URLz/logout?client_id=z &logout_uri=)r r r rqrrrget_logout_urlszAuthService.get_logout_urlcCs(tdt}|d}t|dS)z3Creates the Basic Auth header for Cognito API calls:ascii)r r encodebase64 b64encoderD)rr auth_string auth_bytesrrrrs z%AuthService._create_basic_auth_headerc sr|t}|t}|t}t|}t}||}|d}|r+d|d|nd|d|} || |dS)z2Process and validate tokens, create user if needed isNewUserz/account/setup/user?id_token=z&access_token=z/project/listing?id_token=)r frontend_urlr#)r)rrrrOrget_or_create_user) rrrr"r!r# user_info user_service user_response is_new_userrrrrrs      zAuthService._process_tokensN) rrrrsrzrrr#rrrrrrrrps /% rp)*rr*loggingos urllib.parserrboto3r>r(fastapirrjwt.algorithmsrpydanticrrconfigs.configrr r r r r rrrrservices.user_servicer getLoggerrgclientrerr r-rrOrorprrrrs4  0 ' 7