iddlmZddlmZddlmZddlmZmZmZddl Z ddl m Z ddl Z ddl Z ddlmZdZdd Zdd Zdd Zed GddZedZddZddZddZddZddZddddd dZy)!) annotations)contextmanager) dataclass)datetime timedeltatimezoneNPath) get_settings) prenotazionimenuhomemadecHtjtjSN)rnowrutc'apps/ordini/backend/app/core/tenancy.py_utcnowrs << %%rc>|jjSr)striplower)values r_normalize_lookuprs ;;=    rc` |jdd\}}}}|dk7ry t|}tj |}tj |}t j d|jd||} tj| |S#t$rYywxYw#t$rYywxYw)N$F pbkdf2_sha256sha256zutf-8) split ValueErrorintbytesfromhexhashlib pbkdf2_hmacencodesecretscompare_digest) password stored_hash algorithmraw_iterationssalt_hex digest_hex iterationssaltexpected_digest candidates r_verify_passwordr5s:E:K:KCQR:S7 >8ZO#( }}X&-- 3##Hhoog.FjYI  ! !)_ ==  s"B5B! BB! B-,B-T)frozenceZdZUded<ded<ded<ded<ded<ded<ded <ded <ded <d ed <ded<ded<ded<y) AuthContextstrtoken tenant_id tenant_slug tenant_nameuser_id user_email str | Noneusername user_nameroleztuple[str, ...] permissions database_url default_staffsourceN)__name__ __module__ __qualname____annotations__rrrr8r8,sJ JN LO I   Krr8c#Kt}t|j}|jsdyt j |}tj |_ ||jy#|jwxYwwr) r r tenancy_registry_databaseexistssqlite3connectRow row_factoryclose)settings registry_path connections r_connect_registryrW=sn~H;;r?rArBrCrDrErFrG)r r8rFrE)r:rTs r_build_legacy_contextreQsO~H !##((( c**,, rc|dxs"|dxs|dxstjj}d|jvr|dnd}t }|ddvrd}n||ddk(rt n t }n} d dl}|j|}t|trWg}|D]E}t|xsd jj} | r| |vr5|j| Gt |}t||d |d |d|d |d|d|d|d|t|d|xstjd S#t$rd}YwxYw)NrBrAr=permissions_jsonrC>r^ super_adminr_staffrr;r<r>r? database_pathtenantrd)r rFrkeystupleDEFAULT_STAFF_PERMISSIONSjsonloads Exception isinstancelistr9rappendr8rZ) rowr:rFrgrDrpparsed normalizeditemrs r_row_to_contextrzds%nZnC ?#C|~'C'C  F sE EEc|jd|fj}|ytj|d}|t kr$|jd|f|j yt ||S)Na SELECT sessions.token, sessions.tenant_id, sessions.user_id, sessions.expires_at, tenants.slug AS tenant_slug, tenants.name AS tenant_name, tenants.database_path AS database_path, users.email AS user_email, users.username AS username, users.name AS user_name, users.role AS role, users.permissions_json AS permissions_json FROM sessions JOIN tenants ON tenants.id = sessions.tenant_id JOIN users ON users.id = sessions.user_id WHERE sessions.token = ? LIMIT 1 expires_atz$DELETE FROM sessions WHERE token = ?)executefetchoner fromisoformatrcommitrz)rVr:rvr|s r_resolve_session_from_registryrs    ( + ,hj-0 {''L(9:JGIAE8L 3 &&rct}|jr||jk(r t|St5}| dddyt ||cdddS#1swYyxYwr)r api_tokenrerWr)r:rTrVs r resolve_tokenrsl~Hex'9'99$U++  A  AA.j%@ AAAsA AA&) identifierr+ session_tokenc t}|r(t|j}||Std|xsdj}|xsdj}|r|rt 5}||j dt |t |fj}|t||drtjd} tj} tt|jzj} |j d| |d|d | | f|jt!|| cdddSdddtd td #1swYtd xYw) NzSessione gestionale non valida.rjaL SELECT users.id AS user_id, users.tenant_id AS tenant_id, users.email AS user_email, users.username AS username, users.name AS user_name, users.role AS role, users.permissions_json AS permissions_json, users.password_hash AS password_hash, tenants.slug AS tenant_slug, tenants.name AS tenant_name, tenants.database_path AS database_path FROM users JOIN tenants ON tenants.id = users.tenant_id WHERE lower(users.email) = ? OR lower(users.username) = ? LIMIT 1 password_hash )hoursz INSERT INTO sessions (token, tenant_id, user_id, created_at, expires_at) VALUES (?, ?, ?, ?, ?) r;r>zCredenziali non valide.zCInserisci le credenziali del gestionale oppure una sessione valida.)r rrr"rWr}rr~r5r) token_urlsafer isoformatrtenancy_session_duration_hoursrrz) rr+rrTcontextnormalized_identifiernormalized_passwordrVuserr: created_atr|s rauthenticate_loginrs~H 3 3 56  N:;;'-2446#>r002!4  $ 8J%!))$''<=?PQf?gh'((*),#(89LdSbNc(d#11"5E!(!4!4!6J"))ih>e>e.f"f!q!q!sJ&&[ 14 ?JPZ[ %%'*47I$ 8$ 8$ 8L233 Z [[Q$ 8L233s -CE11F)returnr)rr9rr9)r+r9r,r9rbool)rYr9rr9)r:r9rr8)rvz sqlite3.Rowr:r9rr8)rVzsqlite3.Connectionr:r9rAuthContext | None)r:r9rr)rr@r+r@rr@rr8) __future__r contextlibr dataclassesrrrrr&pathlibr r)rOapp.core.configr rorrr5r8rWrZrerzrrrrrrrs"%!22(@&!>( $      %&&R"'J A48PTrv4\r