core/crud.py

from datetime import datetime
from typing import Annotated
from sqlmodel import Session, select
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt
import core.utils as utils
from models import User, UserCreate, Site, SiteCreate, Guest
from models import TokenData
from config import settings


oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")


def authenticate_user(username: str, password: str):
    with Session(utils.engine) as session:
        statement = select(User).where(User.username == username)
        user = session.exec(statement).first()
        if not user:
            return False
        if not utils.verify_password(password, user.password):
            return False
        if user.disabled:
            raise HTTPException(status_code=400, detail="Inactive user")
        return user



def get_user(username: str):
    with Session(utils.engine) as session:
        statement = select(User).where(User.username == username)
        user = session.exec(statement).first()
        if not user:
            raise HTTPException(status_code=404, detail="User not found")
        return user



def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = TokenData(username=username)
    except JWTError:
        raise credentials_exception
    user = get_user(username=token_data.username)
    if user is None:
        raise credentials_exception
    return user



def get_current_active_user(
    current_user: Annotated[User, Depends(get_current_user)],
):
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")
    return current_user



def get_current_super_user(
    current_user: Annotated[User, Depends(get_current_user)],
):
    if not current_user.is_su:
        raise HTTPException(status_code=403, detail="Action only allowed for admin")
    return current_user



def add_user(session: Session, user: UserCreate):
    statement = select(User).where(User.username == user.email)
    db_user = session.exec(statement).first()
    if not db_user:
        hashed_password = utils.get_password_hash(user.password)
        extra_data = {"password": hashed_password,
                    "username": user.email,
                    "created_at": datetime.now(),
                    "updated_at": datetime.now()}
        db_user = User.model_validate(user, update=extra_data)
        session.add(db_user)
        session.commit()
        session.refresh(db_user)
        return db_user
    raise HTTPException(status_code=400, detail="Email already registered")



def edit_user(session: Session, db_user: User, user):
    user_data = user.model_dump(exclude_unset=True)
    if "password" in user_data:
        hashed_password = utils.get_password_hash(user_data["password"])
        user_data["password"] = hashed_password
    extra_data = {"updated_at": datetime.now()}
    db_user.sqlmodel_update(user_data, update=extra_data)
    try:
        session.add(db_user)
        session.commit()
    except Exception as e:
        raise HTTPException(status_code=400, detail="Update failed -> Hint: check for unique username")
    else:
        session.refresh(db_user)
        return db_user



# --------------------
# ------ Sites -------
# --------------------



def camera_exists(session: Session, site):
    exists = None
    cameras = session.exec(select(Site.in_camera, Site.out_camera)).all()
    camera_list = [item for inner_tuple in cameras for item in inner_tuple if item is not None]
    if site.in_camera is not None:
        exists = "in_camera" if site.in_camera in camera_list else None
    if site.out_camera is not None:
        exists = "out_camera" if site.out_camera in camera_list else None
    if exists is not None:
        raise HTTPException(status_code=400, detail=f"Camera (Device ID) already exists in {exists}s")



def push_site(session: Session, site: SiteCreate):
    try:
        session.add(site)
        session.commit()
    except Exception as e:
        raise HTTPException(status_code=400, detail="Action failed -> Hint: Check for unique site name")
    else:
        session.refresh(site)
        return site



def get_current_site(session: Session, current_user: User, site_id: int):
    session.add(current_user)
    user_site_ids = [site.id for site in current_user.sites]
    if site_id not in user_site_ids:
        raise HTTPException(status_code=403, detail="Access only allowed for own sites")
    site = session.get(Site, site_id)
    if not site:
        raise HTTPException(status_code=404, detail="Site not found")
    return site
    



# --------------------
# ------ Hosts -------
# --------------------

def vector_exists(session: Session, guest):
    statement = select(Guest).where(Guest.vector == guest.vector)
    db_guest = session.exec(statement).first()
    if db_guest:
        raise HTTPException(status_code=400, detail=f"Guest/Host vector already exists at id {db_guest.id}")



def get_host_of_site(session: Session, current_site: Site, host_id:int):
    site_host_ids = [host.id for host in current_site.hosts]
    if host_id not in site_host_ids:
        raise HTTPException(status_code=403, detail="Access only allowed for own hosts")
    host = session.get(Guest, host_id)
    if not host:
        raise HTTPException(status_code=404, detail="Host not found")
    return host





# --------------------
# ------ Admin -------
# --------------------



def create_su():
    with Session(utils.engine) as session:
        statement = select(User).where(User.username == settings.SU_NAME)
        su = session.exec(statement).first()
        if not su:
           su = User(
               username = settings.SU_NAME,
               password = utils.get_password_hash(settings.SU_PASSWORD),
               is_su=True,
               disabled=False
               )
           session.add(su)
           session.commit()