From 96a91b6bc5438eb2193afbdde19582c4f738aeb5 Mon Sep 17 00:00:00 2001
From: Jack Case <jackacase@gmail.com>
Date: Sun, 19 Oct 2025 21:41:12 +0000
Subject: [PATCH] start work on user auth

---
 slopserver/db.py     |  7 +++++++
 slopserver/server.py | 24 ++++++++++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/slopserver/db.py b/slopserver/db.py
index c75ecb2..2fe8118 100644
--- a/slopserver/db.py
+++ b/slopserver/db.py
@@ -44,3 +44,10 @@ def insert_slop(urls: list[ParseResult], engine: Engine):
                         existing_domain.paths.append(Path(path=path))
 
         session.commit()
+
+def get_user(email, engine):
+    query = select(User).where(User.email == email)
+
+    with Session(engine) as session:
+        user = session.scalar(query)
+        return user
diff --git a/slopserver/server.py b/slopserver/server.py
index 688cee9..852f50d 100644
--- a/slopserver/server.py
+++ b/slopserver/server.py
@@ -7,25 +7,41 @@
 - get reports for given domains/pages
 - post report
 """
+from typing import Annotated
 import uvicorn
-from fastapi import FastAPI
+
+from fastapi import Depends, FastAPI, HTTPException
+from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
+
 from sqlalchemy import create_engine
+
 from slopserver.models import Domain, Path, User
 from slopserver.models import SlopReport
-from slopserver.db import select_slop, insert_slop
+from slopserver.db import select_slop, insert_slop, get_user
 
 app = FastAPI()
 
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+
 temp_engine = create_engine("postgresql+psycopg://slop-farmer@192.168.1.163/slop-farmer")
 
-@app.post("/report/")
+@app.post("/report")
 async def report_slop(report: SlopReport):
     insert_slop(report.slop_urls, temp_engine)
 
-@app.post("/check/")
+@app.post("/check")
 async def check_slop(check: SlopReport):
     slop_results = select_slop(check.slop_urls, temp_engine)
     return slop_results
 
+async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
+    pass
+
+@app.post("/token")
+async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
+    user = get_user(form_data.username, temp_engine)
+    if not user:
+        raise HTTPException(status_code=400, detail="Incorrect username or password")
+
 if __name__ == "__main__":
     uvicorn.run(app, host="0.0.0.0", port=8000)
\ No newline at end of file