add crud for forms, templates, shipment, users and auth with keycloak

backend/src/auth/auth.py

@@ -1,7 +1,13 @@
-from fastapi import APIRouter, Security, HTTPException
+from fastapi import APIRouter, Security, HTTPException, Depends
 from fastapi.responses import RedirectResponse
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
-from src.secrets import CLIENT_ID, REDIRECT_URI, AUTH_URL, CLIENT_SECRET, TOKEN_URL, JWKS_URL, ISSUER
+from sqlmodel import Session
+
+from src.settings import AUTH_URL, TOKEN_URL, JWKS_URL, ISSUER, settings
+import src.users.service as service
+from src.database import get_session
+from src.models import UserCreate
+
 import secrets
 import jwt
 from jwt import PyJWKClient
@@ -15,26 +21,24 @@ security = HTTPBearer()
 @router.get('/login')
 def login():
     state = secrets.token_urlsafe(16)
-
     params = {
-        "client_id": CLIENT_ID,
+        "client_id": settings.keycloak_client_id,
         "response_type": "code",
         "scope": "openid",
-        "redirect_uri": REDIRECT_URI,
+        "redirect_uri": settings.keycloak_redirect_uri,
         "state": state,
     }
-
     request_url = requests.Request('GET', AUTH_URL, params=params).prepare().url
     return RedirectResponse(request_url)
 
 @router.get("/callback")
-def callback(code: str):
+def callback(code: str, session: Session = Depends(get_session)):
     data = {
         "grant_type": "authorization_code",
         "code": code,
-        "redirect_uri": REDIRECT_URI,
-        "client_id": CLIENT_ID,
-        "client_secret": CLIENT_SECRET,
+        "redirect_uri": settings.keycloak_redirect_uri,
+        "client_id": settings.keycloak_client_id,
+        "client_secret": settings.keycloak_client_secret,
     }
     headers = {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -45,7 +49,17 @@ def callback(code: str):
             {"error": "Failed to get token"},
             status_code=400
         )
+
     token_data = response.json()
+   
+    id_token = token_data["id_token"]
+    decoded_token = jwt.decode(id_token, options={"verify_signature": False})
+    user_create = UserCreate(
+        email=decoded_token.get("email"),
+        name=decoded_token.get("preferred_username")
+    )
+    print(user_create)
+    user = service.get_or_create_user(session, user_create)
     return {
         "access_token": token_data["access_token"],
         "id_token": token_data["id_token"],
@@ -56,20 +70,16 @@ def verify_token(token: str):
     try:
         signing_key = jwk_client.get_signing_key_from_jwt(token)
         decoded = jwt.decode(token, options={"verify_signature": False})
-        print(decoded, ISSUER)
-        print(decoded["exp"])
         payload = jwt.decode(
             token,
             signing_key.key,
             algorithms=["RS256"],
-            audience=CLIENT_ID,
+            audience=settings.keycloak_client_id,
             issuer=ISSUER,
         )
         return payload
-
     except jwt.ExpiredSignatureError:
         raise HTTPException(status_code=401, detail="Token expired")
-
     except jwt.InvalidTokenError:
         raise HTTPException(status_code=401, detail="Invalid token")