From 3197b6088be439ee77c8a41e836c1be54700e1fe Mon Sep 17 00:00:00 2001
From: Keith Stevens <fozziethebeat@gmail.com>
Date: Sat, 28 Jan 2023 19:35:40 +0900
Subject: [PATCH] Using more pydantic features in the backend and fixing env
 issues on the website

---
 backend/oasst_backend/api/v1/auth.py | 9 +++------
 backend/requirements.txt             | 1 +
 website/.env                         | 3 +++
 website/src/pages/dashboard.tsx      | 2 +-
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/backend/oasst_backend/api/v1/auth.py b/backend/oasst_backend/api/v1/auth.py
index 888be410..838b0f52 100644
--- a/backend/oasst_backend/api/v1/auth.py
+++ b/backend/oasst_backend/api/v1/auth.py
@@ -1,4 +1,3 @@
-import json
 from typing import Union
 
 from cryptography.hazmat.primitives import hashes
@@ -7,7 +6,7 @@ from fastapi import APIRouter, Depends, Security
 from fastapi.security import APIKeyCookie
 from jose import jwe
 from oasst_backend.config import settings
-from pydantic import BaseModel
+from pydantic import BaseModel, EmailStr
 
 router = APIRouter()
 
@@ -19,7 +18,7 @@ class TokenData(BaseModel):
     A minimal re-creation of the web's token type.  To be expanded later.
     """
 
-    email: Union[str, None] = None
+    email: Union[EmailStr, None] = None
 
 
 async def get_current_user(token: str = Security(oauth2_scheme)):
@@ -38,9 +37,7 @@ async def get_current_user(token: str = Security(oauth2_scheme)):
     # Next we decrypt the JWE token.
     payload = jwe.decrypt(token, key)
     # Finally we have the real token JSON payload and can do whatever we want.
-    content = json.loads(payload)
-    email = content["email"]
-    return TokenData(email=email)
+    return TokenData.parse_raw(payload)
 
 
 @router.get("/check", response_model=str)
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 1f66fe09..4a112bc8 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -7,6 +7,7 @@ loguru==0.6.0
 numpy==1.22.4
 psycopg2-binary==2.9.5
 pydantic==1.9.1
+pydantic[email]==1.9.1
 python-dotenv==0.21.0
 python-jose[cryptography]==3.3.0
 redis
diff --git a/website/.env b/website/.env
index 65d8b88e..18cbfcde 100644
--- a/website/.env
+++ b/website/.env
@@ -7,6 +7,9 @@ DATABASE_URL=postgres://postgres:postgres@localhost:5433/oasst_web
 FASTAPI_URL=http://localhost:8080
 FASTAPI_KEY=1234
 
+# Used to expose the backend url to the clientside javascript
+NEXT_PUBLIC_BACKEND_URL=$FASTAPI_URL
+
 # A dev Auth Secret.  Can be exposed if we never use this publicly.
 NEXTAUTH_SECRET=O/M2uIbGj+lDD2oyNa8ax4jEOJqCPJzO53UbWShmq98=
 
diff --git a/website/src/pages/dashboard.tsx b/website/src/pages/dashboard.tsx
index caa41c14..dbba3c8a 100644
--- a/website/src/pages/dashboard.tsx
+++ b/website/src/pages/dashboard.tsx
@@ -12,7 +12,7 @@ import useSWR from "swr";
 
 const Dashboard = () => {
   // Adding a demonstrative call to the backend that includes the web's JWT.
-  useSWR(`${process.env.FASTAPI_URL}/api/v1/auth/check`, get);
+  useSWR(`${process.env.NEXT_PUBLIC_BACKEND_URL}/api/v1/auth/check`, get);
 
   const {
     t,