api impl

api/auth.py

@@ -0,0 +1,42 @@
+#api/auth.py
+from flask import Blueprint, session, redirect, url_for, jsonify
+from authlib.integrations.flask_client import OAuth
+import env_provider
+auth_bp = Blueprint('auth', __name__, url_prefix='/api')
+
+oauth = OAuth()
+keycloak = oauth.register(
+    'keycloak',
+    client_id=env_provider.CLIENT_ID,
+    client_secret=env_provider.CLIENT_SECRET,
+    server_metadata_url="https://login.hangman-lab.top/auth/realms/Hangman-Lab/.well-known/openid-configuration",
+    client_kwargs={"scope": "openid email profile"},
+)
+
+@auth_bp.route('/login', methods=['GET'])
+def login():
+    redirect_uri = url_for("auth.authorize", _external=True)
+    return keycloak.authorize_redirect(redirect_uri)
+
+@auth_bp.route('/authorize', methods=['GET'])
+def authorize():
+    try:
+        token = keycloak.authorize_access_token()
+        user_info = keycloak.parse_id_token(token)
+        session['user'] = user_info
+        return jsonify({"message": "login successful", "user": user_info})
+    except Exception as e:
+        return jsonify({"error": "Authorization failed"}), 401
+@auth_bp.route('/logout', methods=['GET'])
+def logout():
+    session.pop('user', None)
+    logout_url = "https://login.hangman-lab.top/auth/realms/Hangman-Lab/protocol/openid-connect/logout"
+    return redirect(logout_url)
+
+@auth_bp.route("/user", methods=["GET"])
+def user():
+    u = session.get('user')
+    if not u:
+        return jsonify({"username": "guest", "role": "guest"})
+    return jsonify(u)
+