add user jwt auth, providing access and refresh tokens

Author: piyush-jaiswal

.env.example

@@ -1 +1,2 @@
 SQLALCHEMY_DATABASE_URI=your_database_url
+JWT_SECRET_KEY=your_super-secret-key

app/__init__.py

@@ -1,6 +1,8 @@
 import os
+from datetime import timedelta
 
-from flask import Flask
+from flask import Flask, jsonify
+from flask_jwt_extended import JWTManager
 from flask_migrate import Migrate
 from flask_sqlalchemy import SQLAlchemy
 from dotenv import load_dotenv
@@ -14,6 +16,10 @@
 app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv("SQLALCHEMY_DATABASE_URI")
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 
+app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY")
+app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=3)
+app.config["JWT_REFRESH_TOKEN_EXPIRES"] = timedelta(days=3)
+
 # PostgreSQL-compatible naming convention (to follow the naming convention already used in the DB)
 # https://stackoverflow.com/questions/4107915/postgresql-default-constraint-names
 naming_convention = {
@@ -26,6 +32,7 @@
 metadata = MetaData(naming_convention=naming_convention)
 db = SQLAlchemy(app, metadata=metadata)
 migrate = Migrate(app, db)
+jwt = JWTManager(app)
 
 from app import routes
 

app/routes.py

@@ -1,7 +1,138 @@
 from flask import request, abort, jsonify
+from flask_jwt_extended import create_access_token, create_refresh_token, get_jwt_identity, jwt_required
+from sqlalchemy.exc import IntegrityError
+from email_validator import EmailNotValidError
 
 from app import app, db
-from app.models import Category, Subcategory, Product, category_subcategory, subcategory_product
+from app.models import Category, Subcategory, Product, User, category_subcategory, subcategory_product
+
+
+@app.route('/auth/register', methods=['POST'])
+def register():
+    """
+    Register a new user.
+    ---
+    tags:
+        - User
+    description: Register a new user.
+    requestBody:
+        required: true
+        description: email - Email id <br> password - Password
+        content:
+            application/json:
+                schema:
+                    type: object
+                    required:
+                        - email
+                        - password
+                    properties:
+                        email:
+                            type: string
+                        password:
+                            type: string
+    responses:
+        201:
+            description: User registered successfully.
+        400:
+            description: Invalid input.
+        409:
+            description: Email already exists.
+        500:
+            description: Internal Server Error.
+    """
+    if not request.json:
+        abort(400)
+
+    try:
+        email = request.json.get('email')
+        password = request.json.get('password')
+        if not email or not password:
+            abort(400)
+
+        user = User()
+        user.set_email(email)
+        user.set_password(password)
+        db.session.add(user)
+        db.session.commit()
+        return { "message": "Registered!" }, 201
+    except IntegrityError:
+        return jsonify({'error': 'Email already exists'}), 409
+    except EmailNotValidError as e:
+        return jsonify(code='invalid_email_format', error=str(e)), 400
+
+
+@app.route('/auth/login', methods=['POST'])
+def login():
+    """
+    Login a user.
+    ---
+    tags:
+        - User
+    description: Login a user.
+    requestBody:
+        required: true
+        description: email - Email id <br> password - Password
+        content:
+            application/json:
+                schema:
+                    type: object
+                    required:
+                        - email
+                        - password
+                    properties:
+                        email:
+                            type: string
+                        password:
+                            type: string
+    responses:
+        200:
+            description: User logged in successfully.
+        400:
+            description: Invalid input.
+        401:
+            description: Invalid username or password.
+        500:
+            description: Internal Server Error.
+    """
+    if not request.json:
+        abort(400)
+
+    email = request.json.get('email')
+    password = request.json.get('password')
+    if not email or not password:
+        abort(400)
+
+    user = User.get(email=email)
+    if not user or not user.check_password(password):
+        return jsonify(error='Invalid username or password. Check again or register.'), 401
+
+    access_token = create_access_token(identity=str(user.id), fresh=True)
+    refresh_token = create_refresh_token(identity=str(user.id))
+    return jsonify(access_token=access_token, refresh_token=refresh_token), 200
+
+
+@app.route('/auth/refresh', methods=['POST'])
+@jwt_required(refresh=True)
+def refresh():
+    """
+    Get new access token using your refresh token
+    ---
+    tags:
+        - User
+    description: Get new access token using your refresh token.
+    security:
+        - refresh_token: []
+    responses:
+        200:
+            description: New access token.
+        401:
+            description: Token expired, missing or invalid.
+        500:
+            description: Internal Server Error.
+    """
+    identity = get_jwt_identity()
+    access_token = create_access_token(identity=identity, fresh=False)
+    return jsonify(access_token=access_token), 200
 
 
 @app.route('/category/create', methods=['POST'])

requirements.txt

@@ -7,3 +7,4 @@ flasgger==0.9.7.1
 Flask-Migrate==4.1.0
 email_validator==1.3.1
 email-normalize==0.2.1
+Flask-JWT-Extended==4.7.1