counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reviewed

Browse source
This commit is contained in:
counterweight 2025-12-20 22:38:39 +01:00
parent a56a4c076a
commit a31bd8246c
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
10 changed files with 15 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/auth.py
View file

@ -15,6 +15,7 @@ SECRET_KEY = os.environ["SECRET_KEY"] # Required - see .env.example
ALGORITHM = "HS256" ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24 * 7 # 7 days ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24 * 7 # 7 days
COOKIE_NAME = "auth_token" COOKIE_NAME = "auth_token"
COOKIE_SECURE = os.environ.get("COOKIE_SECURE", "false").lower() == "true"
def verify_password(plain_password: str, hashed_password: str) -> bool: def verify_password(plain_password: str, hashed_password: str) -> bool:

3
backend/env.example
View file

@ -9,6 +9,9 @@ SECRET_KEY=
# Database URL # Database URL
DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/arbret DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/arbret
# Cookie security: set to "true" in production with HTTPS
COOKIE_SECURE=false
# Dev user credentials (regular user) # Dev user credentials (regular user)
DEV_USER_EMAIL= DEV_USER_EMAIL=
DEV_USER_PASSWORD= DEV_USER_PASSWORD=

1
backend/main.py
View file

@ -38,3 +38,4 @@ app.include_router(counter_routes.router)
app.include_router(audit_routes.router) app.include_router(audit_routes.router)
app.include_router(profile_routes.router) app.include_router(profile_routes.router)
app.include_router(invites_routes.router) app.include_router(invites_routes.router)
app.include_router(invites_routes.admin_router)

1
backend/routes/audit.py
View file

@ -114,4 +114,3 @@ async def get_sum_records(
per_page=per_page, per_page=per_page,
total_pages=total_pages, total_pages=total_pages,
) )

4
backend/routes/auth.py
View file

@ -8,6 +8,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
from auth import ( from auth import (
ACCESS_TOKEN_EXPIRE_MINUTES, ACCESS_TOKEN_EXPIRE_MINUTES,
COOKIE_NAME, COOKIE_NAME,
COOKIE_SECURE,
get_password_hash, get_password_hash,
get_user_by_email, get_user_by_email,
authenticate_user, authenticate_user,
@ -30,7 +31,7 @@ def set_auth_cookie(response: Response, token: str) -> None:
key=COOKIE_NAME, key=COOKIE_NAME,
value=token, value=token,
httponly=True, httponly=True,
secure=False, # Set to True in production with HTTPS secure=COOKIE_SECURE,
samesite="lax", samesite="lax",
max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60, max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
) )
@ -132,4 +133,3 @@ async def get_me(
) -> UserResponse: ) -> UserResponse:
"""Get the current authenticated user's info.""" """Get the current authenticated user's info."""
return await build_user_response(current_user, db) return await build_user_response(current_user, db)

1
backend/routes/counter.py
View file

@ -51,4 +51,3 @@ async def increment_counter(
db.add(record) db.add(record)
await db.commit() await db.commit()
return {"value": counter.value} return {"value": counter.value}

28
backend/routes/invites.py
View file

@ -20,7 +20,8 @@ from schemas import (
) )
router = APIRouter(tags=["invites"]) router = APIRouter(prefix="/api/invites", tags=["invites"])
admin_router = APIRouter(prefix="/api/admin", tags=["admin"])
MAX_INVITE_COLLISION_RETRIES = 3 MAX_INVITE_COLLISION_RETRIES = 3
@ -41,11 +42,7 @@ def build_invite_response(invite: Invite) -> InviteResponse:
) )
# ============================================================================= @router.get("/{identifier}/check", response_model=InviteCheckResponse)
# Public Endpoints
# =============================================================================
@router.get("/api/invites/{identifier}/check", response_model=InviteCheckResponse)
async def check_invite( async def check_invite(
identifier: str, identifier: str,
db: AsyncSession = Depends(get_db), db: AsyncSession = Depends(get_db),
@ -69,11 +66,7 @@ async def check_invite(
return InviteCheckResponse(valid=True, status=invite.status.value) return InviteCheckResponse(valid=True, status=invite.status.value)
# ============================================================================= @router.get("", response_model=list[UserInviteResponse])
# User Endpoints (requires VIEW_OWN_INVITES permission)
# =============================================================================
@router.get("/api/invites", response_model=list[UserInviteResponse])
async def get_my_invites( async def get_my_invites(
db: AsyncSession = Depends(get_db), db: AsyncSession = Depends(get_db),
current_user: User = Depends(require_permission(Permission.VIEW_OWN_INVITES)), current_user: User = Depends(require_permission(Permission.VIEW_OWN_INVITES)),
@ -100,11 +93,7 @@ async def get_my_invites(
] ]
# ============================================================================= @admin_router.get("/users", response_model=list[AdminUserResponse])
# Admin Endpoints (requires MANAGE_INVITES permission)
# =============================================================================
@router.get("/api/admin/users", response_model=list[AdminUserResponse])
async def list_users_for_admin( async def list_users_for_admin(
db: AsyncSession = Depends(get_db), db: AsyncSession = Depends(get_db),
_current_user: User = Depends(require_permission(Permission.MANAGE_INVITES)), _current_user: User = Depends(require_permission(Permission.MANAGE_INVITES)),
@ -115,7 +104,7 @@ async def list_users_for_admin(
return [AdminUserResponse(id=u.id, email=u.email) for u in users] return [AdminUserResponse(id=u.id, email=u.email) for u in users]
@router.post("/api/admin/invites", response_model=InviteResponse) @admin_router.post("/invites", response_model=InviteResponse)
async def create_invite( async def create_invite(
data: InviteCreate, data: InviteCreate,
db: AsyncSession = Depends(get_db), db: AsyncSession = Depends(get_db),
@ -163,7 +152,7 @@ async def create_invite(
return build_invite_response(invite) return build_invite_response(invite)
@router.get("/api/admin/invites", response_model=PaginatedInviteRecords) @admin_router.get("/invites", response_model=PaginatedInviteRecords)
async def list_all_invites( async def list_all_invites(
page: int = Query(1, ge=1), page: int = Query(1, ge=1),
per_page: int = Query(10, ge=1, le=100), per_page: int = Query(10, ge=1, le=100),
@ -216,7 +205,7 @@ async def list_all_invites(
) )
@router.post("/api/admin/invites/{invite_id}/revoke", response_model=InviteResponse) @admin_router.post("/invites/{invite_id}/revoke", response_model=InviteResponse)
async def revoke_invite( async def revoke_invite(
invite_id: int, invite_id: int,
db: AsyncSession = Depends(get_db), db: AsyncSession = Depends(get_db),
@ -244,4 +233,3 @@ async def revoke_invite(
await db.refresh(invite) await db.refresh(invite)
return build_invite_response(invite) return build_invite_response(invite)

1
backend/routes/profile.py
View file

@ -91,4 +91,3 @@ async def update_profile(
nostr_npub=current_user.nostr_npub, nostr_npub=current_user.nostr_npub,
godfather_email=godfather_email, godfather_email=godfather_email,
) )

1
backend/routes/sum.py
View file

@ -28,4 +28,3 @@ async def calculate_sum(
db.add(record) db.add(record)
await db.commit() await db.commit()
return SumResponse(a=data.a, b=data.b, result=result) return SumResponse(a=data.a, b=data.b, result=result)

45
backend/schemas.py
View file

@ -5,10 +5,6 @@ from typing import Generic, TypeVar
from pydantic import BaseModel, EmailStr from pydantic import BaseModel, EmailStr
# =============================================================================
# Auth Schemas
# =============================================================================
class UserCredentials(BaseModel): class UserCredentials(BaseModel):
"""Base model for user email/password.""" """Base model for user email/password."""
email: EmailStr email: EmailStr
@ -27,13 +23,6 @@ class UserResponse(BaseModel):
permissions: list[str] permissions: list[str]
class TokenResponse(BaseModel):
"""Response model for token-based auth (unused but kept for API completeness)."""
access_token: str
token_type: str
user: UserResponse
class RegisterWithInvite(BaseModel): class RegisterWithInvite(BaseModel):
"""Request model for registration with invite.""" """Request model for registration with invite."""
email: EmailStr email: EmailStr
@ -41,19 +30,6 @@ class RegisterWithInvite(BaseModel):
invite_identifier: str invite_identifier: str
# =============================================================================
# Counter Schemas
# =============================================================================
class CounterValue(BaseModel):
"""Response model for counter value."""
value: int
# =============================================================================
# Sum Schemas
# =============================================================================
class SumRequest(BaseModel): class SumRequest(BaseModel):
"""Request model for sum calculation.""" """Request model for sum calculation."""
a: float a: float
@ -67,10 +43,6 @@ class SumResponse(BaseModel):
result: float result: float
# =============================================================================
# Audit Schemas
# =============================================================================
class CounterRecordResponse(BaseModel): class CounterRecordResponse(BaseModel):
"""Response model for a counter audit record.""" """Response model for a counter audit record."""
id: int id: int
@ -90,10 +62,6 @@ class SumRecordResponse(BaseModel):
created_at: datetime created_at: datetime
# =============================================================================
# Pagination (Generic)
# =============================================================================
RecordT = TypeVar("RecordT", bound=BaseModel) RecordT = TypeVar("RecordT", bound=BaseModel)
@ -110,10 +78,6 @@ PaginatedCounterRecords = PaginatedResponse[CounterRecordResponse]
PaginatedSumRecords = PaginatedResponse[SumRecordResponse] PaginatedSumRecords = PaginatedResponse[SumRecordResponse]
# =============================================================================
# Profile Schemas
# =============================================================================
class ProfileResponse(BaseModel): class ProfileResponse(BaseModel):
"""Response model for profile data.""" """Response model for profile data."""
contact_email: str | None contact_email: str | None
@ -131,10 +95,6 @@ class ProfileUpdate(BaseModel):
nostr_npub: str | None = None nostr_npub: str | None = None
# =============================================================================
# Invite Schemas
# =============================================================================
class InviteCheckResponse(BaseModel): class InviteCheckResponse(BaseModel):
"""Response for invite check endpoint.""" """Response for invite check endpoint."""
valid: bool valid: bool
@ -174,12 +134,7 @@ class UserInviteResponse(BaseModel):
PaginatedInviteRecords = PaginatedResponse[InviteResponse] PaginatedInviteRecords = PaginatedResponse[InviteResponse]
# =============================================================================
# Admin Schemas
# =============================================================================
class AdminUserResponse(BaseModel): class AdminUserResponse(BaseModel):
"""Minimal user info for admin dropdowns.""" """Minimal user info for admin dropdowns."""
id: int id: int
email: str email: str