Changed login sent data from Form(...) to json. Added validation to not allow user to login if account is not active. Fixed also some bugs

controllers/gearController.py

@@ -95,7 +95,7 @@ async def read_gear_all_pagination(
     return results
 
 
-@router.get("/gear/gearfromnickname/{nickname}", response_model=List[dict])
+@router.get("/gear/{nickname}/gearfromnickname", response_model=List[dict])
 async def read_gear_gearFromNickname(nickname: str, token: str = Depends(oauth2_scheme)):
     from . import sessionController
     try:
@@ -104,10 +104,13 @@ async def read_gear_gearFromNickname(nickname: str, token: str = Depends(oauth2_
             payload = jwt.decode(token, os.getenv("SECRET_KEY"), algorithms=[os.getenv("ALGORITHM")])
             user_id = payload.get("id")
 
+            # Define a search term
+            partial_nickname = unquote(nickname).replace("+", " ")
+
             # Use SQLAlchemy to query the gear records by nickname
             gear_records = (
                 db_session.query(Gear)
-                .filter(Gear.nickname == unquote(nickname).replace("+", " "), Gear.user_id == user_id)
+                .filter(Gear.nickname.like(f"%{partial_nickname}%"), Gear.user_id == user_id)
                 .all()
             )
 
@@ -123,7 +126,7 @@ async def read_gear_gearFromNickname(nickname: str, token: str = Depends(oauth2_
 
 
 # Get gear from id
-@router.get("/gear/gearfromid/{id}", response_model=List[dict])
+@router.get("/gear/{id}/gearfromid", response_model=List[dict])
 async def read_gear_gearFromId(id: int, token: str = Depends(oauth2_scheme)):
     from . import sessionController
     try:
@@ -158,7 +161,6 @@ class CreateGearRequest(BaseModel):
     nickname: str
     gear_type: int
     date: str
-    user_id: int
 
 @router.post("/gear/create")
 async def create_gear(
@@ -168,6 +170,10 @@ async def create_gear(
     from . import sessionController
     try:
         sessionController.validate_token(token)
+
+        payload = jwt.decode(token, os.getenv("SECRET_KEY"), algorithms=[os.getenv("ALGORITHM")])
+        user_id = payload.get("id")
+
         with get_db_session() as db_session:
             # Use SQLAlchemy to create a new gear record
             gear_record = Gear(
@@ -175,7 +181,7 @@ async def create_gear(
                 model=unquote(gear.model).replace("+", " "),
                 nickname=unquote(gear.nickname).replace("+", " "),
                 gear_type=gear.gear_type,
-                user_id=gear.user_id,
+                user_id=user_id,
                 created_at=gear.date,
                 is_active=True,
             )

controllers/sessionController.py

@@ -6,6 +6,7 @@ from jose import jwt, JWTError
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from db.db import get_db_session, User, AccessToken  # Import your SQLAlchemy session management from db.db and models
 from controllers.userController import UserResponse
+from pydantic import BaseModel
 
 router = APIRouter()
 
@@ -132,9 +133,16 @@ def validate_admin_access(token: str):
     except JWTError:
         raise JWTError("Invalid token")
 
+class CreateTokenRequest(BaseModel):
+    username: str
+    password: str
+    neverExpires: bool
+
 @router.post("/token")
-async def login_for_access_token(username: str = Form(...), password: str = Form(...), loginNeverExpires: bool = Form(...)):
-    access_token = await authenticate_user(username, password, loginNeverExpires)
+async def login_for_access_token(
+    token: CreateTokenRequest
+):
+    access_token = await authenticate_user(token.username, token.password, token.neverExpires)
     if not access_token:
         raise HTTPException(status_code=400, detail="Unable to retrieve access token")
     return {"access_token": access_token, "token_type": "bearer"}

controllers/userController.py

@@ -118,7 +118,7 @@ async def read_users_all_pagination(
     return results
 
 # Define an HTTP GET route to retrieve user records by username
-@router.get("/users/userfromusername/{username}", response_model=List[dict])
+@router.get("/users/{username}/userfromusername", response_model=List[dict])
 async def read_users_userFromUsername(username: str, token: str = Depends(oauth2_scheme)):
     try:
         # Validate the user's access token using the oauth2_scheme
@@ -127,12 +127,15 @@ async def read_users_userFromUsername(username: str, token: str = Depends(oauth2
         # Validate that the user has admin access
         sessionController.validate_admin_access(token)
 
+        # Define a search term
+        partial_username = unquote(username).replace("+", " ")
+
         # Create a database session using the get_db_session context manager
         with get_db_session() as db_session:
             # Use SQLAlchemy to query the user records by username
             user_records = (
                 db_session.query(User)
-                .filter(User.username == unquote(username).replace("+", " "))
+                .filter(User.username.like(f"%{partial_username}%"))
                 .all()
             )
 
@@ -150,7 +153,7 @@ async def read_users_userFromUsername(username: str, token: str = Depends(oauth2
     return results
 
 # Define an HTTP GET route to retrieve user records by user ID
-@router.get("/users/userfromid/{user_id}", response_model=List[dict])
+@router.get("/users/{user_id}/userfromid", response_model=List[dict])
 async def read_users_userFromId(user_id: int, token: str = Depends(oauth2_scheme)):
     try:
         # Validate the user's access token using the oauth2_scheme
@@ -182,7 +185,7 @@ async def read_users_userFromId(user_id: int, token: str = Depends(oauth2_scheme
     return results
 
 # Define an HTTP GET route to retrieve user ID by username
-@router.get("/users/useridfromusername/{username}")
+@router.get("/users/{username}/useridfromusername")
 async def read_users_userIDFromUsername(username: str, token: str = Depends(oauth2_scheme)):
     try:
         # Validate the user's access token using the oauth2_scheme
@@ -203,7 +206,7 @@ async def read_users_userIDFromUsername(username: str, token: str = Depends(oaut
     return {0: user_id}
 
 # Define an HTTP GET route to retrieve user photos by user ID
-@router.get("/users/userphotofromid/{user_id}")
+@router.get("/users/{user_id}/userphotofromid")
 async def read_users_userPhotoFromID(user_id: int, token: str = Depends(oauth2_scheme)):
     try:
         # Validate the user's access token using the oauth2_scheme
@@ -233,7 +236,7 @@ async def read_users_userPhotoFromID(user_id: int, token: str = Depends(oauth2_s
     
 
 # Define an HTTP GET route to retrieve user photos aux by user ID
-@router.get("/users/userphotoauxfromid/{user_id}")
+@router.get("/users/{user_id}/userphotoauxfromid")
 async def read_users_userPhotoAuxFromID(user_id: int, token: str = Depends(oauth2_scheme)):
     try:
         # Validate the user's access token using the oauth2_scheme