Spaces:

pykara
/

py-learn-backend

Runtime error

App Files Files Community

Oviya commited on Aug 29, 2025

Commit

6d37fa5

1 Parent(s): 449b610

Add backend: requirements, Dockerfile, verification.py

Browse files

Files changed (3) hide show

Dockerfile +22 -0
requirements.txt +6 -0
verification.py +302 -0

Dockerfile ADDED Viewed

	@@ -0,0 +1,22 @@

+FROM python:3.11-slim
+ENV DEBIAN_FRONTEND=noninteractive
+# ODBC + Microsoft SQL Server ODBC driver 17 (matches your connection string)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl gnupg2 apt-transport-https unixodbc unixodbc-dev \
+ && curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
+ && echo "deb [arch=amd64] https://packages.microsoft.com/debian/12/prod bookworm main" > /etc/apt/sources.list.d/mssql-release.list \
+ && apt-get update && ACCEPT_EULA=Y apt-get install -y msodbcsql17 \
+ && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY requirements.txt /app/
+RUN pip install --no-cache-dir -r requirements.txt
+COPY . /app
+# Spaces expect your server on port 7860
+EXPOSE 7860
+# Your Flask app object is `app` in verification.py
+# app.run() will NOT execute because gunicorn imports the module.
+CMD ["gunicorn", "--workers", "2", "--threads", "4", "--timeout", "120", "-b", "0.0.0.0:7860", "verification:app"]

requirements.txt ADDED Viewed

	@@ -0,0 +1,6 @@

+Flask
+flask-cors
+pyodbc
+bcrypt
+PyJWT
+gunicorn

verification.py ADDED Viewed

	@@ -0,0 +1,302 @@

+import pyodbc
+from flask import Flask, request, jsonify, make_response
+from flask_cors import CORS
+import jwt
+import datetime
+import bcrypt
+from functools import wraps  # Import wraps for decorators
+import pdb
+import os  # add this
+app = Flask(__name__)
+# CORS(app,
+#      supports_credentials=True,
+#      resources={r"/*": {"origins": "http://localhost:4200"}})
+CORS(app, supports_credentials=True, origins=["http://localhost:4200"])
+# CORS(app, supports_credentials=True, origins=["http://localhost:4200"])
+# CORS(app, supports_credentials=True)  # Enable CORS with credentials
+app.config['SECRET_KEY'] = '96c63da06374c1bde332516f3acbd23c84f35f90d8a6321a25d790a0a451af32'
+# ✅ Configure SQL Server Connection (Windows Authentication)
+DB_SERVER   = "pykara-sqlserver.c5aosm6ie5j3.eu-north-1.rds.amazonaws.com,1433"
+DB_DATABASE = "AuthenticationDB1"
+# ✅ Create Connection String for Windows Authentication
+# conn_str = f"DRIVER={{SQL Server}};SERVER={DB_SERVER};DATABASE={DB_DATABASE};Trusted_Connection=yes"
+# Use Windows Authentication only for local SQLEXPRESS; otherwise use SQL login from environment
+if DB_SERVER.lower().startswith("localhost") or "\\" in DB_SERVER:
+    # Local dev: Windows Authentication
+    conn_str = f"DRIVER={{SQL Server}};SERVER={DB_SERVER};DATABASE={DB_DATABASE};Trusted_Connection=yes"
+else:
+    # RDS: SQL authentication (no hard-coding; read from env)
+    conn_str = (
+        "DRIVER={ODBC Driver 17 for SQL Server};"
+        f"SERVER={DB_SERVER};DATABASE={DB_DATABASE};"
+        f"UID={os.getenv('DB_USER')};PWD={os.getenv('DB_PASSWORD')};"
+        "Encrypt=yes;TrustServerCertificate=yes"
+    )
+# ✅ Function to Connect to SQL Server
+def get_db_connection():
+    return pyodbc.connect(conn_str)
+# ✅ Initialize the database (Create required tables if they do not exist)
+def init_db():
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    # ✅ Create Users Table
+    cursor.execute("""
+        IF OBJECT_ID('Users', 'U') IS NULL
+        CREATE TABLE Users (
+            id INT IDENTITY(1,1) PRIMARY KEY,
+            username NVARCHAR(100) UNIQUE NOT NULL,
+            password_hash NVARCHAR(500) NOT NULL,
+            role NVARCHAR(50) DEFAULT 'user'
+        )
+    """)
+    # ✅ Create Blacklisted Tokens Table (For Logout)
+    cursor.execute("""
+        IF OBJECT_ID('BlacklistedTokens', 'U') IS NULL
+        CREATE TABLE BlacklistedTokens (
+            id INT IDENTITY(1,1) PRIMARY KEY,
+            token NVARCHAR(1000) UNIQUE NOT NULL,
+            created_at DATETIME DEFAULT GETDATE()
+        )
+    """)
+    # ✅ Create Refresh Tokens Table (For Secure Token Refresh)
+    cursor.execute("""
+        IF OBJECT_ID('RefreshTokens', 'U') IS NULL
+        CREATE TABLE RefreshTokens (
+            id INT IDENTITY(1,1) PRIMARY KEY,
+            username NVARCHAR(100) NOT NULL,
+            token NVARCHAR(1000) UNIQUE NOT NULL,
+            created_at DATETIME DEFAULT GETDATE(),
+            FOREIGN KEY (username) REFERENCES Users(username) ON DELETE CASCADE
+        )
+    """)
+    conn.commit()
+    conn.close()
+# ✅ Initialize Database (Call once when Flask starts)
+init_db()
+# ✅ Implement token verification function
+def token_required(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        print("🔐 Accessing protected route:", request.path)
+        print("🍪 Cookies received:", request.cookies)
+        token = request.cookies.get('access_token')  # Access token from cookies
+        if not token:
+            return jsonify({"message": "Token is missing"}), 401
+        try:
+            # ✅ Check if token is blacklisted in SQL Server
+            conn = get_db_connection()
+            cursor = conn.cursor()
+            cursor.execute("SELECT token FROM BlacklistedTokens WHERE token = ?", (token,))
+            result = cursor.fetchone()
+            conn.close()
+            if result:
+                return jsonify({"message": "Token has been revoked. Please log in again."}), 401
+            data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])
+            return f(data['username'], *args, **kwargs)
+        except jwt.ExpiredSignatureError:
+            return jsonify({"message": "Token has expired"}), 401
+        except jwt.InvalidTokenError:
+            return jsonify({"message": "Invalid token"}), 401
+    return decorated
+# ✅ Protected route: Dashboard
+@app.route('/dashboard', methods=['GET'])
+@token_required
+def dashboard(username):
+    return jsonify({"message": f"Welcome {username} to your dashboard!"})
+# ✅ Login: Generate Access & Refresh Tokens (Uses SQL Server for authentication)
+@app.route('/login', methods=['POST'])
+def login():
+    print("Login Request works")
+    data = request.json
+    username = data.get('username')
+    password = data.get('password')
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    # ✅ Retrieve user from SQL Server
+    cursor.execute("SELECT password_hash FROM Users WHERE username = ?", (username,))
+    user = cursor.fetchone()
+    conn.close()
+    if not user:
+        return jsonify({"message": "Invalid credentials"}), 401
+    stored_hashed_password = user[0]
+    if bcrypt.checkpw(password.encode('utf-8'), stored_hashed_password.encode('utf-8')):
+        # ✅ Generate Access Token (expires in 15 minutes)
+        access_token = jwt.encode(
+            {'username': username, 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15)},
+            app.config['SECRET_KEY'],
+            algorithm="HS256"
+        )
+        print(f"Generated Access Token: {access_token}")
+        # ✅ Generate Refresh Token (expires in 7 days)
+        refresh_token = jwt.encode(
+            {'username': username, 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=7)},
+            app.config['SECRET_KEY'],
+            algorithm="HS256"
+        )
+        print(f"Generated Refresh Token: {refresh_token}")
+        # ✅ Store refresh token in SQL Server
+        conn = get_db_connection()
+        cursor = conn.cursor()
+        cursor.execute("INSERT INTO RefreshTokens (username, token) VALUES (?, ?)", (username, refresh_token))
+        conn.commit()
+        conn.close()
+        # Set the tokens in cookies
+        resp = make_response(jsonify({"message": "Login successful"}))
+        resp.set_cookie('access_token', access_token, httponly=True, secure=False, samesite='Lax',  max_age=900)  # Adjusted secure flag for development (set to True for production)
+        resp.set_cookie('refresh_token', refresh_token, httponly=True, secure=False, samesite='Lax',  max_age=7*24*60*60 )  # Same adjustment for refresh token
+        print(f"Set Cookies: access_token={access_token}, refresh_token={refresh_token}")
+        return resp
+    return jsonify({"message": "Invalid credentials"}), 401
+# ✅ Refresh Token: Get New Access Token
+@app.route('/refresh', methods=['POST'])
+def refresh():
+    refresh_token = request.cookies.get("refresh_token")
+    if not refresh_token:
+        return jsonify({'message': 'Refresh token is missing'}), 400
+    # Step 1: Decode and verify expiration
+    try:
+        payload = jwt.decode(refresh_token, app.config['SECRET_KEY'], algorithms=["HS256"])
+    except jwt.ExpiredSignatureError:
+        return jsonify({'message': 'Refresh token has expired'}), 401
+    except jwt.InvalidTokenError:
+        return jsonify({'message': 'Invalid refresh token'}), 401
+    # Step 2: Check if the token exists in DB
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    cursor.execute("SELECT username FROM RefreshTokens WHERE token = ?", (refresh_token,))
+    result = cursor.fetchone()
+    conn.close()
+    if not result:
+        return jsonify({'message': 'Invalid refresh token'}), 401
+    username = result[0]
+    # Step 3: Generate new access token
+    new_access_token = jwt.encode(
+        {'username': username, 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15)},
+        app.config['SECRET_KEY'],
+        algorithm="HS256"
+    )
+    resp = make_response(jsonify({'access_token': new_access_token}))
+    resp.set_cookie(
+        'access_token',
+        new_access_token,
+        httponly=True,
+        secure=False,
+        samesite='Lax',
+        max_age=900    # 15 minutes
+    )
+    return resp
+@app.route('/logout', methods=['POST'])
+@token_required
+def logout(username):
+    print("Logout Request works")
+    print("Incoming  Cookies:", request.cookies)
+    # ✅ Get the access token from cookies
+    token = request.cookies.get('access_token')
+    print("Logout Request - Token received:", token)
+    if not token:
+        return jsonify({"message": "Invalid token format"}), 401
+    try:
+        print("Decoding token...")
+        # ✅ Decode the token manually to extract username
+        data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])
+        username = data['username']
+        print(f"Token decoded successfully. Username: {username}, Expiry: {data['exp']}")
+    except jwt.ExpiredSignatureError:
+        return jsonify({"message": "Token has expired"}), 401
+    except jwt.InvalidTokenError:
+        return jsonify({"message": "Invalid token"}), 401
+    print(f"Blacklisting token: {token}")
+    # ✅ Store the revoked token in SQL Server **only if it's not already blacklisted**
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    # Check if the token is already blacklisted
+    cursor.execute("SELECT token FROM BlacklistedTokens WHERE token = ?", (token,))
+    existing_token = cursor.fetchone()
+    if not existing_token:
+        cursor.execute("INSERT INTO BlacklistedTokens (token) VALUES (?)", (token,))
+    # ✅ Remove refresh token for the user
+    cursor.execute("DELETE FROM RefreshTokens WHERE username = ?", (username,))
+    conn.commit()
+    conn.close()
+    # ✅ Clear cookies
+    resp = make_response(jsonify({"message": "Logged out successfully!"}))
+    resp.delete_cookie('access_token', path='/')
+    resp.delete_cookie('refresh_token', path='/')
+    return resp
+@app.route('/check-auth', methods=['GET'])
+@token_required
+def check_auth(username):
+    return jsonify({"message": "Authenticated", "username": username}), 200
+if __name__ == '__main__':
+    app.run(debug=True)