4 files changed, 0 insertions, 245 deletions

diff --git a/src/frest/auth/__init__.py b/src/frest/auth/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/src/frest/auth/__init__.py
+++ /dev/null
diff --git a/src/frest/auth/forms.py b/src/frest/auth/forms.py
deleted file mode 100644
index abc2f49..0000000
--- a/src/frest/auth/forms.py
+++ /dev/null
@@ -1,10 +0,0 @@
-from .models import User
-from forms import ModelForm
-
-
-class UserForm(ModelForm):
-    model = User
-
-    def __init__(self, data):
-        super().__init__(self.model)
-        self.data = data
diff --git a/src/frest/auth/models.py b/src/frest/auth/models.py
deleted file mode 100644
index ea79def..0000000
--- a/src/frest/auth/models.py
+++ /dev/null
@@ -1,52 +0,0 @@
-from database import db
-from datetime import datetime
-import string
-import random
-from hashlib import sha256
-from pytz import timezone
-import os
-
-
-def generate_token():
-    chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
-    return "".join(random.choice(chars) for _ in range(18))
-
-
-class User(db.Model):
-    userId = db.Column(db.Integer, primary_key=True)
-    email = db.Column(db.String(30))
-    password = db.Column(db.String(30))
-    is_admin = db.Column(db.Boolean, default=False)
-    name = db.Column(db.String(30))
-    created_at = db.Column(db.DateTime)
-
-    def __init__(self, **kwargs):
-        self.email = kwargs.get("email")
-        psw_hash = sha256(kwargs.get("password").encode())
-        self.password = psw_hash.hexdigest()
-        self.name = kwargs.get("name")
-        self.is_admin = kwargs.get("is_admin")
-        self.created_at = datetime.now(
-            timezone(os.getenv("FREST_TIMEZONE", "Europe/Rome"))
-        )
-
-    def __repr__(self):
-        return f"<User '{self.userId}'>"
-
-
-class Token(db.Model):
-    tokenId = db.Column(db.Integer, primary_key=True)
-    string = db.Column(db.String(20))
-    created_at = db.Column(db.DateTime)
-    expired = db.Column(db.Boolean)
-    user_id = db.Column(db.Integer, db.ForeignKey("user.userId"), nullable=False)
-    user = db.relationship("User", backref=db.backref("tokens", lazy=True))
-
-    def __init__(self, user):
-        self.user = user
-        self.string = f"{generate_token()}=="
-        self.created_at = datetime.utcnow()
-        self.expired = False
-
-        def __repr__(self):
-            return f"<Token '{self.string}'>"
diff --git a/src/frest/auth/routes.py b/src/frest/auth/routes.py
deleted file mode 100644
index 66bd8f5..0000000
--- a/src/frest/auth/routes.py
+++ /dev/null
@@ -1,183 +0,0 @@
-from flask import Blueprint, request, abort
-from utils import http_call, model_serialize
-from decorators import check_token, admin_required
-from .models import User, Token
-from .forms import UserForm
-from database import db
-from hashlib import sha256
-from sqlalchemy import desc
-
-api = Blueprint("users", __name__)
-
-
-@api.route("/api/login", methods=["POST"])
-def login():
-    if not request.json:
-        abort(400)
-
-    data = request.json
-
-    auth = request.headers.get("Authorization")
-    if auth:
-        t = Token.query.filter_by(string=auth).first()
-        if not t:
-            abort(404)
-
-        if t.user.is_admin:
-            return http_call(
-                {"userId": t.user.userId, "login": True, "token": t.string}, 200
-            )
-        else:
-            abort(403)
-
-    if "email" in data and "password" in data:
-        psw_hash = sha256(data["password"].encode())
-        data["password"] = psw_hash.hexdigest()
-        u = User.query.filter_by(email=data["email"], password=data["password"]).first()
-
-        if not u:
-            abort(404)
-
-        if "is_admin" in data:
-            if u.is_admin == 0:
-                abort(403)
-
-        last_token = (
-            Token.query.filter_by(user=u).order_by(desc(Token.tokenId)).all()[-1]
-        )
-        last_token.expired = True
-
-        t = Token(user=u)
-
-        db.session.add(t)
-        db.session.commit()
-
-        return http_call({"userId": u.userId, "login": True, "token": t.string}, 200)
-
-    abort(404)
-
-
-@api.route("/api/user/hash_password", methods=["GET"])
-def hash_password_exists():
-    data = request.args
-    if not data.get("hash_password"):
-        abort(400)
-
-    if User.query.filter_by(password=data["hash_password"]):
-        return http_call({}, 200)
-
-    return http_call({}, 404)
-
-
-@api.route("/api/user/new-password/<alias>", methods=["PUT"])
-def new_user_password(alias):
-    data = request.json
-    if not data.get("password"):
-        abort(400)
-
-    u = User.query.filter_by(password=alias).first()
-
-    if not u:
-        abort(404)
-
-    u.password = sha256(data["password"].encode()).hexdigest()
-    db.session.commit()
-
-    return http_call({}, 200)
-
-
-@api.route("/api/user", methods=["POST"])
-def new_user():
-    if not request.json:
-        abort(400)
-
-    form = UserForm(request.json)
-
-    if not form.get("is_admin") or form.is_valid():
-        if User.query.filter_by(email=form.get("email")).first():
-            abort(400)
-
-        u = User(
-            email=form.get("email"),
-            password=form.get("password"),
-            name=form.get("name"),
-            is_admin=form.get("is_admin"),
-        )
-        t = Token(user=u)
-        db.session.add(u)
-        db.session.add(t)
-
-        db.session.commit()
-
-        return http_call({"userId": u.userId, "token": t.string}, 201)
-
-    abort(400)
-
-
-@api.route("/api/users")
-@check_token
-@admin_required
-def all_users():
-    return http_call(
-        [
-            model_serialize(i, params="userId,email,is_admin,name,created_at")
-            for i in User.query.all()
-        ],
-        200,
-    )
-
-
-@api.route("/api/user/<int:userId>")
-@check_token
-def get_user(userId):
-    return http_call(
-        model_serialize(
-            User.query.filter_by(userId=userId).first(),
-            params="userId,email,is_admin,name,created_at",
-        ),
-        200,
-    )
-
-
-@api.route("/api/user/<userId>", methods=["DELETE"])
-@check_token
-def delete_user(userId):
-    u = User.query.filter_by(userId=userId)
-    if not u:
-        abort(404)
-
-    deleted = u.delete()
-    db.session.commit()
-
-    return http_call({"delete": deleted}, 200)
-
-
-@api.route("/api/user/<userId>", methods=["PUT"])
-@check_token
-def edit_user(userId):
-    if not request.json:
-        abort(400)
-
-    form = UserForm(request.json)
-    u = User.query.filter_by(userId=userId).first()
-    if not u:
-        abort(400)
-
-    if form.get("password"):
-        psw = True 
-    else:
-        psw = False
-
-    if not psw or not form.get("is_admin") or form.is_valid():
-        u.name = form.get("name")
-        u.email = form.get("email")
-        u.is_admin = form.get("is_admin")
-        if psw:
-            crypt_psw = sha256(form.get("password").encode()).hexdigest()
-            u.password = crypt_psw
-
-        db.session.commit()
-
-        return http_call({"userId": u.userId}, 200)
-
-    abort(400)