| import asyncio |
| import json |
| from urllib.parse import urlencode |
|
|
| import httpx |
| from fastapi import Request, HTTPException |
| from starlette.responses import RedirectResponse |
|
|
| from cbh.api.security.db_requests import verify_code_obj |
| from cbh.api.security.dto import GoogleCallbackError, VerificationCodeType |
| from cbh.api.security.models import VerificationCodeModel |
| from cbh.core.config import settings |
|
|
|
|
| def send_error_redirect( |
| error: GoogleCallbackError, code: VerificationCodeModel | None = None |
| ) -> RedirectResponse: |
| """ |
| Send an error redirect. |
| """ |
| if code: |
| redirect_url = f"{settings.Audience}/signup?code={code.id}&error={error.value}" |
| else: |
| redirect_url = f"{settings.Audience}/login/callback?error={error.value}" |
| return RedirectResponse(redirect_url) |
|
|
|
|
| def form_google_login_url(): |
| """ |
| Form the Google login URL with the given parameters. |
| """ |
| params = { |
| "client_id": settings.GOOGLE_CLIENT_ID, |
| "redirect_uri": f"{settings.Issuer}/api/security/google/callback", |
| "response_type": "code", |
| "scope": "openid email profile", |
| "access_type": "offline", |
| "state": json.dumps({"secret": settings.SECRET_KEY}), |
| } |
| return f"https://accounts.google.com/o/oauth2/auth?{urlencode(params)}" |
|
|
|
|
| async def get_google_access_token(code: str) -> str: |
| """ |
| Get the Google access token from the given code. |
| """ |
| params = { |
| "client_id": settings.GOOGLE_CLIENT_ID, |
| "client_secret": settings.GOOGLE_CLIENT_SECRET, |
| "code": code, |
| "grant_type": "authorization_code", |
| "redirect_uri": f"{settings.Issuer}/api/security/google/callback", |
| } |
| async with httpx.AsyncClient() as client: |
| response = await client.post("https://oauth2.googleapis.com/token", data=params) |
| response.raise_for_status() |
| return response.json()["access_token"] |
|
|
|
|
| async def get_google_user_info(access_token: str) -> dict: |
| """ |
| Get the Google user info from the given access token. |
| """ |
| headers = {"Authorization": f"Bearer {access_token}"} |
| async with httpx.AsyncClient() as client: |
| response = await client.get( |
| "https://www.googleapis.com/oauth2/v1/userinfo", headers=headers |
| ) |
| response.raise_for_status() |
| return response.json() |
|
|
|
|
| async def form_google_user_info( |
| request: Request, |
| ) -> dict: |
| """ |
| Form the Google user info from the given request. |
| """ |
| code = request.query_params.get("code") |
| state = json.loads(request.query_params.get("state")) |
| if state.get("secret") != settings.SECRET_KEY: |
| raise HTTPException(status_code=403, detail="Permission denied") |
| access_token = await get_google_access_token(code) |
| user_info = await get_google_user_info(access_token) |
| return user_info |
|
|
|
|
| async def _download_google_picture(user_info: dict) -> bytes | None: |
| """ |
| Download the profile picture from the Google user info. |
| """ |
| try: |
| async with httpx.AsyncClient(timeout=httpx.Timeout(15)) as client: |
| response = await client.get(user_info["picture"]) |
| response.raise_for_status() |
| return response.content |
| except Exception: |
| return None |
|
|
|
|
| async def extract_and_upload_google_picture(user_info: dict) -> str | None: |
| """ |
| Download and upload the Google picture to S3. |
| """ |
| picture = await _download_google_picture(user_info) |
| if picture: |
| return settings.S3_CLIENT.upload_file( |
| picture, f"{user_info['email']}.png", "pictures" |
| ) |
| return None |
|
|
