add priority filter

Reviewed-on: #1

README.md

@@ -23,6 +23,7 @@ ___
 - 🔥 Установка приоритетов и дедлайнов  
 - 🔔 Напоминания и уведомления  
 - ⚙️ Асинхронная обработка задач  
+- 📄 Пагинация и фильтрация задач с поддержкой limit/offset
 - 💡 Современный и интуитивно понятный интерфейс  
 
 ---

docs/api.md

@@ -9,6 +9,10 @@ ___
 - `GET /users` — Получить список всех пользователей  
 - `GET /users/{user_id}` — Получить конкретного пользователя  
 - `GET /users/{user_id}/tasks` — Получить задачи пользователя  
+  - **Query параметры:**
+    - `limit` (int, опционально) — Максимальное количество задач для возврата
+    - `offset` (int, опционально, по умолчанию 0) — Количество задач для пропуска
+  - **Пример:** `GET /users/1/tasks?limit=10&offset=20`
 - `POST /users` — Создать нового пользователя  
 - `PUT /users/{user_id}` — Обновить данные пользователя
 - `PATCH /users/{user_id}` — Частично обновить данные пользователя

poetry.lock

@@ -129,12 +129,12 @@ version = "0.4.6"
 description = "Cross-platform colored terminal text."
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
-groups = ["main"]
+groups = ["main", "test"]
-markers = "platform_system == \"Windows\""
 files = [
     {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
     {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
 ]
+markers = {main = "platform_system == \"Windows\"", test = "sys_platform == \"win32\""}
 
 [[package]]
 name = "dnspython"
@@ -290,6 +290,18 @@ files = [
 [package.extras]
 all = ["flake8 (>=7.1.1)", "mypy (>=1.11.2)", "pytest (>=8.3.2)", "ruff (>=0.6.2)"]
 
+[[package]]
+name = "iniconfig"
+version = "2.1.0"
+description = "brain-dead simple config-ini parsing"
+optional = false
+python-versions = ">=3.8"
+groups = ["test"]
+files = [
+    {file = "iniconfig-2.1.0-py3-none-any.whl", hash = "sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760"},
+    {file = "iniconfig-2.1.0.tar.gz", hash = "sha256:3abbd2e30b36733fee78f9c7f7308f2d0050e88f0087fd25c2645f63c773e1c7"},
+]
+
 [[package]]
 name = "mako"
 version = "1.3.10"
@@ -381,6 +393,18 @@ files = [
     {file = "markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0"},
 ]
 
+[[package]]
+name = "packaging"
+version = "25.0"
+description = "Core utilities for Python packages"
+optional = false
+python-versions = ">=3.8"
+groups = ["test"]
+files = [
+    {file = "packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484"},
+    {file = "packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f"},
+]
+
 [[package]]
 name = "passlib"
 version = "1.7.4"
@@ -399,6 +423,22 @@ bcrypt = ["bcrypt (>=3.1.0)"]
 build-docs = ["cloud-sptheme (>=1.10.1)", "sphinx (>=1.6)", "sphinxcontrib-fulltoc (>=1.2.0)"]
 totp = ["cryptography"]
 
+[[package]]
+name = "pluggy"
+version = "1.6.0"
+description = "plugin and hook calling mechanisms for python"
+optional = false
+python-versions = ">=3.9"
+groups = ["test"]
+files = [
+    {file = "pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746"},
+    {file = "pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3"},
+]
+
+[package.extras]
+dev = ["pre-commit", "tox"]
+testing = ["coverage", "pytest", "pytest-benchmark"]
+
 [[package]]
 name = "pydantic"
 version = "2.11.7"
@@ -557,6 +597,21 @@ gcp-secret-manager = ["google-cloud-secret-manager (>=2.23.1)"]
 toml = ["tomli (>=2.0.1)"]
 yaml = ["pyyaml (>=6.0.1)"]
 
+[[package]]
+name = "pygments"
+version = "2.19.2"
+description = "Pygments is a syntax highlighting package written in Python."
+optional = false
+python-versions = ">=3.8"
+groups = ["test"]
+files = [
+    {file = "pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b"},
+    {file = "pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887"},
+]
+
+[package.extras]
+windows-terminal = ["colorama (>=0.4.6)"]
+
 [[package]]
 name = "pyjwt"
 version = "2.10.1"
@@ -575,6 +630,47 @@ dev = ["coverage[toml] (==5.0.4)", "cryptography (>=3.4.0)", "pre-commit", "pyte
 docs = ["sphinx", "sphinx-rtd-theme", "zope.interface"]
 tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"]
 
+[[package]]
+name = "pytest"
+version = "8.4.1"
+description = "pytest: simple powerful testing with Python"
+optional = false
+python-versions = ">=3.9"
+groups = ["test"]
+files = [
+    {file = "pytest-8.4.1-py3-none-any.whl", hash = "sha256:539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7"},
+    {file = "pytest-8.4.1.tar.gz", hash = "sha256:7c67fd69174877359ed9371ec3af8a3d2b04741818c51e5e99cc1742251fa93c"},
+]
+
+[package.dependencies]
+colorama = {version = ">=0.4", markers = "sys_platform == \"win32\""}
+iniconfig = ">=1"
+packaging = ">=20"
+pluggy = ">=1.5,<2"
+pygments = ">=2.7.2"
+
+[package.extras]
+dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "requests", "setuptools", "xmlschema"]
+
+[[package]]
+name = "pytest-asyncio"
+version = "1.1.0"
+description = "Pytest support for asyncio"
+optional = false
+python-versions = ">=3.9"
+groups = ["test"]
+files = [
+    {file = "pytest_asyncio-1.1.0-py3-none-any.whl", hash = "sha256:5fe2d69607b0bd75c656d1211f969cadba035030156745ee09e7d71740e58ecf"},
+    {file = "pytest_asyncio-1.1.0.tar.gz", hash = "sha256:796aa822981e01b68c12e4827b8697108f7205020f24b5793b3c41555dab68ea"},
+]
+
+[package.dependencies]
+pytest = ">=8.2,<9"
+
+[package.extras]
+docs = ["sphinx (>=5.3)", "sphinx-rtd-theme (>=1)"]
+testing = ["coverage (>=6.2)", "hypothesis (>=5.7.1)"]
+
 [[package]]
 name = "python-dotenv"
 version = "1.1.0"
@@ -805,4 +901,4 @@ standard = ["colorama (>=0.4) ; sys_platform == \"win32\"", "httptools (>=0.6.3)
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.12"
-content-hash = "7f9ca5ce7505707747e59087ccbb804dc0fef135c963fd2d2ebc8c91285ec188"
+content-hash = "cc2947613c2711ad32ccfa1b8f04a0d8bad6043c6e52bffaff12761ec76cc805"

pyproject.toml

@@ -91,3 +91,7 @@ ignore = [
 [tool.ruff.format]
 # Enable Ruff's formatter.
 docstring-code-format = true
+[tool.poetry.group.test.dependencies]
+pytest = "^8.4.1"
+pytest-asyncio = "^1.1.0"
+

pytest.ini

@@ -0,0 +1,3 @@
+[pytest]
+pythonpath = . src
+asyncio_mode = auto

src/api/dependacies/task_dep.py

@@ -0,0 +1,41 @@
+from datetime import date
+from typing import Annotated
+
+from fastapi import Depends, Query
+from fastapi.exceptions import HTTPException
+from pydantic import BaseModel, model_validator
+
+from src.schemas.tasks import PriorityEnum, StatusEnum
+
+
+class Date(BaseModel):
+    date_from: date | None = Query(default=None)
+    date_to: date | None = Query(default=None)
+
+    @model_validator(mode="after")
+    def check_dates(self):
+        if self.date_from and self.date_to and self.date_to < self.date_from:
+            raise HTTPException(
+                status_code=422, detail="date_to cannot be less than date_from"
+            )
+        return self
+
+
+class Page(BaseModel):
+    limit: int = Query(default=30, ge=1, le=100)
+    page: int | None = Query(default=1, ge=1)
+
+
+class Status(BaseModel):
+    status: StatusEnum | None = Query(default=None)
+
+
+class Priority(BaseModel):
+    priority: PriorityEnum | None = Query(default=None)
+
+
+class Filters(Date, Status, Priority, Page):
+    pass
+
+
+FilterDep = Annotated[Filters, Depends()]

src/api/dependacies/user_dep.py

@@ -1,86 +1,63 @@
 from typing import Annotated
 
-from fastapi import Depends, HTTPException, Path
+from fastapi import Depends, HTTPException
-from fastapi.security import OAuth2PasswordBearer
+from fastapi.security import (
+    HTTPAuthorizationCredentials,
+    HTTPBearer,
+    OAuth2PasswordBearer,
+)
 from jwt import InvalidTokenError
 
-from src.api.dependacies.db_dep import sessionDep
 from src.core.auth_manager import AuthManager
 from src.core.settings import settings
 from src.schemas.auth import TokenData
-from src.services.tasks import TaskService
+
-from src.services.users import UserService
+http_bearer = HTTPBearer(auto_error=False)
 
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.api.v1_login_url}/login")
+AccessTokenDep = Annotated[HTTPAuthorizationCredentials, Depends(http_bearer)]
 
 
-async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
+async def get_current_user(
+    token: AccessTokenDep, verify_exp: bool = True, check_active: bool = False
+):
     credentials_exception = HTTPException(
         status_code=401,
         detail="Could not validate credentials",
         headers={"WWW-Authenticate": "Bearer"},
     )
     try:
-        payload = AuthManager.decode_access_token(token=token)
+        payload = AuthManager.decode_access_token(token.credentials, verify_exp)
         if payload is None:
             raise credentials_exception
         user = TokenData(**payload)
-    except InvalidTokenError:
+        if check_active and not user.is_active:
+            raise HTTPException(status_code=400, detail="Inactive user")
+    except (InvalidTokenError, AttributeError):
         raise credentials_exception
     return user
 
 
-CurrentUser = Annotated[TokenData, Depends(get_current_user)]
+async def get_current_user_basic(token: AccessTokenDep):
+    return await get_current_user(token, verify_exp=True, check_active=False)
 
 
-def get_current_active_user(
+async def get_current_active_user(token: AccessTokenDep):
-    current_user: CurrentUser,
+    return await get_current_user(token, verify_exp=True, check_active=True)
-):
-    if not current_user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
-    return current_user
 
 
+async def get_current_user_for_refresh(token: AccessTokenDep):
+    return await get_current_user(token, verify_exp=False, check_active=True)
+
+
+async def get_current_user_for_admin(token: AccessTokenDep):
+    admin = await get_current_user(token, verify_exp=True, check_active=True)
+    if not admin.is_superuser:
+        raise HTTPException(status_code=403, detail="Admin access required")
+    return admin
+
+
+CurrentUser = Annotated[TokenData, Depends(get_current_user_basic)]
 ActiveUser = Annotated[TokenData, Depends(get_current_active_user)]
-
+RefreshUser = Annotated[TokenData, Depends(get_current_user_for_refresh)]
-
+AdminUser = Annotated[TokenData, Depends(get_current_user_for_admin)]
-async def get_admin_user(db: sessionDep, current_user: ActiveUser):
-    await UserService(db).validate_admin_user(current_user.sub)
-    return current_user
-
-
-AdminUser = Annotated[TokenData, Depends(get_admin_user)]
-
-
-async def user_or_admin(db: sessionDep, current_user: ActiveUser, owner_id: int):
-    if current_user.id == owner_id:
-        return current_user
-    else:
-        admin = await get_admin_user(db, current_user)
-        return admin
-
-
-async def CurrentOrAdminOwner(
-    db: sessionDep, current_user: ActiveUser, id: Annotated[int, Path()]
-):
-    authorized_user = await user_or_admin(db, current_user, id)
-    if not authorized_user:
-        raise HTTPException(status_code=403, detail="Not authorized")
-    return authorized_user
-
-
-async def CurrentOrAdminTask(
-    db: sessionDep,
-    id: Annotated[int, Path()],
-    current_user: ActiveUser,
-):
-    task = await TaskService(db).get_task(id)
-    if not task:
-        raise HTTPException(status_code=404, detail="Task not found")
-
-    return await CurrentOrAdminOwner(db, current_user, task.user_id)
-
-
-OwnerDep = Annotated[TokenData, Depends(CurrentOrAdminOwner)]
-
-TaskOwnerDep = Annotated[TokenData, Depends(CurrentOrAdminTask)]

src/api/v1/auth.py

@@ -1,14 +1,19 @@
 from typing import Annotated
 
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Body, Cookie, Depends, Form, HTTPException, Response
 from fastapi.security import OAuth2PasswordRequestForm
 
 from src.api.dependacies.db_dep import sessionDep
+from src.api.dependacies.user_dep import ActiveUser, RefreshUser, http_bearer
 from src.core.settings import settings
+from src.schemas.auth import Token
 from src.schemas.users import UserRequestADD
 from src.services.auth import AuthService
+from src.services.users import UserService
 
-router = APIRouter(prefix=settings.api.v1.auth, tags=["Auth"])
+router = APIRouter(
+    prefix=settings.api.v1.auth, tags=["Auth"], dependencies=[Depends(http_bearer)]
+)
 
 
 @router.post(path="/signup")
@@ -17,12 +22,65 @@ async def registration(session: sessionDep, credential: UserRequestADD):
     return auth
 
 
-@router.post(path="/login")
+@router.post(path="/login", response_model=Token)
 async def login(
     session: sessionDep,
     credential: Annotated[OAuth2PasswordRequestForm, Depends()],
+    response: Response,
+    fingerprint: str = Form(min_length=5),
 ):
-    access_token = await AuthService(session).login(
+    result = await AuthService(session).login(
-        credential.username, credential.password
+        credential.username, credential.password, fingerprint=fingerprint
     )
-    return access_token
+    response.set_cookie(
+        key="refresh_token",
+        value=result["refresh_token"],
+        httponly=True,
+        samesite="lax",
+        path=settings.api.v1_login_url,
+        max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
+    )
+    return result
+
+
+@router.post(path="/refresh", response_model=Token)
+async def refresh(
+    session: sessionDep,
+    current_user: RefreshUser,
+    response: Response,
+    fingerprint: Annotated[str, Body(embed=True)],
+    refresh_token: Annotated[str | None, Cookie(name="refresh_token")] = None,
+):
+    if refresh_token is None:
+        raise HTTPException(status_code=401, detail="No refresh token")
+    result = await AuthService(session).refresh_tokens(
+        refresh_token, current_user, fingerprint
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=result["refresh_token"],
+        httponly=True,
+        samesite="lax",
+        path=settings.api.v1_login_url,
+        max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
+    )
+    return result
+
+
+@router.get("/me")
+async def get_me(session: sessionDep, user: ActiveUser):
+    cur_user = await UserService(session).get_user_by_filter_or_raise(id=user.id)
+    return cur_user
+
+
+@router.post(path="/logout")
+async def logout(
+    session: sessionDep,
+    response: Response,
+    refresh_token: Annotated[str | None, Cookie(name="refresh_token")] = None,
+):
+    if refresh_token is None:
+        raise HTTPException(status_code=401, detail="No refresh token")
+    await AuthService(session).delete_token(token=refresh_token)
+    response.delete_cookie(key="refresh_token")
+    return {"status": "ok"}

src/api/v1/tasks.py

@@ -1,25 +1,21 @@
 from typing import Annotated
 
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Body, Depends, HTTPException
 
 from src.api.dependacies.db_dep import sessionDep
-from src.api.dependacies.user_dep import ActiveUser, CurrentOrAdminTask, TaskOwnerDep
+from src.api.dependacies.user_dep import ActiveUser
-from src.schemas.auth import TokenData
+from src.schemas.tasks import TaskADDRequest, TaskPATCHRequest
-from src.schemas.tasks import TaskADDRequest
 from src.services.tasks import TaskService
-from src.services.users import UserService
 
 router = APIRouter(prefix="/tasks", tags=["Tasks"])
 
 
-@router.get("/")
-async def get_tasks(session: sessionDep, user: ActiveUser):
-    result = await UserService(session).get_user_with_tasks(user.id)
-    return result
-
-
 @router.get("/{id}")
-async def get_task_id(id: int): ...
+async def get_task_id(session: sessionDep, id: int, user: ActiveUser):
+    task = await TaskService(session).get_task(id)
+    if task.user_id != user.id and user.is_superuser is False:
+        raise HTTPException(status_code=403, detail="Forbidden")
+    return task
 
 
 @router.post("/")
@@ -34,10 +30,30 @@ async def post_task(
     return result
 
 
+@router.patch("/{id}")
+async def patch_task(
+    session: sessionDep,
+    id: int,
+    user: ActiveUser,
+    task_data: TaskPATCHRequest = Body(),
+):
+    if user.is_superuser is False:
+        task = await TaskService(session).get_task(id)
+        if task.user_id != user.id:
+            raise HTTPException(status_code=403, detail="Forbidden")
+    updated_task = await TaskService(session).update_task(id, task_data)
+    return updated_task
+
+
 @router.delete("/{id}")
 async def delete_task(
     session: sessionDep,
     id: int,
-    _: TaskOwnerDep,
+    user: ActiveUser,
 ):
+    if user.is_superuser is False:
+        task = await TaskService(session).get_task(id)
+        if task.user_id != user.id:
+            raise HTTPException(status_code=403, detail="Forbidden")
     await TaskService(session).delete_task(id)
+    return {"message": "Task deleted successfully"}

src/api/v1/users.py

@@ -1,10 +1,10 @@
-from fastapi import APIRouter, Body
+from fastapi import APIRouter, Body, HTTPException
 
 from src.api.dependacies.db_dep import sessionDep
+from src.api.dependacies.task_dep import FilterDep
 from src.api.dependacies.user_dep import (
     ActiveUser,
     AdminUser,
-    OwnerDep,
 )
 from src.core.settings import settings
 from src.schemas.users import UserUpdate
@@ -13,11 +13,6 @@ from src.services.users import UserService
 router = APIRouter(prefix=settings.api.v1.users, tags=["Users"])
 
 
-@router.get("/me")
-async def get_me(user: ActiveUser):
-    return user
-
-
 @router.get("/")
 async def get_all_users(session: sessionDep, _: AdminUser):
     users = await UserService(session).get_all_users()
@@ -25,18 +20,30 @@ async def get_all_users(session: sessionDep, _: AdminUser):
 
 
 @router.get("/{id}")
-async def get_user_by_id(session: sessionDep, id: int, _: OwnerDep):
+async def get_user_by_id(session: sessionDep, id: int, _: AdminUser):
     user = await UserService(session).get_user_by_filter_or_raise(id=id)
     return user
 
 
+@router.get("/{id}/tasks")
+async def get_user_tasks(
+    session: sessionDep, id: int, user: ActiveUser, filters: FilterDep
+):
+    if user.id != id and user.is_superuser is False:
+        raise HTTPException(status_code=403, detail="Forbidden")
+    tasks = await UserService(session).get_user_with_tasks(id, **filters.model_dump())
+    return tasks.tasks
+
+
 @router.patch("/{id}")
 async def patch_user(
     session: sessionDep,
     id: int,
-    _: OwnerDep,
+    user: ActiveUser,
     user_update: UserUpdate = Body(),
 ):
+    if user.id != id and user.is_superuser is False:
+        raise HTTPException(status_code=403, detail="Forbidden")
     updated_user = await UserService(session).update_user(
         id=id, update_data=user_update
     )
@@ -44,6 +51,6 @@ async def patch_user(
 
 
 @router.delete("/{id}")
-async def delete_user(session: sessionDep, id: int, _: AdminUser):
+async def delete_user(session: sessionDep, id: int, user: AdminUser):
     await UserService(session).delete_user(id)
     return {"message": "User deleted successfully"}

src/core/auth_manager.py

@@ -1,3 +1,4 @@
+import secrets
 from datetime import datetime, timedelta, timezone
 
 import jwt
@@ -35,9 +36,15 @@ class AuthManager:
         return encoded_jwt
 
     @classmethod
-    def decode_access_token(cls, token: str) -> dict:
+    def create_refresh_token(cls) -> str:
+        token_hash = secrets.token_urlsafe(32)
+        return token_hash
+
+    @classmethod
+    def decode_access_token(cls, token: str, verify_exp: bool = True) -> dict:
         return jwt.decode(
             token,
             settings.access_token.secret_key,
             algorithms=[settings.access_token.algorithm],
+            options={"verify_exp": verify_exp},
         )

src/core/database.py

@@ -6,7 +6,7 @@ from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column
 
 from src.core.settings import settings
 
-engine = create_async_engine(settings.db.url, echo=True)
+engine = create_async_engine(settings.db.url, echo=settings.db.echo)
 
 
 @event.listens_for(engine.sync_engine, "connect")

src/core/db_manager.py

@@ -2,6 +2,7 @@ from typing import Any
 
 from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker
 
+from src.repository.auth import AuthRepo
 from src.repository.tasks import TasksRepo
 from src.repository.users import UsersRepo
 
@@ -14,6 +15,7 @@ class DBManager:
         self.session: AsyncSession = self.session_factory()
         self.user = UsersRepo(self.session)
         self.task = TasksRepo(self.session)
+        self.auth = AuthRepo(self.session)
         return self
 
     async def __aexit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:

src/core/interfaces.py

@@ -1,15 +1,18 @@
-from typing import Any, Protocol
+from typing import TYPE_CHECKING, Any, Protocol
 
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from src.repository.tasks import TasksRepo
+if TYPE_CHECKING:
-from src.repository.users import UsersRepo
+    from src.repository.auth import AuthRepo
+    from src.repository.tasks import TasksRepo
+    from src.repository.users import UsersRepo
 
 
 class IUOWDB(Protocol):
     session: AsyncSession
-    user: UsersRepo
+    user: "UsersRepo"
-    task: TasksRepo
+    task: "TasksRepo"
+    auth: "AuthRepo"
 
     async def __aenter__(self) -> "IUOWDB": ...
 

src/core/settings.py

@@ -28,22 +28,28 @@ class ApiPrefix(BaseModel):
 
 class DbSettings(BaseModel):
     url: str = f"sqlite+aiosqlite:///{DB_PATH}"
+    echo: bool = False
 
 
-class AccessToken(BaseSettings):
+class AccessToken(BaseModel):
-    model_config = SettingsConfigDict(
+    expire_minutes: int
-        env_file=".env", env_file_encoding="utf-8", env_prefix="ACCESS_TOKEN_"
-    )
-    expire_minutes: int = 15
     secret_key: str
     algorithm: str = "HS256"
     token_type: str = "bearer"  # noqa: S105
 
 
+class RefreshToken(BaseModel):
+    expire_days: int
+
+
 class Settings(BaseSettings):
     api: ApiPrefix = ApiPrefix()
     db: DbSettings = DbSettings()
-    access_token: AccessToken = AccessToken()
+    access_token: AccessToken
+    refresh_token: RefreshToken
+    model_config = SettingsConfigDict(
+        env_file=".env", env_file_encoding="utf-8", env_nested_delimiter="__"
+    )
 
 
-settings = Settings()
+settings = Settings()  # type: ignore

src/migrations/versions/2025_09_08_1456-b879d3502c37_add_refresh_token.py

@@ -0,0 +1,48 @@
+"""add refresh token
+
+Revision ID: b879d3502c37
+Revises: 4b0f3ea2fd26
+Create Date: 2025-09-08 14:56:01.439089
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "b879d3502c37"
+down_revision: Union[str, None] = "4b0f3ea2fd26"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "refresh_tokens",
+        sa.Column("id", sa.Integer(), nullable=False),
+        sa.Column("token", sa.String(length=255), nullable=False),
+        sa.Column("user_id", sa.Integer(), nullable=False),
+        sa.Column(
+            "created_at",
+            sa.TIMESTAMP(timezone=True),
+            server_default=sa.text("(CURRENT_TIMESTAMP)"),
+            nullable=False,
+        ),
+        sa.ForeignKeyConstraint(
+            ["user_id"],
+            ["users.id"],
+        ),
+        sa.PrimaryKeyConstraint("id"),
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table("refresh_tokens")
+    # ### end Alembic commands ###

src/migrations/versions/2025_09_21_2016-5821f37941a8_expire_and_fingerprintjs_token.py

@@ -0,0 +1,45 @@
+"""expire and fingerprintjs token
+
+Revision ID: 5821f37941a8
+Revises: b879d3502c37
+Create Date: 2025-09-21 20:16:48.289050
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "5821f37941a8"
+down_revision: Union[str, None] = "b879d3502c37"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column(
+        "refresh_tokens",
+        sa.Column("fingerprint", sa.String(length=255), nullable=False),
+    )
+    op.add_column(
+        "refresh_tokens",
+        sa.Column(
+            "expired_at",
+            sa.TIMESTAMP(timezone=True),
+            server_default=sa.text("(datetime('now', '+7 days'))"),
+            nullable=False,
+        ),
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column("refresh_tokens", "expired_at")
+    op.drop_column("refresh_tokens", "fingerprint")
+    # ### end Alembic commands ###

src/models/__init__.py

@@ -1,7 +1,5 @@
 from src.models.tasks import TasksORM
+from src.models.tokens import RefreshTokensORM
 from src.models.users import UsersORM
 
-__all__ = [
+__all__ = ["UsersORM", "TasksORM", "RefreshTokensORM"]
-    "UsersORM",
-    "TasksORM",
-]

src/models/tokens.py

@@ -0,0 +1,21 @@
+from datetime import datetime
+
+from sqlalchemy import TIMESTAMP, ForeignKey, Integer, String, text
+from sqlalchemy.orm import Mapped, mapped_column
+
+from src.core.database import Base
+from src.core.settings import settings
+
+
+class RefreshTokensORM(Base):
+    __tablename__ = "refresh_tokens"
+    id: Mapped[int] = mapped_column(Integer, primary_key=True)
+    token: Mapped[str] = mapped_column(String(255), nullable=False)
+    user_id: Mapped[int] = mapped_column(Integer, ForeignKey("users.id"))
+    fingerprint: Mapped[str] = mapped_column(String(255), nullable=False)
+    expired_at: Mapped[datetime] = mapped_column(
+        TIMESTAMP(timezone=True),
+        server_default=text(
+            f"datetime('now', '+{settings.refresh_token.expire_days} days')"
+        ),
+    )

src/repository/auth.py

@@ -0,0 +1,6 @@
+from src.models.tokens import RefreshTokensORM
+from src.repository.base import BaseRepo
+
+
+class AuthRepo(BaseRepo[RefreshTokensORM]):
+    model: type[RefreshTokensORM] = RefreshTokensORM

src/repository/base.py

@@ -1,11 +1,9 @@
 from typing import Any, Generic, Mapping, Sequence, Type, TypeVar
 
-from sqlalchemy import delete, insert, select
+from sqlalchemy import delete, insert, select, update
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from src.core.database import Base
+ModelType = TypeVar("ModelType")
-
-ModelType = TypeVar("ModelType", bound=Base)
 
 
 class BaseRepo(Generic[ModelType]):
@@ -28,6 +26,10 @@ class BaseRepo(Generic[ModelType]):
         obj: ModelType = result.scalar_one()
         return obj
 
+    async def create_bulk(self, data: Sequence[Mapping[str, Any]]) -> list[ModelType]:
+        result = [await self.create_one(item) for item in data]
+        return result
+
     async def get_one_or_none(self, **filter_by: Any) -> ModelType | None:
         query = select(self.model).filter_by(**filter_by)
         result = await self.session.execute(query)
@@ -40,3 +42,11 @@ class BaseRepo(Generic[ModelType]):
 
     async def delete_one(self, **filter_by) -> None:
         await self.session.execute(delete(self.model).filter_by(**filter_by))
+
+    async def update_one(self, data: dict[str, Any], **filter_by: Any) -> ModelType:
+        stmt = (
+            update(self.model).filter_by(**filter_by).values(data).returning(self.model)
+        )
+        result = await self.session.execute(stmt)
+        model = result.scalar_one()
+        return model

src/repository/tasks.py

@@ -2,5 +2,5 @@ from src.models.tasks import TasksORM
 from src.repository.base import BaseRepo
 
 
-class TasksRepo(BaseRepo):
+class TasksRepo(BaseRepo[TasksORM]):
     model: type[TasksORM] = TasksORM

src/repository/users.py

@@ -1,4 +1,6 @@
-from sqlalchemy import select, update
+from datetime import date
+
+from sqlalchemy import func, select
 from sqlalchemy.orm import selectinload
 
 from src.models import UsersORM
@@ -6,30 +8,76 @@ from src.models.tasks import TasksORM
 from src.repository.base import BaseRepo
 
 
-class UsersRepo(BaseRepo):
+class UsersRepo(BaseRepo[UsersORM]):
     model: type[UsersORM] = UsersORM
 
-    async def update_one(self, id: int, data: dict) -> UsersORM:
+    async def get_one_with_load(
-        stmt = (
+        self,
-            update(self.model)
+        user_id: int,
-            .where(self.model.id == id)
+        status: str | None = None,
-            .values(data)
+        priority: str | None = None,
-            .returning(self.model)
+        tasks_limit: int | None = None,
+        tasks_offset: int | None = 0,
+        date_to: date | None = None,
+        date_from: date | None = None,
+    ) -> UsersORM | None:
+        filters_sq: dict = {"user_id": user_id}
+        if status:
+            filters_sq["status"] = status
+        if priority:
+            filters_sq["priority"] = priority
+        tasks_subquery = self._tasks_subquary(
+            date_from=date_from, date_to=date_to, **filters_sq
         )
-        result = await self.session.execute(stmt)
-        model = result.scalar_one()
-        return model
 
-    async def get_one_with_load(self, user_id: int) -> UsersORM | None:
+        if tasks_limit is not None:
-        quary = (
+            tasks_subquery = tasks_subquery.limit(tasks_limit)
+        if tasks_offset is not None and tasks_offset > 0:
+            tasks_subquery = tasks_subquery.offset(tasks_offset)
+        query = (
             select(self.model)
             .where(self.model.id == user_id)
             .options(
-                selectinload(self.model.tasks).load_only(
+                selectinload(
-                    TasksORM.id, TasksORM.title, TasksORM.due_date, TasksORM.priority
+                    self.model.tasks.and_(TasksORM.id.in_(tasks_subquery))
+                ).load_only(
+                    TasksORM.id,
+                    TasksORM.title,
+                    TasksORM.due_date,
+                    TasksORM.priority,
+                    TasksORM.status,
                 )
             )
         )
-        result = await self.session.execute(quary)
+        result = await self.session.execute(query)
         obj = result.scalar_one_or_none()
+        if obj and obj.tasks:
+            obj.tasks.sort(
+                key=lambda task: (
+                    task.due_date or date.max,
+                    -self._priority(task.priority),
+                )
+            )
         return obj
+
+    async def get_tasks_count(
+        self, date_from: date | None, date_to: date | None, **filter_by
+    ) -> int:
+        subq = self._tasks_subquary(date_from, date_to, **filter_by).subquery()
+        stmt = select(func.count()).select_from(subq)
+        result = await self.session.execute(stmt)
+        return result.scalar_one()
+
+    def _priority(self, priority: str):
+        priority_map = {"low": 1, "medium": 2, "high": 3, "critical": 4}
+        return priority_map.get(priority, 0)
+
+    def _tasks_subquary(
+        self, date_from: date | None, date_to: date | None, **filter_by
+    ):
+        subq = select(TasksORM.id).filter_by(**filter_by)
+        if date_from is not None:
+            subq = subq.filter(TasksORM.due_date >= date_from)
+        if date_to is not None:
+            subq = subq.filter(TasksORM.due_date <= date_to)
+        return subq

src/schemas/auth.py

@@ -1,12 +1,16 @@
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict, Field
 
 
 class Token(BaseModel):
     access_token: str
     token_type: str
+    model_config = ConfigDict(extra="ignore")
 
 
 class TokenData(BaseModel):
     id: int
-    sub: str
+    sub: str = Field(alias="username")
+    is_superuser: bool
     is_active: bool
+
+    model_config = ConfigDict(populate_by_name=True)

src/schemas/tasks.py

@@ -1,28 +1,52 @@
 from datetime import date
-from typing import Literal
+from enum import Enum
 
 from pydantic import BaseModel, ConfigDict
 
 
+class PriorityEnum(str, Enum):
+    low = "low"
+    medium = "medium"
+    high = "high"
+    critical = "critical"
+
+
+class StatusEnum(str, Enum):
+    open = "open"
+    closed = "closed"
+    in_progress = "in_progress"
+    todo = "todo"
+
+
 class TaskShort(BaseModel):
     title: str
     due_date: date | None = None
-    priority: Literal["low", "medium", "high", "critical"] = "medium"
+    priority: PriorityEnum = PriorityEnum.medium
     model_config = ConfigDict(from_attributes=True)
 
 
 class TaskWithId(TaskShort):
     id: int
+    status: str
 
 
 class TaskADDRequest(TaskShort):
     description: str | None = None
 
 
+class TaskPATCHRequest(BaseModel):
+    title: str | None = None
+    description: str | None = None
+    due_date: date | None = None
+    status: StatusEnum | None = None
+    priority: PriorityEnum | None = None
+    time_spent: int | None = None
+
+
 class Task(TaskADDRequest):
     id: int
     user_id: int
-    status: Literal["open", "closed", "in_progress", "todo"]
+    status: StatusEnum
     time_spent: int
 
     model_config = ConfigDict(from_attributes=True)

src/schemas/users.py

@@ -3,7 +3,7 @@ from typing import Annotated
 from pydantic import BaseModel, BeforeValidator, ConfigDict, EmailStr
 
 from src.schemas.tasks import TaskWithId
-from src.schemas.validators import ensure_password
+from src.schemas.validators import ensure_password, ensure_username
 
 
 class UserUpdate(BaseModel):
@@ -19,6 +19,8 @@ class User(BaseModel):
     username: str
     is_active: bool
     is_superuser: bool
+    telegram_id: int | None
+    avatar_path: str | None
     model_config = ConfigDict(from_attributes=True, extra="ignore")
 
 
@@ -36,7 +38,7 @@ class UserRequest(BaseModel):
 
 
 class UserRequestADD(BaseModel):
-    username: str
+    username: Annotated[str, BeforeValidator(ensure_username)]
     email: EmailStr | None = None
     password: Annotated[str, BeforeValidator(ensure_password)]
 

src/schemas/validators.py

@@ -1,11 +1,21 @@
 from typing import Any
 
 
-def ensure_password(value: Any) -> Any:
+def ensure_password(value: Any) -> str:
     if not isinstance(value, str):
         raise TypeError("Password must be a string")
+    value = value.strip()
     if len(value) < 8:
         raise ValueError("Password must be at least 8 characters")
-    if value.strip() == "":
+    elif value.strip() == "":
         raise ValueError("Password cannot be empty")
     return value
+
+
+def ensure_username(value: str) -> str:
+    value = value.strip()
+    if len(value) < 3:
+        raise ValueError("Username must be at least 3 characters")
+    elif value.lower() in ["admin", "moderator", "админ", "модератор"]:
+        raise ValueError("Login is already taken")
+    return value

src/services/auth.py

@@ -2,7 +2,7 @@ from fastapi import HTTPException
 
 from src.core.auth_manager import AuthManager
 from src.core.settings import settings
-from src.schemas.auth import Token
+from src.schemas.auth import TokenData
 from src.schemas.users import User, UserAdd, UserRequestADD, UserWithHashedPass
 from src.services.base import BaseService
 
@@ -19,25 +19,50 @@ class AuthService(BaseService):
         await self.session.commit()
         return User.model_validate(result)
 
-    async def login(self, username: str, password: str):
+    async def _tokens_create(self, user_data: TokenData, fingerprint: str):
+        access_token = AuthManager.create_access_token(user_data.model_dump())
+        refresh_token = AuthManager.create_refresh_token()
+        await self.session.auth.create_one({
+            "token": refresh_token,
+            "user_id": user_data.id,
+            "fingerprint": fingerprint,
+        })
+        return {
+            "access_token": access_token,
+            "token_type": settings.access_token.token_type,
+            "refresh_token": refresh_token,
+        }
+
+    async def login(self, username: str, password: str, fingerprint: str) -> dict:
+        login_exception = HTTPException(
+            status_code=401,
+            detail="Incorrect username or password",
+        )
         result = await self.session.user.get_one_or_none(username=username)
         if result is None:
-            raise HTTPException(
+            raise login_exception
-                status_code=401,
-                detail="Incorrect username or password",
-            )
         user = UserWithHashedPass.model_validate(result)
+        token_data = TokenData.model_validate(user.model_dump())
         verify = AuthManager.verify_password(
             plain_password=password, hashed_password=user.hashed_password
         )
         if not verify or user.is_active is False:
-            raise HTTPException(
+            raise login_exception
-                status_code=401,
+        tokens = await self._tokens_create(token_data, fingerprint)
-                detail="Incorrect username or password",
+        await self.session.commit()
-            )
+        return tokens
-        access_token = AuthManager.create_access_token(
+
-            data={"id": user.id, "sub": user.username, "is_active": user.is_active}
+    async def refresh_tokens(
-        )
+        self, refresh_token: str, user_data: TokenData, fingerprint: str
-        return Token(
+    ) -> dict:
-            access_token=access_token, token_type=settings.access_token.token_type
+        token_record = await self.session.auth.get_one_or_none(token=refresh_token)
-        )
+        if not token_record or token_record.user_id != user_data.id:
+            raise HTTPException(status_code=401, detail="Invalid refresh token")
+        token = await self._tokens_create(user_data, fingerprint)
+        await self.session.auth.delete_one(token=refresh_token)
+        await self.session.commit()
+        return token
+
+    async def delete_token(self, token: str) -> None:
+        await self.session.auth.delete_one(token=token)
+        await self.session.commit()

src/services/tasks.py

@@ -1,13 +1,10 @@
 from fastapi import HTTPException
 
-from src.models.tasks import TasksORM
+from src.schemas.tasks import Task, TaskADDRequest, TaskPATCHRequest
-from src.schemas.tasks import Task, TaskADDRequest
 from src.services.base import BaseService
 
 
 class TaskService(BaseService):
-    model = TasksORM
-
     async def create_task(self, user_id: int, task_data: TaskADDRequest) -> Task:
         user = await self.session.user.get_one_or_none(id=user_id)
         if user is None:
@@ -19,8 +16,23 @@ class TaskService(BaseService):
         return Task.model_validate(created_task_orm)
 
     async def get_task(self, task_id: int):
-        return await self.session.task.get_one_or_none(id=task_id)
+        task = await self.session.task.get_one_or_none(id=task_id)
+        if task is None:
+            raise HTTPException(status_code=404, detail="Task not found.")
+        return Task.model_validate(task)
 
     async def delete_task(self, task_id: int):
         await self.session.task.delete_one(id=task_id)
         await self.session.commit()
+
+    async def update_task(
+        self,
+        task_id: int,
+        task_data: TaskPATCHRequest,
+        exclude_unset: bool = True,
+    ):
+        task = await self.session.task.update_one(
+            data=task_data.model_dump(exclude_unset=exclude_unset), id=task_id
+        )
+        await self.session.commit()
+        return Task.model_validate(task)

src/services/users.py

@@ -34,13 +34,25 @@ class UserService(BaseService):
     async def update_user(self, id: int, update_data: UserUpdate) -> User:
         await self.get_user_by_filter_or_raise(id=id)
         user = await self.session.user.update_one(
-            id=id, data=update_data.model_dump(exclude_unset=True)
+            data=update_data.model_dump(exclude_unset=True), id=id
         )
         await self.session.commit()
         return User.model_validate(user)
 
-    async def get_user_with_tasks(self, user_id: int):
+    async def get_user_with_tasks(self, user_id: int, **attrs):
-        user = await self.session.user.get_one_with_load(user_id)
+        if attrs.get("page") and attrs.get("limit"):
+            tasks_offset = (attrs.get("page", 0) - 1) * attrs.get("limit")
+        else:
+            tasks_offset = None
+        user = await self.session.user.get_one_with_load(
+            user_id=user_id,
+            status=attrs.get("status"),
+            priority=attrs.get("priority"),
+            tasks_limit=attrs.get("limit"),
+            tasks_offset=tasks_offset,
+            date_from=attrs.get("date_from"),
+            date_to=attrs.get("date_to"),
+        )
         if user is None:
             raise HTTPException(status_code=404, detail="User not found.")
         return UserWithTasks.model_validate(user)

tests/conftest.py

@@ -0,0 +1,77 @@
+import pytest
+from httpx import ASGITransport, AsyncClient
+from sqlalchemy import NullPool, insert
+from sqlalchemy.ext.asyncio import async_sessionmaker, create_async_engine
+
+from src.api.dependacies.db_dep import get_db
+from src.core.auth_manager import AuthManager
+from src.core.database import Base
+from src.core.db_manager import DBManager
+from src.core.settings import settings
+from src.main import app
+from src.models import *  # noqa: F403
+
+engine_null_pool = create_async_engine(
+    "sqlite+aiosqlite:///tests/test_db.db", poolclass=NullPool
+)
+test_session_maker = async_sessionmaker(engine_null_pool, expire_on_commit=False)
+
+
+class TestDBManager(DBManager):
+    def __init__(self):
+        self.session_factory = test_session_maker
+
+
+async def get_test_db():
+    async with TestDBManager() as db:
+        yield db
+
+
+@pytest.fixture(scope="function")
+async def db():
+    async for db in get_test_db():
+        yield db
+
+
+@pytest.fixture(scope="function")
+async def ac():
+    async with AsyncClient(
+        transport=ASGITransport(app=app), base_url="http://test"
+    ) as ac:
+        yield ac
+
+
+app.dependency_overrides[get_db] = get_test_db
+
+
+@pytest.fixture(scope="session", autouse=True)
+async def setup_database():
+    async with engine_null_pool.begin() as conn:
+        await conn.run_sync(Base.metadata.drop_all)
+        await conn.run_sync(Base.metadata.create_all)
+
+
+@pytest.fixture(scope="session", autouse=True)
+async def add_admin(setup_database):
+    hashed_pass = AuthManager.get_password_hash("admin")
+    user_admin = {
+        "username": "admin",
+        "hashed_password": hashed_pass,
+        "is_superuser": True,
+    }
+    async with test_session_maker() as conn:
+        result = await conn.execute(
+            insert(UsersORM).values(user_admin).returning(UsersORM)  # noqa: F405
+        )
+        await conn.commit()
+        admin = result.scalar_one()
+    assert admin.is_superuser is True
+
+
+@pytest.fixture
+def auth_token(ac, add_admin):
+    response = ac.post(
+        f"{settings.api.v1_login_url}/login",
+        data={"username": "admin", "password": "admin"},
+    )
+    return response.json()["access_token"]

tests/integration_tests/test_auth_api.py

@@ -0,0 +1,45 @@
+import pytest
+from httpx import AsyncClient
+
+from src.core.settings import settings
+from src.schemas.users import User
+
+
+async def test_registration(ac):
+    user = {"username": "kot", "email": "super@kot.ru", "password": "P@ssw0rd"}
+    result = await ac.post(
+        f"{settings.api.v1_login_url}/signup",
+        json=user,
+    )
+    assert result.status_code == 200
+    assert User.model_validate(result.json())
+    assert result.json()["is_active"]
+
+
+@pytest.mark.parametrize(
+    "fingerprint, username,password,expected_status",
+    [("string", "kot", "P@ssw0rd", 200), ("", "kot", "P@ssw0rd", 422)],
+)
+async def test_login(
+    ac: AsyncClient,
+    fingerprint: str,
+    username: str,
+    password: str,
+    expected_status: int,
+):
+    result = await ac.post(
+        f"{settings.api.v1_login_url}/login",
+        data={
+            "fingerprint": fingerprint,
+            "grant_type": "password",
+            "username": username,
+            "password": password,
+        },
+    )
+    assert result.status_code == expected_status
+    if expected_status == 200:
+        assert result.json().get("access_token") is not None
+    else:
+        json_response = result.json()
+        if expected_status == 422:
+            assert "detail" in json_response

tests/mock_tasks.json

@@ -0,0 +1,38 @@
+[
+    {
+        "title": "test1",
+        "description": "test1",
+        "due_date": "2026-06-01",
+        "status": "open",
+        "priority": "medium"
+    },
+    {
+        "title": "test2",
+        "description": "test2",
+        "due_date": "2026-06-01",
+        "status": "open",
+        "priority": "high"
+
+    },
+    {
+        "title": "test3",
+        "description": "test3",
+        "due_date": "2026-06-02",
+        "status": "todo",
+        "priority": "medium"
+    },
+    {
+        "title": "test4",
+        "description": "test4",
+        "due_date": "2026-06-02",
+        "status": "open",
+        "priority": "high"
+    },
+    {
+        "title": "test5",
+        "description": "test5",
+        "due_date": "2026-06-02",
+        "status": "todo",
+        "priority": "low"
+    }
+]

tests/unit_tests/test_auth_jwt.py

@@ -0,0 +1,10 @@
+from src.core.auth_manager import AuthManager
+
+
+async def test_jwt():
+    token = AuthManager.create_access_token(
+        data={"id": 1, "sub": "testuser", "is_active": "True"}
+    )
+    assert token
+    encode_token = AuthManager.decode_access_token(token=token)
+    assert encode_token["id"] == 1 and encode_token["sub"] == "testuser"

tests/unit_tests/test_repo_db.py

@@ -0,0 +1,86 @@
+import json
+from datetime import datetime
+from typing import TYPE_CHECKING
+
+from src.models.users import UsersORM
+from src.schemas.users import User
+
+if TYPE_CHECKING:
+    from tests.conftest import TestDBManager
+
+
+async def test_user_crud(db: "TestDBManager"):
+    data = {
+        "username": "test",
+        "hashed_password": "hashed_pass",
+        "email": "test@mail.ru",
+        "is_active": True,
+        "is_superuser": False,
+    }
+    user = await db.user.create_one(data=data)
+    assert user.username == data["username"]
+    filtered_user = await db.user.get_filtered(username=data["username"])
+    assert filtered_user[0] == user
+    new_user = User.model_validate(user)
+    new_user.username = "Test2"
+    new_user.email = None
+    await db.user.update_one(id=new_user.id, data=User.model_dump(new_user))
+    updated_user = await db.user.get_one_or_none(id=new_user.id)
+    assert updated_user
+    assert updated_user.username == new_user.username
+    assert not updated_user.email
+    await db.user.delete_one(id=updated_user.id)
+    delete_user = await db.user.get_one_or_none(id=new_user.id)
+    assert not delete_user
+
+
+async def test_tasks_user(db: "TestDBManager"):
+    with open("tests/mock_tasks.json") as jsonfile:
+        data = json.load(jsonfile)
+    admin_user: UsersORM | None = await db.user.get_one_or_none(id=1)
+    assert admin_user
+    data = [
+        {
+            **item,
+            "user_id": admin_user.id,
+            "due_date": datetime.strptime(item["due_date"], "%Y-%m-%d"),
+        }
+        for item in data
+    ]
+    result = await db.task.create_bulk(data)
+    await db.commit()
+    assert result
+    tasks = await db.task.get_filtered(user_id=admin_user.id)
+    assert tasks
+    user_with_tasks = await db.user.get_one_with_load(user_id=admin_user.id)
+    assert user_with_tasks
+    assert user_with_tasks.tasks
+
+
+async def test_tasks_crud(db: "TestDBManager"):
+    data = {
+        "title": "test_tasks_crud",
+        "description": "test",
+        "due_date": datetime.now(),
+        "status": "open",
+        "priority": "medium",
+        "user_id": 1,
+    }
+    task = await db.task.create_one(data)
+    assert task
+    assert task.title == data["title"]
+    assert task.description == data["description"]
+    assert task.due_date == data["due_date"].date()
+    assert task.status == data["status"]
+    assert task.priority == data["priority"]
+    assert task.user_id == data["user_id"]
+    assert task.created_at is not None
+    find_task = await db.task.get_filtered(title=data["title"])
+    assert find_task
+    assert find_task[0].title == task.title
+    data["title"] = "test2"
+    task = await db.task.update_one(id=task.id, data=data)
+    assert task.title == data["title"]
+    await db.task.delete_one(id=task.id)
+    task = await db.task.get_one_or_none(id=task.id)
+    assert not task