|
|
|
|
|
|
|
|
from flask import Blueprint |
|
|
from .auth_controller import register, login, get_user_info, update_user_info, delete_user |
|
|
from flask import jsonify |
|
|
|
|
|
|
|
|
auth_bp = Blueprint('auth', __name__) |
|
|
|
|
|
|
|
|
|
|
|
@auth_bp.route('/register', methods=['POST']) |
|
|
def register_user(): |
|
|
""" |
|
|
Route for registering a new user. |
|
|
This expects a POST request with a JSON payload containing: |
|
|
{ |
|
|
"username": "user1", |
|
|
"password": "password123", |
|
|
"role": "user" # Optional, default is "user" |
|
|
} |
|
|
Returns: |
|
|
- Success message and user ID if successful (201 Created) |
|
|
- Error message if user already exists or invalid request (400 Bad Request) |
|
|
""" |
|
|
return register() |
|
|
|
|
|
|
|
|
@auth_bp.route('/login', methods=['POST']) |
|
|
def login_user(): |
|
|
""" |
|
|
Route for logging in an existing user. |
|
|
This expects a POST request with a JSON payload containing: |
|
|
{ |
|
|
"username": "user1", |
|
|
"password": "password123" |
|
|
} |
|
|
Returns: |
|
|
- JWT token if login is successful (200 OK) |
|
|
- Error message if credentials are incorrect or user not found (401 Unauthorized / 404 Not Found) |
|
|
""" |
|
|
return login() |
|
|
|
|
|
|
|
|
@auth_bp.route('/user-info', methods=['GET']) |
|
|
def get_user_details(): |
|
|
""" |
|
|
Route for getting the authenticated user's information. |
|
|
Requires the JWT token in the `x-access-token` header. |
|
|
Returns: |
|
|
- User information such as username, role, and creation date (200 OK) |
|
|
- Error message if the token is missing or invalid (401 Unauthorized) |
|
|
""" |
|
|
return get_user_info() |
|
|
|
|
|
|
|
|
@auth_bp.route('/update-user', methods=['PUT']) |
|
|
def update_user(): |
|
|
""" |
|
|
Route for updating a user's information. |
|
|
Only accessible by managers. |
|
|
Expects a PUT request with a JSON payload containing: |
|
|
{ |
|
|
"user_id": "the user's MongoDB ObjectId", |
|
|
"username": "newUsername" # Optional |
|
|
"role": "manager" # Optional, can be "user" or "manager" |
|
|
} |
|
|
Requires the JWT token in the `x-access-token` header. |
|
|
Returns: |
|
|
- Success message if update is successful (200 OK) |
|
|
- Error message if the user is not found or permission is denied (403 Forbidden / 404 Not Found) |
|
|
""" |
|
|
return update_user_info() |
|
|
|
|
|
|
|
|
@auth_bp.route('/delete-user', methods=['DELETE']) |
|
|
def remove_user(): |
|
|
""" |
|
|
Route for deleting a user from the system. |
|
|
Only accessible by managers. |
|
|
Expects a DELETE request with a JSON payload containing: |
|
|
{ |
|
|
"user_id": "the user's MongoDB ObjectId" |
|
|
} |
|
|
Requires the JWT token in the `x-access-token` header. |
|
|
Returns: |
|
|
- Success message if deletion is successful (200 OK) |
|
|
- Error message if the user is not found or permission is denied (403 Forbidden / 404 Not Found) |
|
|
""" |
|
|
return delete_user() |
|
|
|
