Spaces:

Testys
/

clearance_sys

Runtime error

App Files Files Community

Testys commited on 26 days ago

Commit

ec5cc84

1 Parent(s): 5735639

FIX: Fixing the models.py part

Browse files

Files changed (6) hide show

src/auth.py +80 -65
src/config.py +7 -1
src/crud/__init__.py +21 -28
src/crud/devices.py +4 -0
src/models.py +121 -74
src/routers/students.py +2 -2

src/auth.py CHANGED Viewed

@@ -1,85 +1,100 @@
 from fastapi import Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordBearer, APIKeyHeader
 from jose import JWTError, jwt
-from passlib.context import CryptContext
-from datetime import datetime, timedelta, timezone
-from typing import Optional
 from sqlmodel import Session, select
-from src.database import get_session
-from src.models import User
-from src.config import settings
-# --- Security Configuration ---
-# Password hashing context using bcrypt
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-# OAuth2 scheme for token-based authentication
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")
-# API key header for device authentication
-api_key_header = APIKeyHeader(name="X-API-Key", auto_error=True)
-# --- Password Utilities ---
-def verify_password(plain_password: str, hashed_password: str) -> bool:
-    """Verifies a plain password against a hashed password."""
-    return pwd_context.verify(plain_password, hashed_password)
-def hash_password(password: str) -> str:
-    """Hashes a plain password."""
-    return pwd_context.hash(password)
-# --- JWT Token Utilities ---
-def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str:
-    """
-    Generates a new JWT access token.
-    """
     to_encode = data.copy()
     if expires_delta:
-        expire = datetime.now(timezone.utc) + expires_delta
     else:
-        # Default expiration time: 15 minutes
-        expire = datetime.now(timezone.utc) + timedelta(minutes=15)
     to_encode.update({"exp": expire})
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
     return encoded_jwt
-# --- User Authentication and Authorization ---
-async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_session)) -> User:
-    """
-    Decodes the JWT token to get the current user.
-    Raises an exception if the token is invalid or the user doesn't exist.
-    """
-    credentials_exception = HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED,
-        detail="Could not validate credentials",
-        headers={"WWW-Authenticate": "Bearer"},
-    )
-    try:
-        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
-        username: Optional[str] = payload.get("sub")
-        if username is None:
-            raise credentials_exception
-    except JWTError:
-        raise credentials_exception
-    user = db.exec(select(User).where(User.username == username)).first()
-    if user is None:
-        raise credentials_exception
     return user
-async def get_current_active_user(current_user: User = Depends(get_current_user)) -> User:
     """
-    Ensures the user retrieved from the token is active.
     """
-    if not current_user.is_active:
-        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
-    return current_user

 from fastapi import Depends, HTTPException, status
+from fastapi.security import APIKeyHeader, OAuth2PasswordBearer
 from jose import JWTError, jwt
 from sqlmodel import Session, select
+from typing import List, Optional
+from typing import List, Optional
+from datetime import datetime, timedelta
+from src.config import settings
+from src.database import get_session
+from src.crud import users as user_crud
+from src.crud import devices as device_crud
+from src.models import User, Role, Device
+# --- Configuration ---
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+api_key_header = APIKeyHeader(name="x-api-key", auto_error=True)
+# --- JWT Token Functions ---
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
     to_encode = data.copy()
     if expires_delta:
+        expire = datetime.utcnow() + expires_delta
     else:
+        expire = datetime.utcnow() + timedelta(minutes=15)
     to_encode.update({"exp": expire})
     encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
     return encoded_jwt
+# --- Password Hashing ---
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return settings.PWD_CONTEXT.verify(plain_password, hashed_password)
+def hash_password(password: str) -> str:
+    return settings.PWD_CONTEXT.hash(password)
+# --- User Authentication ---
+def authenticate_user(db: Session, username: str, password: str):
+    """Authenticate user by username and password."""
+    user = user_crud.get_user_by_username(db, username=username)
+    if not user:
+        return False
+    if not verify_password(password, user.hashed_password):
+        return False
     return user
+# --- Dependency for API Key Authentication ---
+def get_api_key(
+    key: str = Depends(api_key_header), db: Session = Depends(get_session)
+) -> Device:
     """
+    Dependency to validate the API key from the x-api-key header.
+    Ensures the device is registered in the database.
     """
+    db_device = device_crud.get_device_by_api_key(db, api_key=key)
+    if not db_device:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or missing API Key",
+        )
+    return db_device
+# --- Dependency for User Authentication and Authorization ---
+def get_current_active_user(required_roles: List[Role] = None):
+    def dependency(
+        token: str = Depends(oauth2_scheme), db: Session = Depends(get_session)
+    ) -> User:
+        credentials_exception = HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+        try:
+            payload = jwt.decode(
+                token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]
+            )
+            username: str = payload.get("sub")
+            if username is None:
+                raise credentials_exception
+        except JWTError:
+            raise credentials_exception
+        user = user_crud.get_user_by_username(db, username=username)
+        if user is None:
+            raise credentials_exception
+        # Check for roles if required
+        if required_roles:
+            is_authorized = any(role == user.role for role in required_roles)
+            if not is_authorized:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail="The user does not have adequate privileges",
+                )
+        return user
+    return dependency

src/config.py CHANGED Viewed

@@ -1,14 +1,20 @@
 from pydantic_settings import BaseSettings
 import os
 from dotenv import load_dotenv
 load_dotenv()
 class Settings(BaseSettings):
-    POSTGRES_URI: str
     JWT_SECRET_KEY: str = os.getenv("JWT_SECRET_KEY", "default_secret_key")
     ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
     class Config:
         env_file = ".env"

 from pydantic_settings import BaseSettings
+from passlib.context import CryptContext
 import os
 from dotenv import load_dotenv
 load_dotenv()
 class Settings(BaseSettings):
+    POSTGRES_URI: str = os.getenv("POSTGRES_URI", "postgresql://user:password@localhost/dbname")
     JWT_SECRET_KEY: str = os.getenv("JWT_SECRET_KEY", "default_secret_key")
+    SECRET_KEY: str = JWT_SECRET_KEY  # ADD THIS - referenced in auth.py
+    ALGORITHM: str = "HS256"  # ADD THIS - referenced in auth.py
     ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    # ADD THIS - referenced in auth.py
+    PWD_CONTEXT: CryptContext = CryptContext(schemes=["bcrypt"], deprecated="auto")
     class Config:
         env_file = ".env"

src/crud/__init__.py CHANGED Viewed

@@ -10,40 +10,36 @@ keeping the router imports clean.
 from .students import (
     create_student,
     get_all_students,
-    get_student_by_student_id,
     get_student_by_tag_id,
-    update_student_tag_id,
     delete_student,
 )
 from .users import (
     create_user,
     get_user_by_username,
     get_user_by_tag_id,
-    update_user_tag_id,
     get_user_by_id,
     delete_user,
-    hash_password,  # Import hash_password from users module
     get_all_users
 )
 from .devices import (
-    get_device_by_id_str,
     get_device_by_api_key,
-    create_device_log,
-    update_device_last_seen,
     delete_device,
 )
 from .clearance import (
-    get_clearance_statuses_by_student_id,
     update_clearance_status,
-    delete_clearance_status,
-    get_all_clearance_status,
-    get_student_clearance_status
 )
 from .tag_linking import (
-    create_pending_tag_link,
-    get_pending_link_by_id,
-    delete_pending_link_by_device_id,
-    get_pending_links,
 )
 # Export all functions
@@ -52,32 +48,29 @@ __all__ = [
     'create_user',
     'get_user_by_username',
     'get_user_by_tag_id',
-    'update_user_tag_id',
     'get_user_by_id',
     'delete_user',
     'hash_password',
     'get_all_users',
     # Students
     'create_student',
     'get_all_students',
-    'get_student_by_student_id',
     'get_student_by_tag_id',
-    'update_student_tag_id',
     'delete_student',
     # Devices
-    'get_device_by_id_str',
     'get_device_by_api_key',
-    'create_device_log',
-    'update_device_last_seen',
     'delete_device',
     # Clearance
-    'get_clearance_statuses_by_student_id',
     'update_clearance_status',
-    'delete_clearance_status',
     # Tag Linking
-    'create_pending_tag_link',
-    'get_pending_link_by_device_id',
-    'get_pending_link_by_token',
-    'delete_pending_link_by_id',
-    'get_all_pending_links',
 ]

 from .students import (
     create_student,
     get_all_students,
+    get_student_by_id,  # FIX: was get_student_by_student_id
+    get_student_by_matric_no,  # ADD: missing import
     get_student_by_tag_id,
+    update_student,  # FIX: was update_student_tag_id
     delete_student,
 )
 from .users import (
     create_user,
     get_user_by_username,
     get_user_by_tag_id,
     get_user_by_id,
+    update_user,  # FIX: was update_user_tag_id
     delete_user,
+    hash_password,
     get_all_users
 )
 from .devices import (
+    create_device,  # ADD: missing
     get_device_by_api_key,
+    get_device_by_location,  # ADD: missing
+    get_all_devices,  # ADD: missing
     delete_device,
 )
 from .clearance import (
     update_clearance_status,
+    is_student_fully_cleared,  # ADD: missing
 )
 from .tag_linking import (
+    link_tag,
+    unlink_tag,
 )
 # Export all functions
     'create_user',
     'get_user_by_username',
     'get_user_by_tag_id',
     'get_user_by_id',
+    'update_user',
     'delete_user',
     'hash_password',
     'get_all_users',
     # Students
     'create_student',
     'get_all_students',
+    'get_student_by_id',
+    'get_student_by_matric_no',
     'get_student_by_tag_id',
+    'update_student',
     'delete_student',
     # Devices
+    'create_device',
     'get_device_by_api_key',
+    'get_device_by_location',
+    'get_all_devices',
     'delete_device',
     # Clearance
     'update_clearance_status',
+    'is_student_fully_cleared',
     # Tag Linking
+    'link_tag',
+    'unlink_tag',
 ]

src/crud/devices.py CHANGED Viewed

@@ -72,3 +72,7 @@ def delete_device(db: Session, device_id: int) -> Optional[Device]:
     db.delete(db_device)
     db.commit()
     return db_device

     db.delete(db_device)
     db.commit()
     return db_device
+def get_device_by_location(db: Session, location: str) -> Optional[Device]:
+    """Retrieves a device by its location."""
+    return db.exec(select(Device).where(Device.location == location)).first()

src/models.py CHANGED Viewed

@@ -1,130 +1,177 @@
-from sqlmodel import Field, Relationship, SQLModel
 from typing import List, Optional
-from enum import Enum as PyEnum
-# --- Enums for Controlled Vocabularies ---
-# Using enums ensures data consistency for categorical fields.
-class UserRole(str, PyEnum):
-    STUDENT = "student"
-    STAFF = "staff"
     ADMIN = "admin"
-class Department(str, PyEnum):
-    LIBRARY = "library"
-    BURSARY = "bursary"
-    ALUMNI = "alumni"
-    DEPARTMENTAL = "departmental"
-class ClearanceProcess(str, PyEnum):
     PENDING = "pending"
     APPROVED = "approved"
     REJECTED = "rejected"
 # --- Database Table Models ---
-# Represents a User (Staff or Admin)
 class User(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
     username: str = Field(index=True, unique=True)
-    email: str = Field(unique=True)
-    full_name: Optional[str] = None
     hashed_password: str
-    role: UserRole = Field(default=UserRole.STAFF)
-    is_active: bool = Field(default=True)
-    # One-to-one relationship with an RFID tag
-    rfid_tag: Optional["RFIDTag"] = Relationship(back_populates="user")
-# Represents a Student
 class Student(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
-    matric_no: str = Field(index=True, unique=True)
     full_name: str
-    email: str = Field(unique=True)
     department: Department
-    hashed_password: str
-    # One-to-many relationship with clearance statuses
-    clearance_statuses: List["ClearanceStatus"] = Relationship(
-        back_populates="student", sa_relationship_kwargs={"cascade": "all, delete-orphan"}
-    )
-    # One-to-one relationship with an RFID tag
-    rfid_tag: Optional["RFIDTag"] = Relationship(back_populates="student")
-# Represents an RFID tag, linking it to either a User or a Student
-class RFIDTag(SQLModel, table=True):
-    id: Optional[int] = Field(default=None, primary_key=True)
-    tag_id: str = Field(index=True, unique=True, description="The unique ID from the RFID chip")
-    # Foreign keys to link to User or Student (only one should be set)
-    user_id: Optional[int] = Field(default=None, foreign_key="user.id")
-    student_id: Optional[int] = Field(default=None, foreign_key="student.id")
-    # Relationships back to the owner of the tag
-    user: Optional[User] = Relationship(back_populates="rfid_tag")
-    student: Optional[Student] = Relationship(back_populates="rfid_tag")
-# Represents a single clearance status for a student in a specific department
 class ClearanceStatus(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
-    department: Department
-    status: ClearanceProcess = Field(default=ClearanceProcess.PENDING)
     student_id: int = Field(foreign_key="student.id")
-    student: Student = Relationship(back_populates="clearance_statuses")
-# Represents a physical ESP32 device
 class Device(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
-    device_name: str = Field(index=True, unique=True)
-    api_key: str = Field(unique=True)
     is_active: bool = Field(default=True)
-    department: Department
 # --- Pydantic Models for API Operations ---
-# These models define the shape of data for creating and updating records via the API.
-# For Users
 class UserCreate(SQLModel):
     username: str
-    email: str
     password: str
-    full_name: Optional[str] = None
-    role: UserRole = UserRole.STAFF
 class UserUpdate(SQLModel):
     email: Optional[str] = None
     full_name: Optional[str] = None
     password: Optional[str] = None
-    is_active: Optional[bool] = None
-# For Students
 class StudentCreate(SQLModel):
-    matric_no: str
     full_name: str
     email: str
-    password: str
 class StudentUpdate(SQLModel):
     full_name: Optional[str] = None
     email: Optional[str] = None
-    password: Optional[str] = None
-# For Devices
-class DeviceCreate(SQLModel):
-    device_name: str
     department: Department
-# For Tag Linking
 class TagLink(SQLModel):
     tag_id: str
     matric_no: Optional[str] = None
     username: Optional[str] = None
-# For Clearance Updates
-class ClearanceUpdate(SQLModel):
-    matric_no: str
-    department: Department
-    status: ClearanceProcess

 from typing import List, Optional
+from sqlmodel import Field, Relationship, SQLModel
+from enum import Enum
+# --- Enums for choices ---
+class Role(str, Enum):
     ADMIN = "admin"
+    STAFF = "staff"
+    STUDENT = "student"
+class Department(str, Enum):
+    COMPUTER_SCIENCE = "Computer Science"
+    ENGINEERING = "Engineering"
+    BUSINESS_ADMIN = "Business Administration"
+    LAW = "Law"
+    MEDICINE = "Medicine"
+class ClearanceDepartment(str, Enum):
+    LIBRARY = "Library"
+    STUDENT_AFFAIRS = "Student Affairs"
+    BURSARY = "Bursary"
+    ACADEMIC_AFFAIRS = "Academic Affairs"
+    HEALTH_CENTER = "Health Center"
+class ClearanceStatusEnum(str, Enum):
     PENDING = "pending"
     APPROVED = "approved"
     REJECTED = "rejected"
 # --- Database Table Models ---
 class User(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
     username: str = Field(index=True, unique=True)
+    email: str = Field(index=True, unique=True)
+    full_name: str
     hashed_password: str
+    role: Role
+    department: Optional[Department] = None # For staff members
+    rfid_tag: Optional["RFIDTag"] = Relationship(back_populates="user", sa_relationship_kwargs={"cascade": "all, delete-orphan"})
 class Student(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
     full_name: str
+    matric_no: str = Field(index=True, unique=True)
+    email: str = Field(index=True, unique=True)
     department: Department
+    # A student's login is handled by their associated User record, not directly here.
+    rfid_tag: Optional["RFIDTag"] = Relationship(back_populates="student", sa_relationship_kwargs={"cascade": "all, delete-orphan"})
+    clearance_statuses: List["ClearanceStatus"] = Relationship(back_populates="student", sa_relationship_kwargs={"cascade": "all, delete-orphan"})
 class ClearanceStatus(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
+    department: ClearanceDepartment
+    status: ClearanceStatusEnum = Field(default=ClearanceStatusEnum.PENDING)
+    remarks: Optional[str] = None
     student_id: int = Field(foreign_key="student.id")
+    student: "Student" = Relationship(back_populates="clearance_statuses")
+class RFIDTag(SQLModel, table=True):
+    tag_id: str = Field(primary_key=True, index=True)
+    student_id: Optional[int] = Field(default=None, foreign_key="student.id", unique=True)
+    user_id: Optional[int] = Field(default=None, foreign_key="user.id", unique=True)
+    student: Optional["Student"] = Relationship(back_populates="rfid_tag")
+    user: Optional["User"] = Relationship(back_populates="rfid_tag")
 class Device(SQLModel, table=True):
     id: Optional[int] = Field(default=None, primary_key=True)
+    device_name: str = Field(unique=True, index=True)
+    api_key: str = Field(unique=True, index=True)
+    location: str
     is_active: bool = Field(default=True)
 # --- Pydantic Models for API Operations ---
+# Token Model
+class Token(SQLModel):
+    access_token: str
+    token_type: str
+# User Models
 class UserCreate(SQLModel):
     username: str
     password: str
+    email: str
+    full_name: str
+    role: Role
+    department: Optional[Department] = None
 class UserUpdate(SQLModel):
+    username: Optional[str] = None
     email: Optional[str] = None
     full_name: Optional[str] = None
+    role: Optional[Role] = None
+    department: Optional[Department] = None
     password: Optional[str] = None
+class UserRead(SQLModel):
+    id: int
+    username: str
+    email: str
+    full_name: str
+    role: Role
+    department: Optional[Department] = None
+# Student Models
 class StudentCreate(SQLModel):
     full_name: str
+    matric_no: str
     email: str
+    department: Department
+    password: str # This will be used to create the associated User account for the student
 class StudentUpdate(SQLModel):
     full_name: Optional[str] = None
+    department: Optional[Department] = None
     email: Optional[str] = None
+class StudentRead(SQLModel):
+    id: int
+    full_name: str
+    matric_no: str
     department: Department
+# Clearance Status Models
+class ClearanceStatusRead(SQLModel):
+    department: ClearanceDepartment
+    status: ClearanceStatusEnum
+    remarks: Optional[str] = None
+class ClearanceUpdate(SQLModel):
+    matric_no: str
+    department: ClearanceDepartment
+    status: ClearanceStatusEnum
+    remarks: Optional[str] = None
+# Combined Read Model
+class StudentReadWithClearance(StudentRead):
+    clearance_statuses: List[ClearanceStatusRead] = []
+    rfid_tag: Optional["RFIDTagRead"] = None
+# RFID Tag Models
+class RFIDTagRead(SQLModel):
+    tag_id: str
+    student_id: Optional[int] = None
+    user_id: Optional[int] = None
 class TagLink(SQLModel):
     tag_id: str
     matric_no: Optional[str] = None
     username: Optional[str] = None
+# RFID Device-Specific Models
+class RFIDScanRequest(SQLModel):
+    tag_id: str
+class RFIDStatusResponse(SQLModel):
+    status: str
+    full_name: Optional[str] = None
+    message: Optional[str] = None
+    clearance: Optional[str] = None
+class TagScan(SQLModel):
+    tag_id: str
+# Device Models
+class DeviceCreate(SQLModel):
+    device_name: str
+    location: str
+class DeviceRead(SQLModel):
+    id: int
+    device_name: str
+    api_key: str
+    location: str
+    is_active: bool

src/routers/students.py CHANGED Viewed

@@ -2,7 +2,7 @@ from fastapi import APIRouter, Depends, HTTPException, status
 from sqlmodel import Session
 from src.database import get_session
-from src.auth import get_current_active_student
 from src.models import Student, StudentReadWithClearance
 router = APIRouter(
@@ -14,7 +14,7 @@ router = APIRouter(
 def read_student_me(
     # This dependency ensures the user is an authenticated student
     # and injects their database object into the 'current_student' parameter.
-    current_student: Student = Depends(get_current_active_student)
 ):
     """
     Endpoint for a logged-in student to retrieve their own profile

 from sqlmodel import Session
 from src.database import get_session
+from src.auth import get_current_active_user
 from src.models import Student, StudentReadWithClearance
 router = APIRouter(
 def read_student_me(
     # This dependency ensures the user is an authenticated student
     # and injects their database object into the 'current_student' parameter.
+    current_student: Student = Depends(get_current_active_user)
 ):
     """
     Endpoint for a logged-in student to retrieve their own profile