harini

2026-05-26 11:25:49 +00:00 · 2025-07-25 23:58:20 +05:30
parent b70e81d201
commit 4d8061616d
112 changed files with 14445 additions and 59 deletions
@@ -1,71 +1,90 @@
 from flask import Blueprint, request, jsonify, current_app
 import jwt
 from datetime import datetime, timedelta
+import secrets

-bp = Blueprint('auth', __name__)
+bp = Blueprint("auth", __name__)

-@bp.route('/nonce', methods=['POST'])
+# Store nonces temporarily (in production, use Redis or database)
+nonces = {}
+
+@bp.route("/nonce", methods=["POST"])
 def get_nonce():
-    """Generate nonce for wallet signature"""
    data = request.get_json()
-    wallet_address = data.get('wallet_address')
+    wallet_address = data.get("wallet_address")
    
    if not wallet_address:
-        return jsonify({"error": "Wallet address required"}), 400
-    
-    web3_service = current_app.config['WEB3_SERVICE']
-    nonce = web3_service.generate_nonce()
+        return jsonify({"error": "wallet_address is required"}), 400
    
+    # Generate nonce
+    nonce = secrets.token_hex(16)
    message = f"Sign this message to authenticate with OpenLearnX: {nonce}"
    
-    return jsonify({
-        "nonce": nonce,
-        "message": message
-    })
+    # Store nonce for this wallet address
+    nonces[wallet_address.lower()] = nonce
+    
+    return jsonify({"nonce": nonce, "message": message})

-@bp.route('/verify', methods=['POST'])
-async def verify_signature():
-    """Verify MetaMask signature and create session"""
+@bp.route("/verify", methods=["POST"])
+def verify_signature():
    data = request.get_json()
-    wallet_address = data.get('wallet_address')
-    signature = data.get('signature')
-    message = data.get('message')
+    wallet_address = data.get("wallet_address", "").lower()
+    signature = data.get("signature")
+    message = data.get("message")
    
    if not all([wallet_address, signature, message]):
        return jsonify({"error": "Missing required fields"}), 400
    
-    web3_service = current_app.config['WEB3_SERVICE']
-    mongo_service = current_app.config['MONGO_SERVICE']
+    # Verify nonce
+    stored_nonce = nonces.get(wallet_address)
+    if not stored_nonce or stored_nonce not in message:
+        return jsonify({"error": "Invalid nonce"}), 400
    
-    # Verify signature
-    if not web3_service.verify_signature(wallet_address, message, signature):
-        return jsonify({"error": "Invalid signature"}), 401
-    
-    # Create or get user
-    user = await mongo_service.create_user(wallet_address)
-    await mongo_service.update_user_login(wallet_address)
-    
-    # Create JWT token
-    token_payload = {
-        'user_id': str(user['_id']),
-        'wallet_address': wallet_address,
-        'exp': datetime.utcnow() + timedelta(days=7)
-    }
-    
-    token = jwt.encode(
-        token_payload, 
-        current_app.config['SECRET_KEY'], 
-        algorithm='HS256'
-    )
-    
-    return jsonify({
-        "success": True,
-        "token": token,
-        "user": {
-            "id": str(user['_id']),
-            "wallet_address": user['wallet_address'],
-            "created_at": user['created_at'].isoformat(),
-            "total_tests": user.get('total_tests', 0),
-            "certificates": len(user.get('certificates', []))
+    try:
+        web3_service = current_app.config["WEB3_SERVICE"]
+        
+        # Verify signature
+        if not web3_service.verify_signature(wallet_address, message, signature):
+            return jsonify({"error": "Invalid signature"}), 401
+        
+        # For now, create a mock user without database operations
+        # This bypasses the async MongoDB issues entirely
+        user = {
+            "_id": f"user_{wallet_address}",
+            "wallet_address": wallet_address,
+            "created_at": datetime.utcnow(),
+            "total_tests": 0,
+            "certificates": []
        }
-    })
+        
+        # Create JWT token
+        token_payload = {
+            "user_id": str(user["_id"]),
+            "wallet_address": wallet_address,
+            "exp": datetime.utcnow() + timedelta(days=7)
+        }
+        
+        token = jwt.encode(
+            token_payload, 
+            current_app.config["SECRET_KEY"], 
+            algorithm="HS256"
+        )
+        
+        # Clean up nonce
+        if wallet_address in nonces:
+            del nonces[wallet_address]
+        
+        return jsonify({
+            "success": True,
+            "token": token,
+            "user": {
+                "id": str(user["_id"]),
+                "wallet_address": user["wallet_address"],
+                "total_tests": user.get("total_tests", 0),
+                "certificates": len(user.get("certificates", []))
+            }
+        })
+        
+    except Exception as e:
+        print(f"Authentication error: {str(e)}")
+        return jsonify({"error": "Authentication failed"}), 500