Merge branch 'main' into 3-problems-data

Author: asp3cto

.env.auth

@@ -6,5 +6,4 @@
 JWT_SECRET="Den Pidr:)"
 ALGORITHM="RS256"
 # for testing
-# ACCESS_TOKEN_EXPIRE_MINUTES=1
-# REFRESH_TOKEN_EXPIRE_MINUTES=2
+# ACCESS_TOKEN_EXPIRE_MINUTES=1

.gitignore

@@ -164,4 +164,4 @@ logfile
 venv*
 .env*
 traefik.toml
-*venv/
+*venv/

README.md

@@ -7,7 +7,7 @@ FastAPI server for organizing leetcode progress
 # start app
 docker compose up --build
 ```
-If error occurs when binding port 80 for Traefik, it means that Apache is already launched on it:
+# Testing
 ```bash
-sudo service apache2 stop
+docker compose exec auth_server pytest tests/ -v -s
 ```

auth_server/api_v1/users/dependencies.py

@@ -1,21 +1,23 @@
-"Dependencies for endpoints.py"
+"""
+Dependencies for endpoints.py
+"""
+
 from typing import Annotated
 
-from fastapi import Cookie, Depends, HTTPException, Response, status
+from fastapi import Cookie, Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordRequestForm
-from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
-from jwt import ExpiredSignatureError, InvalidTokenError
+from jwt import InvalidTokenError
 
 
 from core.models import pg_db_helper, User
-from auth.utils import decode_jwt, encode_jwt, validate_password
+from auth.utils import decode_jwt, validate_password
 from api_v1.users.crud import get_user_by_username, get_user_by_id
 
 
 async def validate_auth_user_password(
     form_data: OAuth2PasswordRequestForm = Depends(),
-    session: AsyncSession = Depends(pg_db_helper.get_scoped_session),
+    session: AsyncSession = Depends(pg_db_helper.scoped_session_dependency),
 ):
     """
     Helper Function for login route to check a user by password
@@ -46,67 +48,53 @@ async def validate_auth_user_password(
     return user_from_db
 
 
-async def validate_tokens(
-    response: Response,
+async def validate_access_token(
     access_token: Annotated[str | None, Cookie()] = None,
-    refresh_token: Annotated[str | None, Cookie()] = None,
 ) -> dict:
-    if not refresh_token:
+    if not access_token:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="user is not logged in",
         )
-    refresh_payload = {}
+    token_payload = {}
     try:
-        refresh_payload = decode_jwt(
-            token=refresh_token,
+        token_payload = decode_jwt(
+            token=access_token,
         )
     except InvalidTokenError as e:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             # NOTE: REMOVE EXCEPTION IN PROD
-            detail=f"invalid refresh token error: {e}",
-        )
-    # if we dont need to create new access_token, use old one as new :)
-    new_access_token = access_token
-    # if access_token is expired, generate new one
-    try:
-        decode_jwt(
-            token=access_token,
+            detail=f"invalid access token error: {e}",
         )
-    except ExpiredSignatureError as e:
-        new_access_token = encode_jwt(payload={"sub": refresh_payload["sub"]})
-
-    # return new access token to set to cookie
-    response.set_cookie("access_token", new_access_token)
-    return refresh_payload
+    return token_payload
 
 
-async def get_current_refresh_token_payload(
-    refresh_token: Annotated[str | None, Cookie()] = None,
+async def get_current_access_token_payload(
+    access_token: Annotated[str | None, Cookie()] = None,
 ) -> dict:
-    if not refresh_token:
+    if not access_token:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="user is not logged in",
         )
     payload = {}
     try:
         payload = decode_jwt(
-            token=refresh_token,
+            token=access_token,
         )
     except InvalidTokenError as e:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             # NOTE: REMOVE EXCEPTION IN PROD
-            detail=f"invalid refresh token error: {e}",
+            detail=f"invalid access token error: {e}",
         )
     return payload
 
 
 async def get_current_auth_user(
-    payload: dict = Depends(get_current_refresh_token_payload),
-    session: AsyncSession = Depends(pg_db_helper.get_scoped_session),
+    payload: dict = Depends(get_current_access_token_payload),
+    session: AsyncSession = Depends(pg_db_helper.scoped_session_dependency),
 ) -> User:
     id: int | None = payload.get("sub")
 

auth_server/api_v1/users/endpoints.py

@@ -1,4 +1,6 @@
-"""Endpoints in users router"""
+"""
+Endpoints in users router
+"""
 
 from typing import Annotated
 
@@ -19,12 +21,11 @@
 from auth import (
     hash_password,
     encode_jwt,
-    encode_refresh_jwt,
 )
 from api_v1.users.crud import check_user_by_username, create_user
 from api_v1.users.dependencies import (
     validate_auth_user_password,
-    validate_tokens,
+    validate_access_token,
     get_current_auth_user,
 )
 
@@ -49,15 +50,11 @@ async def register_user(
     user: UserIn,
     session: AsyncSession = Depends(pg_db_helper.scoped_session_dependency),
     access_token: Annotated[str | None, Cookie()] = None,
-    refresh_token: Annotated[str | None, Cookie()] = None,
 ) -> UserOut:
     # removing access_token cookie
     headers = {}
-    if refresh_token:
-        response.delete_cookie("refresh_token")
     if access_token:
         response.delete_cookie("access_token")
-    if refresh_token or access_token:
         headers = {"set-cookie": response.headers["set-cookie"]}
     # check if user already in db
     if await check_user_by_username(session=session, username=user.username):
@@ -86,18 +83,8 @@ async def login_user(
         httponly=True,
         samesite="lax",
     )
-    refresh_token_value = encode_refresh_jwt(
-        payload={"sub": user.id},
-    )
-    response.set_cookie(
-        key="refresh_token",
-        value=f"{refresh_token_value}",
-        httponly=True,
-        samesite="lax",
-    )
     return TokenInfo(
         access_token=access_token_value,
-        refresh_token=refresh_token_value,
         token_type="Bearer",
     )
 
@@ -106,25 +93,22 @@ async def login_user(
 async def logout_user(
     response: Response,
     access_token: Annotated[str | None, Cookie()] = None,
-    refresh_token: Annotated[str | None, Cookie()] = None,
 ):
     if not access_token:
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail="User isnt logged in"
         )
     response.delete_cookie("access_token")
-    if refresh_token:
-        response.delete_cookie("refresh_token")
     return {"detail": "Logged out"}
 
 
 @router.get("/validate/")
 async def validate_token(
-    refresh_payload=Depends(validate_tokens),
+    token_payload=Depends(validate_access_token),
     user: User = Depends(get_current_auth_user),
 ):
     return {
         "username": user.username,
         "email": user.email,
-        "exp": refresh_payload["exp"],
+        "exp": token_payload["exp"],
     }

auth_server/api_v1/users/schemas.py

@@ -22,5 +22,4 @@ class UserOut(UserBase): ...
 
 class TokenInfo(BaseModel):
     access_token: str
-    refresh_token: str
     token_type: str

auth_server/app.py

@@ -1,7 +1,7 @@
 """
 Main project module
 This app is responsible for all authorization processes
-and is based on JWT on cookie with access and refresh tokens
+and is based on JWT on cookie with access token
 """
 
 from contextlib import asynccontextmanager

auth_server/auth/__init__.py

@@ -3,13 +3,11 @@
     "validate_password",
     "encode_jwt",
     "decode_jwt",
-    "encode_refresh_jwt",
 )
 
 from .utils import (
     hash_password,
     validate_password,
     encode_jwt,
     decode_jwt,
-    encode_refresh_jwt,
 )

auth_server/auth/utils.py

@@ -39,12 +39,3 @@ def decode_jwt(
 ) -> dict:
     decoded = jwt.decode(token, public_key, algorithms=[algorithm])
     return decoded
-
-
-def encode_refresh_jwt(
-    payload: dict,
-    private_key: str = settings.private_key_path.read_text(),
-    algorithm: str = settings.algorithm,
-    expire_minutes: int = settings.refresh_token_expire_minutes,
-):
-    return encode_jwt(payload, private_key, algorithm, expire_minutes)

auth_server/core/config.py

@@ -21,7 +21,6 @@ class Settings(BaseSettings):
     public_key_path: Path = BASE_DIR / "auth" / "certs" / "jwt-public.pem"
     algorithm: str = "RS256"
     access_token_expire_minutes: int = 10
-    refresh_token_expire_minutes: int = 60 * 24 * 7
     # pg: PostgresSettings = PostgresSettings()
     # jwt: JWTSettings = JWTSettings()
 

auth_server/core/models/helper.py

@@ -1,9 +1,9 @@
 """Module with database helper class"""
 
 from asyncio import current_task
+from typing import AsyncGenerator
 
 from sqlalchemy.ext.asyncio import (
-    AsyncSession,
     create_async_engine,
     async_sessionmaker,
     async_scoped_session,
@@ -31,12 +31,12 @@ def get_scoped_session(self):
         )
         return session
 
-    async def session_dependency(self) -> AsyncSession:
+    async def session_dependency(self) -> AsyncGenerator:
         async with self.session_factory() as session:
             yield session
             await session.close()
 
-    async def scoped_session_dependency(self) -> AsyncSession:
+    async def scoped_session_dependency(self) -> AsyncGenerator:
         session = self.get_scoped_session()
         yield session
         await session.close()

auth_server/core/models/user.py

@@ -1,7 +1,5 @@
 """Module with User model for db"""
 
-from typing import Optional
-
 from sqlalchemy import String, LargeBinary, sql
 from sqlalchemy.orm import Mapped, mapped_column
 
@@ -12,6 +10,6 @@ class User(Base):
     """User model for db"""
 
     username: Mapped[str] = mapped_column(String(30), unique=True)
-    email: Mapped[Optional[str]]
+    email: Mapped[str | None]
     is_active: Mapped[bool] = mapped_column(server_default=sql.true())
     hashed_password: Mapped[bytes] = mapped_column(LargeBinary())

auth_server/pyproject.toml

@@ -0,0 +1,5 @@
+[tool.pytest.ini_options]
+pythonpath = [
+  ".", ".",
+]
+asyncio_mode="auto" 

auth_server/tests/conftest.py

@@ -0,0 +1,54 @@
+"""Configurations for pytest"""
+
+from typing import AsyncGenerator
+from fastapi.testclient import TestClient
+from httpx import AsyncClient
+
+import pytest
+from sqlalchemy import NullPool
+from sqlalchemy.orm import sessionmaker
+from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
+
+from core.models.helper import pg_db_helper
+from core.models import User
+from core.config import settings
+from app import app
+
+
+TEST_DB_URL = (
+    f"postgresql+asyncpg://auth:{settings.postgres_password}@postgres_test/auth"
+)
+
+engine_test = create_async_engine(TEST_DB_URL, poolclass=NullPool)
+async_session_maker = sessionmaker(
+    engine_test, class_=AsyncSession, expire_on_commit=False
+)
+
+
+async def override_get_async_session() -> AsyncGenerator[AsyncSession, None]:
+    async with async_session_maker() as session:
+        yield session
+
+
+app.dependency_overrides[pg_db_helper.scoped_session_dependency] = (
+    override_get_async_session
+)
+User.metadata.bind = engine_test
+
+
+@pytest.fixture(autouse=True, scope="session")
+async def prepare_database():
+    async with engine_test.begin() as conn:
+        await conn.run_sync(User.metadata.create_all)
+    yield
+    async with engine_test.begin() as conn:
+        await conn.run_sync(User.metadata.drop_all)
+
+
+client = TestClient(app)
+
+
+@pytest.fixture(scope="session")
+async def ac() -> AsyncGenerator[AsyncClient, None]:
+    async with AsyncClient(app=app, base_url="http://test") as ac:
+        yield ac