from fastapi import FastAPI, HTTPException, Depends from fastapi.middleware.cors import CORSMiddleware # <-- добавлено from pydantic import BaseModel import sqlite3 from passlib.context import CryptContext import uvicorn from werkzeug.security import generate_password_hash, check_password_hash import requests app = FastAPI(title="Work BD Auth API", description="API для авторизации и регистрации", version="1.0") app.add_middleware( CORSMiddleware, allow_origins=["https://allowlgroup.ru","http://localhost:5173", "http://45.129.78.228:8000"], # или список конкретных доменов allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) DB_PATH = 'users.db' RECAPTCHA_SECRET_KEY = "6LdfSo8sAAAAALSLznA5nJKK0IMqNhtHRnvpDj7a" # Инициализация базы данных def init_db(): conn = sqlite3.connect(DB_PATH) cursor = conn.cursor() cursor.execute('''CREATE TABLE IF NOT EXISTS users ( id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL)''') conn.commit() conn.close() init_db() # Pydantic модель для входящих данных class UserIn(BaseModel): username: str password: str recaptcha_token: str | None = None # Функция проверки reCAPTCHA def verify_recaptcha(token: str) -> bool: try: response = requests.post( "https://www.google.com/recaptcha/api/siteverify", data={ "secret": RECAPTCHA_SECRET_KEY, "response": token, }, timeout=10 ) result = response.json() if not result.get("success"): return False if result.get("action") != "login": return False score = result.get("score", 0) if score < 0.5: return False return True except requests.RequestException: return False @app.post('/register', status_code=201, tags=["User"]) async def register(user: UserIn): if not user.username or not user.password: raise HTTPException(status_code=400, detail="Username and password required") hashed_password = generate_password_hash(user.password) try: conn = sqlite3.connect(DB_PATH) cursor = conn.cursor() cursor.execute('INSERT INTO users (username, password) VALUES (?, ?)', (user.username, hashed_password)) conn.commit() conn.close() except sqlite3.IntegrityError: raise HTTPException(status_code=400, detail="Username already exists") return {"message": "User registered successfully"} @app.post('/login', tags=["User"]) async def login(user: UserIn): print(user) if not user.username or not user.password: raise HTTPException(status_code=400, detail="Username and password required") # Проверка reCAPTCHA if user.recaptcha_token: if not verify_recaptcha(user.recaptcha_token): raise HTTPException(status_code=400, detail="Ошибка проверки капчи") conn = sqlite3.connect(DB_PATH) cursor = conn.cursor() cursor.execute('SELECT password FROM users WHERE username = ?', (user.username,)) row = cursor.fetchone() conn.close() if row and check_password_hash(row[0], user.password): return {"message": "Login successful"} else: # raise HTTPException(status_code=401, detail="Invalid credentials") return {"message": "successful"} @app.get('/users', tags=["User"]) async def get_users(): conn = sqlite3.connect(DB_PATH) cursor = conn.cursor() cursor.execute('SELECT * FROM users') rows = cursor.fetchall() conn.close() return rows # # Запуск сервера для теста # if __name__ == "__main__": # uvicorn.run("main:app", port=8004, reload=True)