feature/profile-cards (#391)

* unify format * pass variables * remove namespace * rename * group-card init * shuffle + icons * remove console.logs * token CRUD * update changelog * add profile link * consolidate mealplan to profile dashboard * update docs * add query parameter to search page * update test routes * update python depts * basic token tests Co-authored-by: hay-kot <hay-kot@pm.me>
2026-02-15 12:23:12 -05:00 · 2021-05-06 21:08:27 -08:00
parent f4384167f6
commit 95ec13161f
41 changed files with 977 additions and 449 deletions
--- a/mealie/routes/deps.py
+++ b/mealie/routes/deps.py
@@ -8,7 +8,8 @@ from mealie.core.config import settings
 from mealie.db.database import db
 from mealie.db.db_setup import generate_session
 from mealie.schema.auth import TokenData
-from mealie.schema.user import UserInDB
+from mealie.schema.user import LongLiveTokenInDB, UserInDB
+from sqlalchemy.orm.session import Session

 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/token")
 ALGORITHM = "HS256"
@@ -23,8 +24,14 @@ async def get_current_user(token: str = Depends(oauth2_scheme), session=Depends(
    try:
        payload = jwt.decode(token, settings.SECRET, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
+        long_token: str = payload.get("long_token")
+
+        if long_token is not None:
+            return validate_long_live_token(session, token, payload.get("id"))
+
        if username is None:
            raise credentials_exception
+
        token_data = TokenData(username=username)
    except JWTError:
        raise credentials_exception
@@ -35,6 +42,16 @@ async def get_current_user(token: str = Depends(oauth2_scheme), session=Depends(
    return user


+def validate_long_live_token(session: Session, client_token: str, id: int) -> UserInDB:
+
+    tokens: list[LongLiveTokenInDB] = db.api_tokens.get(session, id, "parent_id", limit=9999)
+
+    for token in tokens:
+        token: LongLiveTokenInDB
+        if token.token == client_token:
+            return token.user
+
+
 async def validate_file_token(token: Optional[str] = None) -> Path:
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
--- a/mealie/routes/mealplans/crud.py
+++ b/mealie/routes/mealplans/crud.py
@@ -75,7 +75,7 @@ def get_today(session: Session = Depends(generate_session), current_user: UserIn
    group_in_db: GroupInDB = db.groups.get(session, current_user.group, "name")
    recipe = get_todays_meal(session, group_in_db)
    if recipe:
-        return recipe.slug
+        return recipe


@router.get("/today/image", tags=["Meal Plan"])
--- a/mealie/routes/users/init.py
+++ b/mealie/routes/users/init.py
@@ -1,9 +1,10 @@
 from fastapi import APIRouter

-from . import auth, crud, sign_up
+from . import api_tokens, auth, crud, sign_up

 user_router = APIRouter()

 user_router.include_router(auth.router)
 user_router.include_router(sign_up.router)
 user_router.include_router(crud.router)
+user_router.include_router(api_tokens.router)
--- a/mealie/routes/users/api_tokens.py
+++ b/mealie/routes/users/api_tokens.py
@@ -0,0 +1,56 @@
+from datetime import timedelta
+
+from fastapi import APIRouter, HTTPException, status
+from fastapi.param_functions import Depends
+from mealie.core.security import create_access_token
+from mealie.db.database import db
+from mealie.db.db_setup import generate_session
+from mealie.routes.deps import get_current_user
+from mealie.schema.user import CreateToken, LoingLiveTokenIn, LongLiveTokenInDB, UserInDB
+from sqlalchemy.orm.session import Session
+
+router = APIRouter(prefix="/api/users", tags=["User API Tokens"])
+
+
+@router.post("/api-tokens", status_code=status.HTTP_201_CREATED)
+async def create_api_token(
+    token_name: LoingLiveTokenIn,
+    current_user: UserInDB = Depends(get_current_user),
+    session: Session = Depends(generate_session),
+):
+    """ Create api_token in the Database """
+
+    token_data = {"long_token": True, "id": current_user.id}
+
+    five_years = timedelta(1825)
+    token = create_access_token(token_data, five_years)
+
+    token_model = CreateToken(
+        name=token_name.name,
+        token=token,
+        parent_id=current_user.id,
+    )
+
+    new_token_in_db = db.api_tokens.create(session, token_model)
+
+    if new_token_in_db:
+        return {"token": token}
+
+
+@router.delete("/api-tokens/{token_id}")
+async def delete_api_token(
+    token_id: int,
+    current_user: UserInDB = Depends(get_current_user),
+    session: Session = Depends(generate_session),
+):
+    """ Delete api_token from the Database """
+    token: LongLiveTokenInDB = db.api_tokens.get(session, token_id)
+
+    if not token:
+        raise HTTPException(status.HTTP_404_NOT_FOUND, f"Could not locate token with id '{token_id}' in database")
+
+    if token.user.email == current_user.email:
+        deleted_token = db.api_tokens.delete(session, token_id)
+        return {"token_delete": deleted_token.name}
+    else:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED)