prefeitura-rio · TanookiVerde · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024
diff --git a/app/routers/auth.py b/app/routers/auth.py
@@ -7,6 +7,7 @@
 from fastapi.responses import StreamingResponse
 
 from app.models import User
+from app.types.frontend import LoginFormWith2FA
 from app.types.pydantic_models import Token, Enable2FA
 from app.utils import authenticate_user, generate_user_token
 from app.security import TwoFactorAuth
@@ -61,8 +62,7 @@ async def is_2fa_active(
 
 @router.post("/2fa/login/")
 async def login_with_2fa(
-    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
-    totp_code: str,
+    form_data: Annotated[LoginFormWith2FA, Depends()],
 ) -> Token:
 
     user = await authenticate_user(form_data.username, form_data.password)
@@ -76,7 +76,7 @@ async def login_with_2fa(
     secret_key = await TwoFactorAuth.get_or_create_secret_key(user.id)
     two_factor_auth = TwoFactorAuth(user.id, secret_key)
 
-    is_valid = two_factor_auth.verify_totp_code(totp_code)
+    is_valid = two_factor_auth.verify_totp_code(form_data.totp_code)
     if not is_valid:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,

diff --git a/app/routers/frontend.py b/app/routers/frontend.py
@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 from typing import Annotated, List
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, Request
 from tortoise.exceptions import ValidationError
-
+from fastapi_simple_rate_limiter import rate_limiter
 from app.dependencies import (
     get_current_frontend_user
 )
@@ -45,9 +45,11 @@ async def get_user_info(
 
 
 @router.get("/patient/header/{cpf}")
+@rate_limiter(limit=5, seconds=60)
 async def get_patient_header(
     _: Annotated[User, Depends(get_current_frontend_user)],
     cpf: str,
+    request: Request,
 ) -> PatientHeader:
     validator = CPFValidator()
     try:
@@ -59,7 +61,7 @@ async def get_patient_header(
         f"""
         SELECT *
         FROM `{BIGQUERY_PROJECT}`.{BIGQUERY_PATIENT_HEADER_TABLE_ID}
-        WHERE cpf = '{cpf}'
+        WHERE cpf_particao = {cpf}
         """,
         from_file="/tmp/credentials.json",
     )
@@ -79,16 +81,18 @@ async def get_patient_header(
 
 
 @router.get("/patient/summary/{cpf}")
+@rate_limiter(limit=5, seconds=60)
 async def get_patient_summary(
     _: Annotated[User, Depends(get_current_frontend_user)],
     cpf: str,
+    request: Request,
 ) -> PatientSummary:
 
     results = await read_bq(
         f"""
         SELECT *
         FROM `{BIGQUERY_PROJECT}`.{BIGQUERY_PATIENT_SUMMARY_TABLE_ID}
-        WHERE cpf = '{cpf}'
+        WHERE cpf_particao = {cpf}
         """,
         from_file="/tmp/credentials.json",
     )
@@ -114,16 +118,18 @@ async def get_filter_tags(
 
 
 @router.get("/patient/encounters/{cpf}")
+@rate_limiter(limit=5, seconds=60)
 async def get_patient_encounters(
     _: Annotated[User, Depends(get_current_frontend_user)],
     cpf: str,
+    request: Request,
 ) -> List[Encounter]:
 
     results = await read_bq(
         f"""
         SELECT *
         FROM `{BIGQUERY_PROJECT}`.{BIGQUERY_PATIENT_ENCOUNTERS_TABLE_ID}
-        WHERE cpf = '{cpf}' and exibicao.indicador = true
+        WHERE cpf_particao = {cpf} and exibicao.indicador = true
         """,
         from_file="/tmp/credentials.json",
     )

diff --git a/app/types/frontend.py b/app/types/frontend.py
@@ -2,6 +2,19 @@
 from typing import Optional, List
 from pydantic import BaseModel
 
+from fastapi.security import OAuth2PasswordRequestForm
+
+
+class LoginFormWith2FA(OAuth2PasswordRequestForm):
+    def __init__(
+        self,
+        username: str,
+        password: str,
+        totp_code: str,
+    ):
+        super().__init__(username=username, password=password)
+        self.totp_code = totp_code
+
 
 # Clinic Family model
 class FamilyClinic(BaseModel):
@@ -16,11 +29,13 @@ class FamilyHealthTeam(BaseModel):
     name: Optional[str]
     phone: Optional[str]
 
+
 # Clinical Exam Model
 class ClinicalExam(BaseModel):
     type: str
     description: Optional[str]
 
+
 # Medical Conditions model
 class PatientSummary(BaseModel):
     allergies: List[str]
@@ -29,7 +44,7 @@ class PatientSummary(BaseModel):
 
 # Responsible model
 class Responsible(BaseModel):
-    name: str
+    name: Optional[str]  # Temporary
     role: str
 
 
@@ -40,7 +55,7 @@ class Encounter(BaseModel):
     location: str
     type: str
     subtype: Optional[str]
-    exhibition_type: str = 'default'
+    exhibition_type: str = "default"
     active_cids: List[str]
     responsible: Optional[Responsible]
     clinical_motivation: Optional[str]
@@ -56,8 +71,9 @@ class UserInfo(BaseModel):
     email: Optional[str]
     role: Optional[str]
 
+
 class Professional(BaseModel):
-    name: str
+    name: Optional[str]
     registry: Optional[str]
 
 

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -33,6 +33,7 @@ nltk = "^3.9.1"
 asyncer = "^0.0.8"
 qrcode = "^7.4.2"
 pyotp = "^2.9.0"
+fastapi-simple-rate-limiter = "^0.0.4"
 
 
 [tool.poetry.group.dev.dependencies]