fbebe10711
Implemented complete JWT-based authentication system with RBAC: **Tests (TDD Approach):** - Created contract tests for /api/v1/auth/login endpoint - Created contract tests for /api/v1/auth/logout endpoint - Created unit tests for AuthService (login, logout, validate_token, password hashing) - Created pytest configuration and fixtures (test DB, test users, tokens) **Schemas:** - LoginRequest: username/password validation - TokenResponse: access_token, refresh_token, user info - LogoutResponse: logout confirmation - RefreshTokenRequest: token refresh payload - UserInfo: user data (excludes password_hash) **Services:** - AuthService: login(), logout(), validate_token(), hash_password(), verify_password() - Integrated bcrypt password hashing - JWT token generation (access + refresh tokens) - Token blacklisting in Redis - Audit logging for all auth operations **Middleware:** - Authentication middleware with JWT validation - Role-based access control (RBAC) helpers - require_role() dependency factory - Convenience dependencies: require_viewer(), require_operator(), require_administrator() - Client IP and User-Agent extraction **Router:** - POST /api/v1/auth/login - Authenticate and get tokens - POST /api/v1/auth/logout - Blacklist token - POST /api/v1/auth/refresh - Refresh access token - GET /api/v1/auth/me - Get current user info **Integration:** - Registered auth router in main.py - Updated startup event to initialize Redis and SDK Bridge clients - Updated shutdown event to cleanup connections properly - Fixed error translation utilities - Added asyncpg dependency for PostgreSQL async driver 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
59 lines
792 B
Plaintext
59 lines
792 B
Plaintext
# Web Framework
|
|
fastapi==0.109.0
|
|
uvicorn[standard]==0.27.0
|
|
python-multipart==0.0.6
|
|
|
|
# Database
|
|
sqlalchemy==2.0.25
|
|
alembic==1.13.1
|
|
psycopg2-binary==2.9.9
|
|
asyncpg==0.29.0
|
|
|
|
# Redis
|
|
redis==5.0.1
|
|
aioredis==2.0.1
|
|
|
|
# gRPC
|
|
grpcio==1.60.0
|
|
grpcio-tools==1.60.0
|
|
protobuf==4.25.2
|
|
|
|
# Authentication
|
|
pyjwt==2.8.0
|
|
passlib[bcrypt]==1.7.4
|
|
python-jose[cryptography]==3.3.0
|
|
|
|
# Validation
|
|
pydantic==2.5.3
|
|
pydantic-settings==2.1.0
|
|
email-validator==2.1.0
|
|
|
|
# WebSocket
|
|
websockets==12.0
|
|
|
|
# HTTP Client
|
|
httpx==0.26.0
|
|
aiohttp==3.9.1
|
|
|
|
# Testing
|
|
pytest==7.4.4
|
|
pytest-asyncio==0.23.3
|
|
pytest-cov==4.1.0
|
|
pytest-mock==3.12.0
|
|
httpx==0.26.0
|
|
|
|
# Code Quality
|
|
ruff==0.1.14
|
|
black==23.12.1
|
|
mypy==1.8.0
|
|
types-redis==4.6.0.20240106
|
|
|
|
# Environment
|
|
python-dotenv==1.0.0
|
|
|
|
# Logging
|
|
structlog==24.1.0
|
|
|
|
# Date/Time
|
|
python-dateutil==2.8.2
|