Compare commits
27 Commits
7e9346ec4d
...
dev1
| Author | SHA1 | Date | |
|---|---|---|---|
|
88ace64d13 | ||
|
|
9decb7591e | ||
|
|
41c64127a5 | ||
|
|
ac28f9b420 | ||
|
|
91daaf9275 | ||
|
|
64dcc77518 | ||
|
|
ddaa5b0c74 | ||
|
|
23927e5347 | ||
|
|
67a570ceac | ||
|
|
966b59ff20 | ||
|
|
b87c37b149 | ||
|
|
4e47ce80fd | ||
|
|
f4e46bef22 | ||
|
|
3dc36a2f25 | ||
|
|
408e32d05f | ||
|
|
42b8c3a2c9 | ||
|
|
c3bfb9cb6a | ||
|
|
cd51902313 | ||
|
|
8620e9b5a1 | ||
|
|
9099120ee2 | ||
|
|
c642b89581 | ||
|
|
e0cddbdd34 | ||
|
|
0de7d63817 | ||
|
|
c18487e22a | ||
|
|
c35416bece | ||
|
|
6fa74bffe8 | ||
|
|
7fe13be684 |
@@ -5,9 +5,7 @@ from fastapi import Depends, Query
|
||||
from fastapi.exceptions import HTTPException
|
||||
from pydantic import BaseModel, model_validator
|
||||
|
||||
from src.schemas.tasks import TaskFilter
|
||||
|
||||
TaskFilterDep = Annotated[TaskFilter, Depends()]
|
||||
from src.schemas.tasks import PriorityEnum, StatusEnum
|
||||
|
||||
|
||||
class Date(BaseModel):
|
||||
@@ -23,4 +21,21 @@ class Date(BaseModel):
|
||||
return self
|
||||
|
||||
|
||||
DateDep = Annotated[Date, Depends()]
|
||||
class Page(BaseModel):
|
||||
limit: int = Query(default=30, ge=1, le=100)
|
||||
page: int | None = Query(default=1, ge=1)
|
||||
|
||||
|
||||
class Status(BaseModel):
|
||||
status: StatusEnum | None = Query(default=None)
|
||||
|
||||
|
||||
class Priority(BaseModel):
|
||||
priority: PriorityEnum | None = Query(default=None)
|
||||
|
||||
|
||||
class Filters(Date, Status, Priority, Page):
|
||||
pass
|
||||
|
||||
|
||||
FilterDep = Annotated[Filters, Depends()]
|
||||
|
||||
@@ -1,86 +1,63 @@
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import Depends, HTTPException, Path
|
||||
from fastapi.security import OAuth2PasswordBearer
|
||||
from fastapi import Depends, HTTPException
|
||||
from fastapi.security import (
|
||||
HTTPAuthorizationCredentials,
|
||||
HTTPBearer,
|
||||
OAuth2PasswordBearer,
|
||||
)
|
||||
from jwt import InvalidTokenError
|
||||
|
||||
from src.api.dependacies.db_dep import sessionDep
|
||||
from src.core.auth_manager import AuthManager
|
||||
from src.core.settings import settings
|
||||
from src.schemas.auth import TokenData
|
||||
from src.services.tasks import TaskService
|
||||
from src.services.users import UserService
|
||||
|
||||
http_bearer = HTTPBearer(auto_error=False)
|
||||
|
||||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.api.v1_login_url}/login")
|
||||
AccessTokenDep = Annotated[HTTPAuthorizationCredentials, Depends(http_bearer)]
|
||||
|
||||
|
||||
async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
|
||||
async def get_current_user(
|
||||
token: AccessTokenDep, verify_exp: bool = True, check_active: bool = False
|
||||
):
|
||||
credentials_exception = HTTPException(
|
||||
status_code=401,
|
||||
detail="Could not validate credentials",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
try:
|
||||
payload = AuthManager.decode_access_token(token=token)
|
||||
payload = AuthManager.decode_access_token(token.credentials, verify_exp)
|
||||
if payload is None:
|
||||
raise credentials_exception
|
||||
user = TokenData(**payload)
|
||||
except InvalidTokenError:
|
||||
if check_active and not user.is_active:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
except (InvalidTokenError, AttributeError):
|
||||
raise credentials_exception
|
||||
return user
|
||||
|
||||
|
||||
CurrentUser = Annotated[TokenData, Depends(get_current_user)]
|
||||
async def get_current_user_basic(token: AccessTokenDep):
|
||||
return await get_current_user(token, verify_exp=True, check_active=False)
|
||||
|
||||
|
||||
def get_current_active_user(
|
||||
current_user: CurrentUser,
|
||||
):
|
||||
if not current_user.is_active:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
return current_user
|
||||
async def get_current_active_user(token: AccessTokenDep):
|
||||
return await get_current_user(token, verify_exp=True, check_active=True)
|
||||
|
||||
|
||||
ActiveUser = Annotated[TokenData, Depends(get_current_active_user)]
|
||||
async def get_current_user_for_refresh(token: AccessTokenDep):
|
||||
return await get_current_user(token, verify_exp=False, check_active=True)
|
||||
|
||||
|
||||
async def get_admin_user(db: sessionDep, current_user: ActiveUser):
|
||||
await UserService(db).validate_admin_user(current_user.sub)
|
||||
return current_user
|
||||
|
||||
|
||||
AdminUser = Annotated[TokenData, Depends(get_admin_user)]
|
||||
|
||||
|
||||
async def user_or_admin(db: sessionDep, current_user: ActiveUser, owner_id: int):
|
||||
if current_user.id == owner_id:
|
||||
return current_user
|
||||
else:
|
||||
admin = await get_admin_user(db, current_user)
|
||||
async def get_current_user_for_admin(token: AccessTokenDep):
|
||||
admin = await get_current_user(token, verify_exp=True, check_active=True)
|
||||
if not admin.is_superuser:
|
||||
raise HTTPException(status_code=403, detail="Admin access required")
|
||||
return admin
|
||||
|
||||
|
||||
async def CurrentOrAdminOwner(
|
||||
db: sessionDep, current_user: ActiveUser, id: Annotated[int, Path()]
|
||||
):
|
||||
authorized_user = await user_or_admin(db, current_user, id)
|
||||
if not authorized_user:
|
||||
raise HTTPException(status_code=403, detail="Not authorized")
|
||||
return authorized_user
|
||||
|
||||
|
||||
async def CurrentOrAdminTask(
|
||||
db: sessionDep,
|
||||
id: Annotated[int, Path()],
|
||||
current_user: ActiveUser,
|
||||
):
|
||||
task = await TaskService(db).get_task(id)
|
||||
if not task:
|
||||
raise HTTPException(status_code=404, detail="Task not found")
|
||||
|
||||
return await CurrentOrAdminOwner(db, current_user, task.user_id)
|
||||
|
||||
|
||||
OwnerDep = Annotated[TokenData, Depends(CurrentOrAdminOwner)]
|
||||
|
||||
TaskOwnerDep = Annotated[TokenData, Depends(CurrentOrAdminTask)]
|
||||
CurrentUser = Annotated[TokenData, Depends(get_current_user_basic)]
|
||||
ActiveUser = Annotated[TokenData, Depends(get_current_active_user)]
|
||||
RefreshUser = Annotated[TokenData, Depends(get_current_user_for_refresh)]
|
||||
AdminUser = Annotated[TokenData, Depends(get_current_user_for_admin)]
|
||||
|
||||
@@ -1,14 +1,19 @@
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import APIRouter, Depends
|
||||
from fastapi import APIRouter, Body, Cookie, Depends, Form, HTTPException, Response
|
||||
from fastapi.security import OAuth2PasswordRequestForm
|
||||
|
||||
from src.api.dependacies.db_dep import sessionDep
|
||||
from src.api.dependacies.user_dep import ActiveUser, RefreshUser, http_bearer
|
||||
from src.core.settings import settings
|
||||
from src.schemas.auth import Token
|
||||
from src.schemas.users import UserRequestADD
|
||||
from src.services.auth import AuthService
|
||||
from src.services.users import UserService
|
||||
|
||||
router = APIRouter(prefix=settings.api.v1.auth, tags=["Auth"])
|
||||
router = APIRouter(
|
||||
prefix=settings.api.v1.auth, tags=["Auth"], dependencies=[Depends(http_bearer)]
|
||||
)
|
||||
|
||||
|
||||
@router.post(path="/signup")
|
||||
@@ -17,12 +22,65 @@ async def registration(session: sessionDep, credential: UserRequestADD):
|
||||
return auth
|
||||
|
||||
|
||||
@router.post(path="/login")
|
||||
@router.post(path="/login", response_model=Token)
|
||||
async def login(
|
||||
session: sessionDep,
|
||||
credential: Annotated[OAuth2PasswordRequestForm, Depends()],
|
||||
response: Response,
|
||||
fingerprint: str = Form(min_length=5),
|
||||
):
|
||||
access_token = await AuthService(session).login(
|
||||
credential.username, credential.password
|
||||
result = await AuthService(session).login(
|
||||
credential.username, credential.password, fingerprint=fingerprint
|
||||
)
|
||||
return access_token
|
||||
response.set_cookie(
|
||||
key="refresh_token",
|
||||
value=result["refresh_token"],
|
||||
httponly=True,
|
||||
samesite="lax",
|
||||
path=settings.api.v1_login_url,
|
||||
max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
|
||||
)
|
||||
return result
|
||||
|
||||
|
||||
@router.post(path="/refresh", response_model=Token)
|
||||
async def refresh(
|
||||
session: sessionDep,
|
||||
current_user: RefreshUser,
|
||||
response: Response,
|
||||
fingerprint: Annotated[str, Body(embed=True)],
|
||||
refresh_token: Annotated[str | None, Cookie(name="refresh_token")] = None,
|
||||
):
|
||||
if refresh_token is None:
|
||||
raise HTTPException(status_code=401, detail="No refresh token")
|
||||
result = await AuthService(session).refresh_tokens(
|
||||
refresh_token, current_user, fingerprint
|
||||
)
|
||||
response.set_cookie(
|
||||
key="refresh_token",
|
||||
value=result["refresh_token"],
|
||||
httponly=True,
|
||||
samesite="lax",
|
||||
path=settings.api.v1_login_url,
|
||||
max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
|
||||
)
|
||||
return result
|
||||
|
||||
|
||||
@router.get("/me")
|
||||
async def get_me(session: sessionDep, user: ActiveUser):
|
||||
cur_user = await UserService(session).get_user_by_filter_or_raise(id=user.id)
|
||||
return cur_user
|
||||
|
||||
|
||||
@router.post(path="/logout")
|
||||
async def logout(
|
||||
session: sessionDep,
|
||||
response: Response,
|
||||
refresh_token: Annotated[str | None, Cookie(name="refresh_token")] = None,
|
||||
):
|
||||
if refresh_token is None:
|
||||
raise HTTPException(status_code=401, detail="No refresh token")
|
||||
await AuthService(session).delete_token(token=refresh_token)
|
||||
response.delete_cookie(key="refresh_token")
|
||||
return {"status": "ok"}
|
||||
|
||||
@@ -1,28 +1,20 @@
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import APIRouter, Body, Depends
|
||||
from fastapi import APIRouter, Body, Depends, HTTPException
|
||||
|
||||
from src.api.dependacies.db_dep import sessionDep
|
||||
from src.api.dependacies.task_dep import TaskFilterDep
|
||||
from src.api.dependacies.user_dep import ActiveUser, TaskOwnerDep
|
||||
from src.api.dependacies.user_dep import ActiveUser
|
||||
from src.schemas.tasks import TaskADDRequest, TaskPATCHRequest
|
||||
from src.services.tasks import TaskService
|
||||
from src.services.users import UserService
|
||||
|
||||
router = APIRouter(prefix="/tasks", tags=["Tasks"])
|
||||
|
||||
|
||||
@router.get("/")
|
||||
async def get_tasks(session: sessionDep, user: ActiveUser, filter: TaskFilterDep):
|
||||
result = await UserService(session).get_user_with_tasks(
|
||||
user_id=user.id, **filter.model_dump(exclude_unset=True)
|
||||
)
|
||||
return result
|
||||
|
||||
|
||||
@router.get("/{id}")
|
||||
async def get_task_id(session: sessionDep, id: int, _: TaskOwnerDep):
|
||||
async def get_task_id(session: sessionDep, id: int, user: ActiveUser):
|
||||
task = await TaskService(session).get_task(id)
|
||||
if task.user_id != user.id and user.is_superuser is False:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
return task
|
||||
|
||||
|
||||
@@ -42,17 +34,26 @@ async def post_task(
|
||||
async def patch_task(
|
||||
session: sessionDep,
|
||||
id: int,
|
||||
_: TaskOwnerDep,
|
||||
user: ActiveUser,
|
||||
task_data: TaskPATCHRequest = Body(),
|
||||
):
|
||||
task = await TaskService(session).update_task(id, task_data)
|
||||
return task
|
||||
if user.is_superuser is False:
|
||||
task = await TaskService(session).get_task(id)
|
||||
if task.user_id != user.id:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
updated_task = await TaskService(session).update_task(id, task_data)
|
||||
return updated_task
|
||||
|
||||
|
||||
@router.delete("/{id}")
|
||||
async def delete_task(
|
||||
session: sessionDep,
|
||||
id: int,
|
||||
_: TaskOwnerDep,
|
||||
user: ActiveUser,
|
||||
):
|
||||
if user.is_superuser is False:
|
||||
task = await TaskService(session).get_task(id)
|
||||
if task.user_id != user.id:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
await TaskService(session).delete_task(id)
|
||||
return {"message": "Task deleted successfully"}
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
from fastapi import APIRouter, Body
|
||||
from fastapi import APIRouter, Body, HTTPException
|
||||
|
||||
from src.api.dependacies.db_dep import sessionDep
|
||||
from src.api.dependacies.task_dep import FilterDep
|
||||
from src.api.dependacies.user_dep import (
|
||||
ActiveUser,
|
||||
AdminUser,
|
||||
OwnerDep,
|
||||
)
|
||||
from src.core.settings import settings
|
||||
from src.schemas.users import UserUpdate
|
||||
@@ -13,11 +13,6 @@ from src.services.users import UserService
|
||||
router = APIRouter(prefix=settings.api.v1.users, tags=["Users"])
|
||||
|
||||
|
||||
@router.get("/me")
|
||||
async def get_me(user: ActiveUser):
|
||||
return user
|
||||
|
||||
|
||||
@router.get("/")
|
||||
async def get_all_users(session: sessionDep, _: AdminUser):
|
||||
users = await UserService(session).get_all_users()
|
||||
@@ -25,18 +20,30 @@ async def get_all_users(session: sessionDep, _: AdminUser):
|
||||
|
||||
|
||||
@router.get("/{id}")
|
||||
async def get_user_by_id(session: sessionDep, id: int, _: OwnerDep):
|
||||
async def get_user_by_id(session: sessionDep, id: int, _: AdminUser):
|
||||
user = await UserService(session).get_user_by_filter_or_raise(id=id)
|
||||
return user
|
||||
|
||||
|
||||
@router.get("/{id}/tasks")
|
||||
async def get_user_tasks(
|
||||
session: sessionDep, id: int, user: ActiveUser, filters: FilterDep
|
||||
):
|
||||
if user.id != id and user.is_superuser is False:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
tasks = await UserService(session).get_user_with_tasks(id, **filters.model_dump())
|
||||
return tasks.tasks
|
||||
|
||||
|
||||
@router.patch("/{id}")
|
||||
async def patch_user(
|
||||
session: sessionDep,
|
||||
id: int,
|
||||
_: OwnerDep,
|
||||
user: ActiveUser,
|
||||
user_update: UserUpdate = Body(),
|
||||
):
|
||||
if user.id != id and user.is_superuser is False:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
updated_user = await UserService(session).update_user(
|
||||
id=id, update_data=user_update
|
||||
)
|
||||
@@ -44,6 +51,6 @@ async def patch_user(
|
||||
|
||||
|
||||
@router.delete("/{id}")
|
||||
async def delete_user(session: sessionDep, id: int, _: AdminUser):
|
||||
async def delete_user(session: sessionDep, id: int, user: AdminUser):
|
||||
await UserService(session).delete_user(id)
|
||||
return {"message": "User deleted successfully"}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import secrets
|
||||
from datetime import datetime, timedelta, timezone
|
||||
|
||||
import jwt
|
||||
@@ -35,9 +36,15 @@ class AuthManager:
|
||||
return encoded_jwt
|
||||
|
||||
@classmethod
|
||||
def decode_access_token(cls, token: str) -> dict:
|
||||
def create_refresh_token(cls) -> str:
|
||||
token_hash = secrets.token_urlsafe(32)
|
||||
return token_hash
|
||||
|
||||
@classmethod
|
||||
def decode_access_token(cls, token: str, verify_exp: bool = True) -> dict:
|
||||
return jwt.decode(
|
||||
token,
|
||||
settings.access_token.secret_key,
|
||||
algorithms=[settings.access_token.algorithm],
|
||||
options={"verify_exp": verify_exp},
|
||||
)
|
||||
|
||||
@@ -6,7 +6,7 @@ from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column
|
||||
|
||||
from src.core.settings import settings
|
||||
|
||||
engine = create_async_engine(settings.db.url, echo=True)
|
||||
engine = create_async_engine(settings.db.url, echo=settings.db.echo)
|
||||
|
||||
|
||||
@event.listens_for(engine.sync_engine, "connect")
|
||||
|
||||
@@ -2,6 +2,7 @@ from typing import Any
|
||||
|
||||
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker
|
||||
|
||||
from src.repository.auth import AuthRepo
|
||||
from src.repository.tasks import TasksRepo
|
||||
from src.repository.users import UsersRepo
|
||||
|
||||
@@ -14,6 +15,7 @@ class DBManager:
|
||||
self.session: AsyncSession = self.session_factory()
|
||||
self.user = UsersRepo(self.session)
|
||||
self.task = TasksRepo(self.session)
|
||||
self.auth = AuthRepo(self.session)
|
||||
return self
|
||||
|
||||
async def __aexit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
|
||||
|
||||
@@ -3,18 +3,16 @@ from typing import TYPE_CHECKING, Any, Protocol
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from src.repository.auth import AuthRepo
|
||||
from src.repository.tasks import TasksRepo
|
||||
from src.repository.users import UsersRepo
|
||||
|
||||
|
||||
class HasId(Protocol):
|
||||
id: Any
|
||||
|
||||
|
||||
class IUOWDB(Protocol):
|
||||
session: AsyncSession
|
||||
user: 'UsersRepo'
|
||||
task: 'TasksRepo'
|
||||
user: "UsersRepo"
|
||||
task: "TasksRepo"
|
||||
auth: "AuthRepo"
|
||||
|
||||
async def __aenter__(self) -> "IUOWDB": ...
|
||||
|
||||
|
||||
@@ -28,22 +28,28 @@ class ApiPrefix(BaseModel):
|
||||
|
||||
class DbSettings(BaseModel):
|
||||
url: str = f"sqlite+aiosqlite:///{DB_PATH}"
|
||||
echo: bool = False
|
||||
|
||||
|
||||
class AccessToken(BaseSettings):
|
||||
model_config = SettingsConfigDict(
|
||||
env_file=".env", env_file_encoding="utf-8", env_prefix="ACCESS_TOKEN_"
|
||||
)
|
||||
class AccessToken(BaseModel):
|
||||
expire_minutes: int
|
||||
secret_key: str
|
||||
algorithm: str = "HS256"
|
||||
token_type: str = "bearer" # noqa: S105
|
||||
|
||||
|
||||
class RefreshToken(BaseModel):
|
||||
expire_days: int
|
||||
|
||||
|
||||
class Settings(BaseSettings):
|
||||
api: ApiPrefix = ApiPrefix()
|
||||
db: DbSettings = DbSettings()
|
||||
access_token: AccessToken = AccessToken() # type: ignore
|
||||
access_token: AccessToken
|
||||
refresh_token: RefreshToken
|
||||
model_config = SettingsConfigDict(
|
||||
env_file=".env", env_file_encoding="utf-8", env_nested_delimiter="__"
|
||||
)
|
||||
|
||||
|
||||
settings = Settings()
|
||||
settings = Settings() # type: ignore
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
"""add refresh token
|
||||
|
||||
Revision ID: b879d3502c37
|
||||
Revises: 4b0f3ea2fd26
|
||||
Create Date: 2025-09-08 14:56:01.439089
|
||||
|
||||
"""
|
||||
|
||||
from typing import Sequence, Union
|
||||
|
||||
import sqlalchemy as sa
|
||||
from alembic import op
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision: str = "b879d3502c37"
|
||||
down_revision: Union[str, None] = "4b0f3ea2fd26"
|
||||
branch_labels: Union[str, Sequence[str], None] = None
|
||||
depends_on: Union[str, Sequence[str], None] = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
"""Upgrade schema."""
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.create_table(
|
||||
"refresh_tokens",
|
||||
sa.Column("id", sa.Integer(), nullable=False),
|
||||
sa.Column("token", sa.String(length=255), nullable=False),
|
||||
sa.Column("user_id", sa.Integer(), nullable=False),
|
||||
sa.Column(
|
||||
"created_at",
|
||||
sa.TIMESTAMP(timezone=True),
|
||||
server_default=sa.text("(CURRENT_TIMESTAMP)"),
|
||||
nullable=False,
|
||||
),
|
||||
sa.ForeignKeyConstraint(
|
||||
["user_id"],
|
||||
["users.id"],
|
||||
),
|
||||
sa.PrimaryKeyConstraint("id"),
|
||||
)
|
||||
# ### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
"""Downgrade schema."""
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.drop_table("refresh_tokens")
|
||||
# ### end Alembic commands ###
|
||||
@@ -0,0 +1,45 @@
|
||||
"""expire and fingerprintjs token
|
||||
|
||||
Revision ID: 5821f37941a8
|
||||
Revises: b879d3502c37
|
||||
Create Date: 2025-09-21 20:16:48.289050
|
||||
|
||||
"""
|
||||
|
||||
from typing import Sequence, Union
|
||||
|
||||
import sqlalchemy as sa
|
||||
from alembic import op
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision: str = "5821f37941a8"
|
||||
down_revision: Union[str, None] = "b879d3502c37"
|
||||
branch_labels: Union[str, Sequence[str], None] = None
|
||||
depends_on: Union[str, Sequence[str], None] = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
"""Upgrade schema."""
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.add_column(
|
||||
"refresh_tokens",
|
||||
sa.Column("fingerprint", sa.String(length=255), nullable=False),
|
||||
)
|
||||
op.add_column(
|
||||
"refresh_tokens",
|
||||
sa.Column(
|
||||
"expired_at",
|
||||
sa.TIMESTAMP(timezone=True),
|
||||
server_default=sa.text("(datetime('now', '+7 days'))"),
|
||||
nullable=False,
|
||||
),
|
||||
)
|
||||
# ### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
"""Downgrade schema."""
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.drop_column("refresh_tokens", "expired_at")
|
||||
op.drop_column("refresh_tokens", "fingerprint")
|
||||
# ### end Alembic commands ###
|
||||
@@ -1,7 +1,5 @@
|
||||
from src.models.tasks import TasksORM
|
||||
from src.models.tokens import RefreshTokensORM
|
||||
from src.models.users import UsersORM
|
||||
|
||||
__all__ = [
|
||||
"UsersORM",
|
||||
"TasksORM",
|
||||
]
|
||||
__all__ = ["UsersORM", "TasksORM", "RefreshTokensORM"]
|
||||
|
||||
21
src/models/tokens.py
Normal file
21
src/models/tokens.py
Normal file
@@ -0,0 +1,21 @@
|
||||
from datetime import datetime
|
||||
|
||||
from sqlalchemy import TIMESTAMP, ForeignKey, Integer, String, text
|
||||
from sqlalchemy.orm import Mapped, mapped_column
|
||||
|
||||
from src.core.database import Base
|
||||
from src.core.settings import settings
|
||||
|
||||
|
||||
class RefreshTokensORM(Base):
|
||||
__tablename__ = "refresh_tokens"
|
||||
id: Mapped[int] = mapped_column(Integer, primary_key=True)
|
||||
token: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
user_id: Mapped[int] = mapped_column(Integer, ForeignKey("users.id"))
|
||||
fingerprint: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
expired_at: Mapped[datetime] = mapped_column(
|
||||
TIMESTAMP(timezone=True),
|
||||
server_default=text(
|
||||
f"datetime('now', '+{settings.refresh_token.expire_days} days')"
|
||||
),
|
||||
)
|
||||
6
src/repository/auth.py
Normal file
6
src/repository/auth.py
Normal file
@@ -0,0 +1,6 @@
|
||||
from src.models.tokens import RefreshTokensORM
|
||||
from src.repository.base import BaseRepo
|
||||
|
||||
|
||||
class AuthRepo(BaseRepo[RefreshTokensORM]):
|
||||
model: type[RefreshTokensORM] = RefreshTokensORM
|
||||
@@ -3,9 +3,7 @@ from typing import Any, Generic, Mapping, Sequence, Type, TypeVar
|
||||
from sqlalchemy import delete, insert, select, update
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from src.core.interfaces import HasId
|
||||
|
||||
ModelType = TypeVar("ModelType", bound=HasId)
|
||||
ModelType = TypeVar("ModelType")
|
||||
|
||||
|
||||
class BaseRepo(Generic[ModelType]):
|
||||
@@ -45,12 +43,9 @@ class BaseRepo(Generic[ModelType]):
|
||||
async def delete_one(self, **filter_by) -> None:
|
||||
await self.session.execute(delete(self.model).filter_by(**filter_by))
|
||||
|
||||
async def update_one(self, id: int, data: Mapping[str, Any]) -> ModelType:
|
||||
async def update_one(self, data: dict[str, Any], **filter_by: Any) -> ModelType:
|
||||
stmt = (
|
||||
update(self.model)
|
||||
.where(self.model.id == id)
|
||||
.values(data)
|
||||
.returning(self.model)
|
||||
update(self.model).filter_by(**filter_by).values(data).returning(self.model)
|
||||
)
|
||||
result = await self.session.execute(stmt)
|
||||
model = result.scalar_one()
|
||||
|
||||
@@ -2,5 +2,5 @@ from src.models.tasks import TasksORM
|
||||
from src.repository.base import BaseRepo
|
||||
|
||||
|
||||
class TasksRepo(BaseRepo):
|
||||
class TasksRepo(BaseRepo[TasksORM]):
|
||||
model: type[TasksORM] = TasksORM
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
from datetime import date
|
||||
from typing import Optional
|
||||
|
||||
from sqlalchemy import func, select, update
|
||||
from sqlalchemy import func, select
|
||||
from sqlalchemy.orm import selectinload
|
||||
|
||||
from src.models import UsersORM
|
||||
@@ -9,32 +8,24 @@ from src.models.tasks import TasksORM
|
||||
from src.repository.base import BaseRepo
|
||||
|
||||
|
||||
class UsersRepo(BaseRepo):
|
||||
class UsersRepo(BaseRepo[UsersORM]):
|
||||
model: type[UsersORM] = UsersORM
|
||||
|
||||
async def update_one(self, id: int, data: dict) -> UsersORM:
|
||||
stmt = (
|
||||
update(self.model)
|
||||
.where(self.model.id == id)
|
||||
.values(data)
|
||||
.returning(self.model)
|
||||
)
|
||||
result = await self.session.execute(stmt)
|
||||
model = result.scalar_one()
|
||||
return model
|
||||
|
||||
async def get_one_with_load(
|
||||
self,
|
||||
user_id: int,
|
||||
status: str | None = None,
|
||||
tasks_limit: Optional[int] = None,
|
||||
tasks_offset: Optional[int] = 0,
|
||||
date_to: Optional[date] = None,
|
||||
date_from: Optional[date] = None,
|
||||
priority: str | None = None,
|
||||
tasks_limit: int | None = None,
|
||||
tasks_offset: int | None = 0,
|
||||
date_to: date | None = None,
|
||||
date_from: date | None = None,
|
||||
) -> UsersORM | None:
|
||||
filters_sq: dict = {"user_id": user_id}
|
||||
if status:
|
||||
filters_sq["status"] = status
|
||||
if priority:
|
||||
filters_sq["priority"] = priority
|
||||
tasks_subquery = self._tasks_subquary(
|
||||
date_from=date_from, date_to=date_to, **filters_sq
|
||||
)
|
||||
|
||||
@@ -1,12 +1,16 @@
|
||||
from pydantic import BaseModel
|
||||
from pydantic import BaseModel, ConfigDict, Field
|
||||
|
||||
|
||||
class Token(BaseModel):
|
||||
access_token: str
|
||||
token_type: str
|
||||
model_config = ConfigDict(extra="ignore")
|
||||
|
||||
|
||||
class TokenData(BaseModel):
|
||||
id: int
|
||||
sub: str
|
||||
sub: str = Field(alias="username")
|
||||
is_superuser: bool
|
||||
is_active: bool
|
||||
|
||||
model_config = ConfigDict(populate_by_name=True)
|
||||
|
||||
@@ -50,11 +50,3 @@ class Task(TaskADDRequest):
|
||||
time_spent: int
|
||||
|
||||
model_config = ConfigDict(from_attributes=True)
|
||||
|
||||
|
||||
class TaskFilter(BaseModel):
|
||||
status: StatusEnum | None = None
|
||||
limit: int | None = 30
|
||||
offset: int | None = None
|
||||
date_from: date | None = None
|
||||
date_to: date | None = None
|
||||
|
||||
@@ -3,7 +3,7 @@ from typing import Annotated
|
||||
from pydantic import BaseModel, BeforeValidator, ConfigDict, EmailStr
|
||||
|
||||
from src.schemas.tasks import TaskWithId
|
||||
from src.schemas.validators import ensure_password
|
||||
from src.schemas.validators import ensure_password, ensure_username
|
||||
|
||||
|
||||
class UserUpdate(BaseModel):
|
||||
@@ -19,6 +19,8 @@ class User(BaseModel):
|
||||
username: str
|
||||
is_active: bool
|
||||
is_superuser: bool
|
||||
telegram_id: int | None
|
||||
avatar_path: str | None
|
||||
model_config = ConfigDict(from_attributes=True, extra="ignore")
|
||||
|
||||
|
||||
@@ -36,7 +38,7 @@ class UserRequest(BaseModel):
|
||||
|
||||
|
||||
class UserRequestADD(BaseModel):
|
||||
username: str
|
||||
username: Annotated[str, BeforeValidator(ensure_username)]
|
||||
email: EmailStr | None = None
|
||||
password: Annotated[str, BeforeValidator(ensure_password)]
|
||||
|
||||
|
||||
@@ -1,11 +1,21 @@
|
||||
from typing import Any
|
||||
|
||||
|
||||
def ensure_password(value: Any) -> Any:
|
||||
def ensure_password(value: Any) -> str:
|
||||
if not isinstance(value, str):
|
||||
raise TypeError("Password must be a string")
|
||||
value = value.strip()
|
||||
if len(value) < 8:
|
||||
raise ValueError("Password must be at least 8 characters")
|
||||
if value.strip() == "":
|
||||
elif value.strip() == "":
|
||||
raise ValueError("Password cannot be empty")
|
||||
return value
|
||||
|
||||
|
||||
def ensure_username(value: str) -> str:
|
||||
value = value.strip()
|
||||
if len(value) < 3:
|
||||
raise ValueError("Username must be at least 3 characters")
|
||||
elif value.lower() in ["admin", "moderator", "админ", "модератор"]:
|
||||
raise ValueError("Login is already taken")
|
||||
return value
|
||||
|
||||
@@ -2,7 +2,7 @@ from fastapi import HTTPException
|
||||
|
||||
from src.core.auth_manager import AuthManager
|
||||
from src.core.settings import settings
|
||||
from src.schemas.auth import Token
|
||||
from src.schemas.auth import TokenData
|
||||
from src.schemas.users import User, UserAdd, UserRequestADD, UserWithHashedPass
|
||||
from src.services.base import BaseService
|
||||
|
||||
@@ -19,25 +19,50 @@ class AuthService(BaseService):
|
||||
await self.session.commit()
|
||||
return User.model_validate(result)
|
||||
|
||||
async def login(self, username: str, password: str):
|
||||
result = await self.session.user.get_one_or_none(username=username)
|
||||
if result is None:
|
||||
raise HTTPException(
|
||||
async def _tokens_create(self, user_data: TokenData, fingerprint: str):
|
||||
access_token = AuthManager.create_access_token(user_data.model_dump())
|
||||
refresh_token = AuthManager.create_refresh_token()
|
||||
await self.session.auth.create_one({
|
||||
"token": refresh_token,
|
||||
"user_id": user_data.id,
|
||||
"fingerprint": fingerprint,
|
||||
})
|
||||
return {
|
||||
"access_token": access_token,
|
||||
"token_type": settings.access_token.token_type,
|
||||
"refresh_token": refresh_token,
|
||||
}
|
||||
|
||||
async def login(self, username: str, password: str, fingerprint: str) -> dict:
|
||||
login_exception = HTTPException(
|
||||
status_code=401,
|
||||
detail="Incorrect username or password",
|
||||
)
|
||||
result = await self.session.user.get_one_or_none(username=username)
|
||||
if result is None:
|
||||
raise login_exception
|
||||
user = UserWithHashedPass.model_validate(result)
|
||||
token_data = TokenData.model_validate(user.model_dump())
|
||||
verify = AuthManager.verify_password(
|
||||
plain_password=password, hashed_password=user.hashed_password
|
||||
)
|
||||
if not verify or user.is_active is False:
|
||||
raise HTTPException(
|
||||
status_code=401,
|
||||
detail="Incorrect username or password",
|
||||
)
|
||||
access_token = AuthManager.create_access_token(
|
||||
data={"id": user.id, "sub": user.username, "is_active": user.is_active}
|
||||
)
|
||||
return Token(
|
||||
access_token=access_token, token_type=settings.access_token.token_type
|
||||
)
|
||||
raise login_exception
|
||||
tokens = await self._tokens_create(token_data, fingerprint)
|
||||
await self.session.commit()
|
||||
return tokens
|
||||
|
||||
async def refresh_tokens(
|
||||
self, refresh_token: str, user_data: TokenData, fingerprint: str
|
||||
) -> dict:
|
||||
token_record = await self.session.auth.get_one_or_none(token=refresh_token)
|
||||
if not token_record or token_record.user_id != user_data.id:
|
||||
raise HTTPException(status_code=401, detail="Invalid refresh token")
|
||||
token = await self._tokens_create(user_data, fingerprint)
|
||||
await self.session.auth.delete_one(token=refresh_token)
|
||||
await self.session.commit()
|
||||
return token
|
||||
|
||||
async def delete_token(self, token: str) -> None:
|
||||
await self.session.auth.delete_one(token=token)
|
||||
await self.session.commit()
|
||||
|
||||
@@ -1,13 +1,10 @@
|
||||
from fastapi import HTTPException
|
||||
|
||||
from src.models.tasks import TasksORM
|
||||
from src.schemas.tasks import Task, TaskADDRequest, TaskPATCHRequest
|
||||
from src.services.base import BaseService
|
||||
|
||||
|
||||
class TaskService(BaseService):
|
||||
model = TasksORM
|
||||
|
||||
async def create_task(self, user_id: int, task_data: TaskADDRequest) -> Task:
|
||||
user = await self.session.user.get_one_or_none(id=user_id)
|
||||
if user is None:
|
||||
@@ -29,10 +26,13 @@ class TaskService(BaseService):
|
||||
await self.session.commit()
|
||||
|
||||
async def update_task(
|
||||
self, task_id: int, task_data: TaskPATCHRequest, exclude_unset: bool = True
|
||||
self,
|
||||
task_id: int,
|
||||
task_data: TaskPATCHRequest,
|
||||
exclude_unset: bool = True,
|
||||
):
|
||||
task = await self.session.task.update_one(
|
||||
id=task_id, data=task_data.model_dump(exclude_unset=exclude_unset)
|
||||
data=task_data.model_dump(exclude_unset=exclude_unset), id=task_id
|
||||
)
|
||||
await self.session.commit()
|
||||
return Task.model_validate(task)
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
from datetime import date
|
||||
|
||||
from fastapi import HTTPException
|
||||
|
||||
from src.schemas.users import User, UserUpdate, UserWithTasks
|
||||
@@ -36,27 +34,24 @@ class UserService(BaseService):
|
||||
async def update_user(self, id: int, update_data: UserUpdate) -> User:
|
||||
await self.get_user_by_filter_or_raise(id=id)
|
||||
user = await self.session.user.update_one(
|
||||
id=id, data=update_data.model_dump(exclude_unset=True)
|
||||
data=update_data.model_dump(exclude_unset=True), id=id
|
||||
)
|
||||
await self.session.commit()
|
||||
return User.model_validate(user)
|
||||
|
||||
async def get_user_with_tasks(
|
||||
self,
|
||||
user_id: int,
|
||||
status: str | None,
|
||||
limit: int | None,
|
||||
offset: int | None,
|
||||
date_to: date | None,
|
||||
date_from: date | None,
|
||||
):
|
||||
async def get_user_with_tasks(self, user_id: int, **attrs):
|
||||
if attrs.get("page") and attrs.get("limit"):
|
||||
tasks_offset = (attrs.get("page", 0) - 1) * attrs.get("limit")
|
||||
else:
|
||||
tasks_offset = None
|
||||
user = await self.session.user.get_one_with_load(
|
||||
user_id=user_id,
|
||||
status=status,
|
||||
tasks_limit=limit,
|
||||
tasks_offset=offset,
|
||||
date_from=date_from,
|
||||
date_to=date_to,
|
||||
status=attrs.get("status"),
|
||||
priority=attrs.get("priority"),
|
||||
tasks_limit=attrs.get("limit"),
|
||||
tasks_offset=tasks_offset,
|
||||
date_from=attrs.get("date_from"),
|
||||
date_to=attrs.get("date_to"),
|
||||
)
|
||||
if user is None:
|
||||
raise HTTPException(status_code=404, detail="User not found.")
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
|
||||
import pytest
|
||||
from httpx import ASGITransport, AsyncClient
|
||||
from sqlalchemy import NullPool, insert
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import pytest
|
||||
from httpx import AsyncClient
|
||||
|
||||
from src.core.settings import settings
|
||||
@@ -15,14 +16,30 @@ async def test_registration(ac):
|
||||
assert result.json()["is_active"]
|
||||
|
||||
|
||||
async def test_login(ac: AsyncClient):
|
||||
@pytest.mark.parametrize(
|
||||
"fingerprint, username,password,expected_status",
|
||||
[("string", "kot", "P@ssw0rd", 200), ("", "kot", "P@ssw0rd", 422)],
|
||||
)
|
||||
async def test_login(
|
||||
ac: AsyncClient,
|
||||
fingerprint: str,
|
||||
username: str,
|
||||
password: str,
|
||||
expected_status: int,
|
||||
):
|
||||
result = await ac.post(
|
||||
f"{settings.api.v1_login_url}/login",
|
||||
data={
|
||||
"fingerprint": fingerprint,
|
||||
"grant_type": "password",
|
||||
"username": "kot",
|
||||
"password": "P@ssw0rd",
|
||||
"username": username,
|
||||
"password": password,
|
||||
},
|
||||
)
|
||||
assert result.status_code == 200
|
||||
assert result.json().get("access_token")
|
||||
assert result.status_code == expected_status
|
||||
if expected_status == 200:
|
||||
assert result.json().get("access_token") is not None
|
||||
else:
|
||||
json_response = result.json()
|
||||
if expected_status == 422:
|
||||
assert "detail" in json_response
|
||||
|
||||
@@ -55,3 +55,32 @@ async def test_tasks_user(db: "TestDBManager"):
|
||||
user_with_tasks = await db.user.get_one_with_load(user_id=admin_user.id)
|
||||
assert user_with_tasks
|
||||
assert user_with_tasks.tasks
|
||||
|
||||
|
||||
async def test_tasks_crud(db: "TestDBManager"):
|
||||
data = {
|
||||
"title": "test_tasks_crud",
|
||||
"description": "test",
|
||||
"due_date": datetime.now(),
|
||||
"status": "open",
|
||||
"priority": "medium",
|
||||
"user_id": 1,
|
||||
}
|
||||
task = await db.task.create_one(data)
|
||||
assert task
|
||||
assert task.title == data["title"]
|
||||
assert task.description == data["description"]
|
||||
assert task.due_date == data["due_date"].date()
|
||||
assert task.status == data["status"]
|
||||
assert task.priority == data["priority"]
|
||||
assert task.user_id == data["user_id"]
|
||||
assert task.created_at is not None
|
||||
find_task = await db.task.get_filtered(title=data["title"])
|
||||
assert find_task
|
||||
assert find_task[0].title == task.title
|
||||
data["title"] = "test2"
|
||||
task = await db.task.update_one(id=task.id, data=data)
|
||||
assert task.title == data["title"]
|
||||
await db.task.delete_one(id=task.id)
|
||||
task = await db.task.get_one_or_none(id=task.id)
|
||||
assert not task
|
||||
|
||||
Reference in New Issue
Block a user