from fastapi import APIRouter, Depends, HTTPException, status from sqlalchemy.orm import Session from fastapi.security import OAuth2PasswordRequestForm,HTTPBearer, HTTPAuthorizationCredentials from core.security import verify_password, create_access_token, oauth2_scheme from core.config import settings from db.session import get_db from db.models.user import User # Replace with actual import from db.models.university import University # Replace with actual import from db.models.course import Course # Replace with actual import from db.schemas.user import Token, LoginRequest, UserResponse # Replace with actual import from jose import jwt, JWTError from db.models.permission import Permission from db.models.section import Section from db.schemas.permission import UserWithPermissionsResponse router = APIRouter() security = HTTPBearer() @router.post("/login", response_model=Token) def login(request: LoginRequest, db: Session = Depends(get_db)): user = db.query(User).filter(User.email == request.email).first() if not user or not verify_password(request.password, user.password_hash): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials" ) access_token = create_access_token(data={"sub": str(user.id)}) return {"access_token": access_token, "token_type": "bearer"} @router.get("/users/me", response_model=UserWithPermissionsResponse) def get_current_user(db: Session = Depends(get_db), credentials: HTTPAuthorizationCredentials = Depends(security)): token = credentials.credentials print(f"Token received: {token}") # Debugging line to check the token if not token: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated") # Decode the token to get user ID try: payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]) user_id = payload.get("sub") if user_id is None: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid authentication credentials") except JWTError: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid authentication credentials") # Fetch user user = db.query(User).filter(User.id == user_id).first() if not user: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="User not found" ) # Fetch permissions for this user's role role_permissions = ( db.query(Permission, Section) .join(Section, Permission.section_id == Section.id) .filter(Permission.role_id == user.role_id) .all() ) # Format permissions permissions_data = [ { "id": perm.id, "role_id": perm.role_id, "section": { "id": section.id, "name": section.name, "key": section.key }, "create": perm.create, "view": perm.view, "edit": perm.edit, "delete": perm.delete } for perm, section in role_permissions ] # Return combined response return { "user": { "id": user.id, "name": user.name, "email": user.email, "role_id": user.role_id, "profile_picture": user.profile_picture if user.profile_picture else "" }, "permissions": permissions_data } @router.get("/dashboard") def dashboard(db: Session = Depends(get_db)): user = db.query(User).count() print(f"User count: {user}") # Debugging line to check the token university=db.query(University).count() print(f"University count: {university}") # Debugging line to check the token course=db.query(Course).count() print(f"Course count: {course}") # Debugging line to check the token # Format permissions # Return combined response return { "count":{ "user": user, "university": university, "course": course }, "message": "Dashboard retrieved successfully" }