refacto name

server/src/app/api/v1/knowledges.py

@@ -4,8 +4,8 @@ from fastapi import APIRouter
 from src.app.models.knowledge import Knowledge
 from src.app.models.question import Question
 
-from src.app.crud.crud_knowledges import create_knowledge, read_knowledges, read_knowledge, update_knowledge, delete_knowledge
-from src.app.crud.crud_questions import read_questions as read_questions_crud, create_question
+from src.app.data.knowledge import create_knowledge, read_knowledges, read_knowledge, update_knowledge, delete_knowledge
+from src.app.data.question import read_questions as read_questions_crud, create_question
 
 from src.app.services.language_generation import questions_generation
 

server/src/app/api/v1/metrics.py

@@ -1,7 +1,7 @@
 from fastapi import APIRouter
 
 from src.app.models.metric import Metric
-from src.app.crud.crud_metrics import create_metric
+from src.app.data.metric import create_metric
 
 router = APIRouter(tags=["metrics"])
 

server/src/app/api/v1/users.py

@@ -5,7 +5,7 @@ from fastapi.security import OAuth2PasswordRequestForm, OAuth2PasswordBearer
 from datetime import timedelta
 
 from src.app.models.user import User
-from src.app.crud.crud_user import create_user
+from src.app.data.user import create_user
 from src.app.services.auth import get_current_user, authenticate_user, create_access_token, hash_password, Token
 
 router = APIRouter(tags=["users"])

server/src/app/data/question.py

@@ -22,18 +22,6 @@ def read_question(question_id: int):
         question = session.get(Question, question_id)
     return question
 
-# #TODO adapt logic with args
-# def update_question(question_id: int, content: str, uri: str):
-#     with Session(engine) as session:
-#         question = session.get(Question, question_id)
-#         question.content = content if content else question.content
-#         question.uri = uri if uri else question.uri 
-        
-#         session.add(question)
-#         session.commit()
-#         session.refresh(question)
-
-#TODO : test
 def delete_question(question_id: int):
     with Session(engine) as session:
         question = session.get(Question, question_id)

server/src/app/faker_seed.py

@@ -1,9 +1,9 @@
 from src.app.models.knowledge import Knowledge
-from src.app.crud.crud_knowledges import create_knowledge
+from src.app.data.knowledge import create_knowledge
 from src.app.models.question import Question
-from src.app.crud.crud_questions import create_question
+from src.app.data.question import create_question
 from src.app.models.metric import Metric
-from src.app.crud.crud_metrics import create_metric
+from src.app.data.metric import create_metric
 
 def faker():
     knowledge1 = Knowledge(content="La connaissance est une notion aux sens multiples, à la fois utilisée dans le langage courant et objet d'étude poussée de la part des sciences cognitives et des philosophes contemporains. ", uri="https://fr.wikipedia.org/wiki/Connaissance")

server/src/app/services/auth.py

@@ -5,25 +5,29 @@ from datetime import timedelta, datetime, timezone
 from typing import Annotated
 from pydantic import BaseModel
 
-
-import jwt
-from jwt.exceptions import InvalidTokenError
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
-
+import jwt
+from jwt.exceptions import InvalidTokenError
 from argon2 import PasswordHasher
+from argon2.exceptions import (
+    VerifyMismatchError,
+    VerificationError,
+    InvalidHashError,
+)
 
 from src.app.models.user import User
-from src.app.crud.crud_user import get_user
-
+from src.app.data.user import get_user
 
 load_dotenv()
-secret_key = os.environ.get("SECRET")
-algorithm = "HS256"
-access_token_expire_minutes = 10080
+
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/token")
 password_hasher = PasswordHasher()
 
+secret_key = os.environ.get("SECRET_SIGN")
+algorithm = "HS256"
+access_token_expire_minutes = 10080
+
 class Token(BaseModel):
     access_token: str
     token_type: str
@@ -34,7 +38,8 @@ class TokenData(BaseModel):
 def authenticate_user(username: str, password: str):
     user: User = get_user(username)
     if not user:
-        verify_password(password, user.hashed_password)
+        # Add timing to prevent attack
+        password_hasher.hash(password)
         return False
     if not verify_password(password, user.hashed_password):
         return False
@@ -43,10 +48,9 @@ def authenticate_user(username: str, password: str):
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     isValidated: bool = False
     try:
-        isValidated = password_hasher.verify(hashed_password, plain_password)
-    except:
-        isValidated = False
-    return isValidated
+        return password_hasher.verify(hashed_password, plain_password)
+    except (VerifyMismatchError, VerificationError, InvalidHashError):
+        return False
 
 def create_access_token(data: dict):
         expire = datetime.now(timezone.utc) + timedelta(minutes=access_token_expire_minutes)
@@ -65,7 +69,7 @@ async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]) -> Use
         headers={"WWW-Authenticate": "Bearer"},
     )
     try: 
-        payload = jwt.decode(token, secret_key, algorithm)
+        payload = jwt.decode(token, secret_key, algorithms=[algorithm])
         username = payload.get("sub")
         if username is None:
             raise credentials_exception