zrb 1.0.0b8__py3-none-any.whl → 1.0.0b10__py3-none-any.whl

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/common/base_service.py

@@ -2,10 +2,10 @@ import inspect
 from enum import Enum
 from functools import partial
 from logging import Logger
-from typing import Any, Callable, Sequence
+from typing import Any, Callable, Union, get_args, get_origin
 
 import httpx
-from fastapi import APIRouter, Depends, params
+from fastapi import APIRouter, Depends
 from my_app_name.common.error import ClientAPIError
 from pydantic import BaseModel
 
@@ -56,7 +56,6 @@ class BaseService:
         response_model: Any = None,
         status_code: int | None = None,
         tags: list[str | Enum] | None = None,
-        dependencies: Sequence[params.Depends] | None = None,
         summary: str | None = None,
         description: str = None,
         deprecated: bool | None = None,
@@ -160,56 +159,24 @@ def _create_direct_client_method(logger: Logger, func: Callable, service: BaseSe
     return client_method
 
 
-def _create_api_client_method(logger: Logger, param: RouteParam, base_url: str):
+def _create_api_client_method(logger: Logger, route_param: RouteParam, base_url: str):
     async def client_method(*args, **kwargs):
-        url = base_url + param.path
-        method = (
-            param.methods[0].lower()
-            if isinstance(param.methods, list)
-            else param.methods.lower()
+        url = base_url + route_param.path
+        method = _get_api_client_method(route_param)
+        body_param_names = _get_api_client_body_param_names(route_param, method)
+        path_params, query_params, body_params = _create_api_client_request_params(
+            route_param, body_param_names, args, kwargs
         )
-        # Get the signature of the original function
-        sig = inspect.signature(param.func)
-        # Bind the arguments to the signature
-        bound_args = sig.bind(*args, **kwargs)
-        bound_args.apply_defaults()
-        # Analyze parameters
-        params = list(sig.parameters.values())
-        body_params = [
-            p
-            for p in params
-            if p.name != "self" and p.kind == inspect.Parameter.POSITIONAL_OR_KEYWORD
-        ]
-        # Prepare the request
-        path_params = {}
-        query_params = {}
-        body = {}
-        for name, value in bound_args.arguments.items():
-            if name == "self":
-                continue
-            if f"{{{name}}}" in param.path:
-                path_params[name] = value
-            elif isinstance(value, BaseModel):
-                body = _parse_api_param(value)
-            elif method in ["get", "delete"]:
-                query_params[name] = _parse_api_param(value)
-            elif len(body_params) == 1 and name == body_params[0].name:
-                # If there's only one body parameter, use its value directly
-                body = _parse_api_param(value)
-            else:
-                body[name] = _parse_api_param(value)
         # Format the URL with path parameters
         url = url.format(**path_params)
+        json_body_params = None if method == "get" else body_params
         logger.info(
-            f"Sending request to {url} with method {method}, json={body}, params={query_params}"  # noqa
+            f"Sending request to {url} with method {method}, json={json_body_params}, params={query_params}"  # noqa
         )
         async with httpx.AsyncClient() as client:
-            if method in ["get", "delete"]:
-                response = await getattr(client, method)(url, params=query_params)
-            else:
-                response = await getattr(client, method)(
-                    url, json=body, params=query_params
-                )
+            response = await client.request(
+                method=method, url=url, params=query_params, json=json_body_params
+            )
             logger.info(
                 f"Received response: status={response.status_code}, content={response.content}"
             )
@@ -220,17 +187,139 @@ def _create_api_client_method(logger: Logger, param: RouteParam, base_url: str):
                     else response.text
                 )
                 raise ClientAPIError(response.status_code, error_detail)
-            return response.json()
+            return _parse_api_client_response(logger, route_param, response)
 
     return client_method
 
 
-def _parse_api_param(data: Any) -> Any:
+def _parse_api_client_response(
+    logger: Logger, route_param: RouteParam, response: Any
+) -> Any:
+    sig = inspect.signature(route_param.func)
+    try:
+        response_data = response.json()
+    except Exception:
+        logger.warning("Failed to parse JSON")
+        return None
+    return_annotation = sig.return_annotation  # e.g., list[User]
+    if return_annotation is inspect.Signature.empty:
+        logger.warning("No return annotation detected, return value as is")
+        return response_data  # No return type specified, return raw JSON
+    origin = get_origin(return_annotation)  # e.g., list
+    args = get_args(return_annotation)  # e.g., (User,)
+    try:
+        if origin is None:  # Not a generic type, so check it directly
+            if inspect.isclass(return_annotation) and issubclass(
+                return_annotation, BaseModel
+            ):
+                if response_data:
+                    return return_annotation.model_validate(response_data)
+                return None
+        elif origin in {list, set, tuple} and args:
+            model_type = args[0]
+            if inspect.isclass(model_type) and issubclass(model_type, BaseModel):
+                if isinstance(response_data, list):
+                    return [model_type.model_validate(item) for item in response_data]
+                elif isinstance(response_data, tuple):
+                    return tuple(
+                        model_type.model_validate(item) for item in response_data
+                    )
+                elif isinstance(response_data, set):
+                    return {model_type.model_validate(item) for item in response_data}
+                return None
+        elif origin is Union and len(args) == 2 and type(None) in args:
+            model_type = next(
+                (
+                    arg
+                    for arg in args
+                    if inspect.isclass(arg) and issubclass(arg, BaseModel)
+                ),
+                None,
+            )
+            if response_data and model_type:
+                return model_type.model_validate(response_data)
+            return None
+        elif origin is dict and len(args) == 2:
+            key_type, value_type = args
+            if inspect.isclass(value_type) and issubclass(value_type, BaseModel):
+                if inspect(response_data, dict):
+                    return {
+                        k: value_type.model_validate(v)
+                        for k, v in response_data.items()
+                    }
+                return None
+        return response_data
+    except Exception:
+        logger.warning(
+            "Return annotation detected, but parsing error, return value as is"
+        )
+        return response_data
+
+
+def _create_api_client_request_params(
+    route_param: RouteParam,
+    body_param_names: list[str],
+    args: list[Any],
+    kwargs: dict[str, Any],
+) -> tuple[dict[str, Any], dict[str, Any], dict[str, Any]]:
+    # Get the signature of the original function
+    sig = inspect.signature(route_param.func)
+    # Bind the arguments to the signature
+    bound_args = sig.bind(*args, **kwargs)
+    bound_args.apply_defaults()
+    # Prepare the request
+    path_params = {}
+    query_params = {}
+    body_params = {}
+    for name, value in bound_args.arguments.items():
+        if name == "self":
+            continue
+        if f"{{{name}}}" in route_param.path:
+            path_params[name] = value
+        elif name not in body_param_names:
+            query_params[name] = _parse_api_client_param(value)
+        elif len(body_param_names) == 1 and name == body_param_names[0]:
+            # If there's only one body parameter, use its value directly
+            body_params = _parse_api_client_param(value)
+        else:
+            body_params[name] = _parse_api_client_param(value)
+    return path_params, query_params, body_params
+
+
+def _parse_api_client_param(data: Any) -> Any:
     if isinstance(data, BaseModel):
         return data.model_dump()
-    elif isinstance(data, list):
-        return [_parse_api_param(item) for item in data]
     elif isinstance(data, dict):
-        return {key: _parse_api_param(value) for key, value in data.items()}
+        return {key: _parse_api_client_param(value) for key, value in data.items()}
+    elif isinstance(data, list):
+        return [_parse_api_client_param(item) for item in data]
+    elif isinstance(data, tuple):
+        return tuple(_parse_api_client_param(item) for item in data)
+    elif isinstance(data, set):
+        return {_parse_api_client_param(item) for item in data}
     else:
         return data
+
+
+def _get_api_client_method(route_param: RouteParam) -> str:
+    if isinstance(route_param.methods, list):
+        return route_param.methods[0].lower()
+    return route_param.methods.lower()
+
+
+def _get_api_client_body_param_names(route_param: RouteParam, method: str):
+    sig = inspect.signature(route_param.func)
+    function_params = list(sig.parameters.values())
+    return [
+        p.name
+        for p in function_params
+        if (
+            p.name != "self"
+            and f"{{{p.name}}}" not in route_param.path
+            and p.kind == inspect.Parameter.POSITIONAL_OR_KEYWORD
+            and (
+                method not in ["get", "delete"]
+                or (method == "delete" and p.annotation not in [str, float, bool])
+            )
+        )
+    ]

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/common/error.py

@@ -8,11 +8,26 @@ class NotFoundError(HTTPException):
         super().__init__(404, {"message": message}, headers)
 
 
+class ForbiddenError(HTTPException):
+    def __init__(self, message: str, headers: Dict[str, str] | None = None) -> None:
+        super().__init__(403, {"message": message}, headers)
+
+
+class UnauthorizedError(HTTPException):
+    def __init__(self, message: str, headers: Dict[str, str] | None = None) -> None:
+        super().__init__(401, {"message": message}, headers)
+
+
 class InvalidValueError(HTTPException):
     def __init__(self, message: str, headers: Dict[str, str] | None = None) -> None:
         super().__init__(422, {"message": message}, headers)
 
 
+class InternalServerError(HTTPException):
+    def __init__(self, message: str, headers: Dict[str, str] | None = None) -> None:
+        super().__init__(500, {"message": message}, headers)
+
+
 class ClientAPIError(HTTPException):
     def __init__(
         self, status_code: int, message: str, headers: Dict[str, str] | None = None

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/common/util/parser.py

@@ -45,7 +45,7 @@ def create_default_filter_param_parser() -> (
     Callable[[SQLModel, str], list[ClauseElement]]
 ):
     def parse_filter_param(model: SQLModel, query: str) -> list[ClauseElement]:
-        """
+        r"""
         Parse the filter parameter and return a list of SQLAlchemy ClauseElement objects.
 
         Args:

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/config.py

@@ -1,5 +1,8 @@
 import os
 
+TRUE_STRS = ["true", "1", "yes", "y", "active", "on"]
+FALSE_STRS = ["false", "0", "no", "n", "inactive", "off"]
+
 APP_PATH = os.path.dirname(__file__)
 APP_VERSION = "0.1.0"
 
@@ -51,16 +54,31 @@ APP_AUTH_SUPER_USER_PASSWORD = os.getenv(
     "MY_APP_NAME_AUTH_SUPER_USER_PASSWORD", "my-secure-password"
 )
 APP_AUTH_GUEST_USER = os.getenv("MY_APP_NAME_AUTH_GUEST_USER", "user")
-APP_AUTH_GUEST_USER_PERMISSIONS = (
+APP_AUTH_GUEST_USER_PERMISSIONS = [
     permission_name.strip()
     for permission_name in os.getenv(
         "MY_APP_NAME_AUTH_GUEST_USER_PERMISSIONS", ""
     ).split(",")
     if permission_name.strip() != ""
+]
+APP_AUTH_MAX_PARALLEL_SESSION = int(
+    os.getenv("MY_APP_NAME_AUTH_MAX_PARALLEL_SESSION", "1")
+)
+APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES = int(
+    os.getenv("MY_APP_NAME_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES", "30")
+)
+APP_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES = int(
+    os.getenv("MY_APP_NAME_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES", "1440")
+)
+APP_AUTH_ACCESS_TOKEN_COOKIE_NAME = os.getenv(
+    "MY_APP_NAME_AUTH_ACCESS_TOKEN_COOKIE_NAME", "access_token"
+)
+APP_AUTH_REFRESH_TOKEN_COOKIE_NAME = os.getenv(
+    "MY_APP_NAME_AUTH_REFRESH_TOKEN_COOKIE_NAME", "refresh_token"
 )
-APP_MAX_PARALLEL_SESSION = int(os.getenv("MY_APP_NAME_MAX_PARALLEL_SESSION", "1"))
-APP_SESSION_EXPIRE_MINUTES = int(
-    os.getenv("MY_APP_NAME_SESSION_EXPIRE_MINUTES", "1440")
+APP_AUTH_SECRET_KEY = os.getenv("MY_APP_NAME_AUTH_SECRET_KEY", "my-secret-key")
+APP_AUTH_PRIORITIZE_NEW_SESSION = (
+    os.getenv("MY_APP_NAME_AUTH_PRIORITIZE_NEW_SESSION", "1").lower() in TRUE_STRS
 )
 
 APP_AUTH_BASE_URL = os.getenv("MY_APP_NAME_AUTH_BASE_URL", "http://localhost:3001")

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/client/auth_client.py

@@ -13,15 +13,36 @@ from my_app_name.schema.role import (
     RoleUpdateWithPermissionsAndAudit,
 )
 from my_app_name.schema.user import (
+    AuthUserResponse,
     MultipleUserResponse,
     UserCreateWithRolesAndAudit,
+    UserCredentials,
     UserResponse,
+    UserSessionResponse,
     UserUpdateWithRolesAndAudit,
 )
 
 
 class AuthClient(ABC):
 
+    @abstractmethod
+    async def get_current_user(self, access_token: str) -> AuthUserResponse:
+        """Get current user based on access token"""
+
+    @abstractmethod
+    async def create_user_session(
+        self, credential: UserCredentials
+    ) -> UserSessionResponse:
+        """Create new user session"""
+
+    @abstractmethod
+    async def update_user_session(self, refresh_token: str) -> UserSessionResponse:
+        """Update user session"""
+
+    @abstractmethod
+    async def delete_user_session(self, refresh_token: str) -> UserSessionResponse:
+        """Delete user session"""
+
     # Permission related methods
 
     @abstractmethod

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/migration/versions/3093c7336477_add_auth_tables.py

@@ -22,7 +22,7 @@ depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
     # ### commands auto generated by Alembic - please adjust! ###
     op.create_table(
-        "permission",
+        "permissions",
         sa.Column("id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("created_at", sa.DateTime(), nullable=True),
         sa.Column("created_by", sqlmodel.sql.sqltypes.AutoString(), nullable=True),
@@ -32,22 +32,22 @@ def upgrade() -> None:
         sa.Column("description", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.PrimaryKeyConstraint("id"),
     )
-    op.create_index(op.f("ix_permission_name"), "permission", ["name"], unique=True)
+    op.create_index(op.f("ix_permissions_name"), "permissions", ["name"], unique=True)
     op.create_index(
-        op.f("ix_permission_created_at"), "permission", ["created_at"], unique=False
+        op.f("ix_permissions_created_at"), "permissions", ["created_at"], unique=False
     )
     op.create_index(
-        op.f("ix_permission_created_by"), "permission", ["created_by"], unique=False
+        op.f("ix_permissions_created_by"), "permissions", ["created_by"], unique=False
     )
     op.create_index(
-        op.f("ix_permission_updated_at"), "permission", ["updated_at"], unique=False
+        op.f("ix_permissions_updated_at"), "permissions", ["updated_at"], unique=False
     )
     op.create_index(
-        op.f("ix_permission_updated_by"), "permission", ["updated_by"], unique=False
+        op.f("ix_permissions_updated_by"), "permissions", ["updated_by"], unique=False
     )
 
     op.create_table(
-        "role",
+        "roles",
         sa.Column("id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("created_at", sa.DateTime(), nullable=True),
         sa.Column("created_by", sqlmodel.sql.sqltypes.AutoString(), nullable=True),
@@ -57,14 +57,14 @@ def upgrade() -> None:
         sa.Column("description", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.PrimaryKeyConstraint("id"),
     )
-    op.create_index(op.f("ix_role_name"), "role", ["name"], unique=True)
-    op.create_index(op.f("ix_role_created_at"), "role", ["created_at"], unique=False)
-    op.create_index(op.f("ix_role_created_by"), "role", ["created_by"], unique=False)
-    op.create_index(op.f("ix_role_updated_at"), "role", ["updated_at"], unique=False)
-    op.create_index(op.f("ix_role_updated_by"), "role", ["updated_by"], unique=False)
+    op.create_index(op.f("ix_roles_name"), "roles", ["name"], unique=True)
+    op.create_index(op.f("ix_roles_created_at"), "roles", ["created_at"], unique=False)
+    op.create_index(op.f("ix_roles_created_by"), "roles", ["created_by"], unique=False)
+    op.create_index(op.f("ix_roles_updated_at"), "roles", ["updated_at"], unique=False)
+    op.create_index(op.f("ix_roles_updated_by"), "roles", ["updated_by"], unique=False)
 
     op.create_table(
-        "rolepermission",
+        "role_permissions",
         sa.Column("id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("role_id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("permission_id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
@@ -73,34 +73,39 @@ def upgrade() -> None:
         sa.PrimaryKeyConstraint("id"),
     )
     op.create_index(
-        op.f("ix_rolepermission_permission_id"),
-        "rolepermission",
+        op.f("ix_role_permissions_permission_id"),
+        "role_permissions",
         ["permission_id"],
         unique=False,
     )
     op.create_index(
-        op.f("ix_rolepermission_role_id"), "rolepermission", ["role_id"], unique=False
+        op.f("ix_role_permissions_role_id"),
+        "role_permissions",
+        ["role_id"],
+        unique=False,
     )
 
     op.create_table(
-        "user",
+        "users",
         sa.Column("id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("username", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("password", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+        sa.Column("active", sa.Boolean(), nullable=False),
         sa.Column("created_at", sa.DateTime(), nullable=False),
         sa.Column("created_by", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("updated_at", sa.DateTime(), nullable=True),
         sa.Column("updated_by", sqlmodel.sql.sqltypes.AutoString(), nullable=True),
         sa.PrimaryKeyConstraint("id"),
     )
-    op.create_index(op.f("ix_user_username"), "user", ["username"], unique=True)
-    op.create_index(op.f("ix_user_created_at"), "user", ["created_at"], unique=False)
-    op.create_index(op.f("ix_user_created_by"), "user", ["created_by"], unique=False)
-    op.create_index(op.f("ix_user_updated_at"), "user", ["updated_at"], unique=False)
-    op.create_index(op.f("ix_user_updated_by"), "user", ["updated_by"], unique=False)
+    op.create_index(op.f("ix_users_username"), "users", ["username"], unique=True)
+    op.create_index(op.f("ix_users_active"), "users", ["active"], unique=False)
+    op.create_index(op.f("ix_users_created_at"), "users", ["created_at"], unique=False)
+    op.create_index(op.f("ix_users_created_by"), "users", ["created_by"], unique=False)
+    op.create_index(op.f("ix_users_updated_at"), "users", ["updated_at"], unique=False)
+    op.create_index(op.f("ix_users_updated_by"), "users", ["updated_by"], unique=False)
 
     op.create_table(
-        "userrole",
+        "user_roles",
         sa.Column("id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("user_id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("role_id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
@@ -108,53 +113,93 @@ def upgrade() -> None:
         sa.Column("created_by", sqlmodel.sql.sqltypes.AutoString(), nullable=True),
         sa.PrimaryKeyConstraint("id"),
     )
-    op.create_index(op.f("ix_userrole_role_id"), "userrole", ["role_id"], unique=False)
-    op.create_index(op.f("ix_userrole_user_id"), "userrole", ["user_id"], unique=False)
+    op.create_index(
+        op.f("ix_user_roles_role_id"), "user_roles", ["role_id"], unique=False
+    )
+    op.create_index(
+        op.f("ix_user_roles_user_id"), "user_roles", ["user_id"], unique=False
+    )
 
     op.create_table(
-        "session",
+        "user_sessions",
         sa.Column("id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
         sa.Column("user_id", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
-        sa.Column("token", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+        sa.Column("access_token", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+        sa.Column("refresh_token", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+        sa.Column("access_token_expired_at", sa.DateTime(), nullable=False),
+        sa.Column("refresh_token_expired_at", sa.DateTime(), nullable=False),
         sa.PrimaryKeyConstraint("id"),
     )
-    op.create_index(op.f("ix_session_user_id"), "session", ["user_id"], unique=False)
-    op.create_index(op.f("ix_session_token"), "session", ["token"], unique=True)
+    op.create_index(
+        op.f("ix_user_sessions_user_id"), "user_sessions", ["user_id"], unique=False
+    )
+    op.create_index(
+        op.f("ix_user_sessions_access_token"),
+        "user_sessions",
+        ["access_token"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_user_sessions_refresh_token"),
+        "user_sessions",
+        ["refresh_token"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_user_sessions_access_token_expired_at"),
+        "user_sessions",
+        ["access_token_expired_at"],
+    )
+    op.create_index(
+        op.f("ix_user_sessions_refresh_token_expired_at"),
+        "user_sessions",
+        ["refresh_token_expired_at"],
+    )
     # ### end Alembic commands ###
 
 
 def downgrade() -> None:
     # ### commands auto generated by Alembic - please adjust! ###
-    op.drop_index(op.f("ix_session_token"), table_name="session")
-    op.drop_index(op.f("ix_session_user_id"), table_name="session")
-    op.drop_table("session")
-
-    op.drop_index(op.f("ix_userrole_user_id"), table_name="userrole")
-    op.drop_index(op.f("ix_userrole_role_id"), table_name="userrole")
-    op.drop_table("userrole")
-
-    op.drop_index(op.f("ix_user_username"), table_name="user")
-    op.drop_index(op.f("ix_user_updated_by"), table_name="user")
-    op.drop_index(op.f("ix_user_updated_at"), table_name="user")
-    op.drop_index(op.f("ix_user_created_by"), table_name="user")
-    op.drop_index(op.f("ix_user_created_at"), table_name="user")
-    op.drop_table("user")
-
-    op.drop_index(op.f("ix_rolepermission_role_id"), table_name="rolepermission")
-    op.drop_index(op.f("ix_rolepermission_permission_id"), table_name="rolepermission")
-    op.drop_table("rolepermission")
-
-    op.drop_index(op.f("ix_role_name"), table_name="role")
-    op.drop_index(op.f("ix_role_updated_by"), table_name="role")
-    op.drop_index(op.f("ix_role_updated_at"), table_name="role")
-    op.drop_index(op.f("ix_role_created_by"), table_name="role")
-    op.drop_index(op.f("ix_role_created_at"), table_name="role")
-    op.drop_table("role")
-
-    op.drop_index(op.f("ix_permission_updated_by"), table_name="permission")
-    op.drop_index(op.f("ix_permission_updated_at"), table_name="permission")
-    op.drop_index(op.f("ix_permission_created_by"), table_name="permission")
-    op.drop_index(op.f("ix_permission_created_at"), table_name="permission")
-    op.drop_index(op.f("ix_permission_name"), table_name="permission")
-    op.drop_table("permission")
+    op.drop_index(op.f("ix_user_sessions_user_id"), table_name="user_sessions")
+    op.drop_index(op.f("ix_user_sessions_access_token"), table_name="user_sessions")
+    op.drop_index(op.f("ix_user_sessions_refresh_token"), table_name="user_sessions")
+    op.drop_index(
+        op.f("ix_user_sessions_access_token_expired_at"), table_name="user_sessions"
+    )
+    op.drop_index(
+        op.f("ix_user_sessions_refresh_token_expired_at"), table_name="user_sessions"
+    )
+    op.drop_table("user_sessions")
+
+    op.drop_index(op.f("ix_user_roles_user_id"), table_name="user_roles")
+    op.drop_index(op.f("ix_user_roles_role_id"), table_name="user_roles")
+    op.drop_table("user_roles")
+
+    op.drop_index(op.f("ix_users_username"), table_name="users")
+    op.drop_index(op.f("ix_users_active"), table_name="users")
+    op.drop_index(op.f("ix_users_updated_by"), table_name="users")
+    op.drop_index(op.f("ix_users_updated_at"), table_name="users")
+    op.drop_index(op.f("ix_users_created_by"), table_name="users")
+    op.drop_index(op.f("ix_users_created_at"), table_name="users")
+    op.drop_table("users")
+
+    op.drop_index(op.f("ix_role_permissions_role_id"), table_name="role_permissions")
+    op.drop_index(
+        op.f("ix_role_permissions_permission_id"), table_name="role_permissions"
+    )
+    op.drop_table("role_permissions")
+
+    op.drop_index(op.f("ix_roles_name"), table_name="roles")
+    op.drop_index(op.f("ix_roles_updated_by"), table_name="roles")
+    op.drop_index(op.f("ix_roles_updated_at"), table_name="roles")
+    op.drop_index(op.f("ix_roles_created_by"), table_name="roles")
+    op.drop_index(op.f("ix_roles_created_at"), table_name="roles")
+    op.drop_table("roles")
+
+    op.drop_index(op.f("ix_permissions_updated_by"), table_name="permissions")
+    op.drop_index(op.f("ix_permissions_updated_at"), table_name="permissions")
+    op.drop_index(op.f("ix_permissions_created_by"), table_name="permissions")
+    op.drop_index(op.f("ix_permissions_created_at"), table_name="permissions")
+    op.drop_index(op.f("ix_permissions_name"), table_name="permissions")
+    op.drop_table("permissions")
     # ### end Alembic commands ###

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/migration/versions/8ed025bcc845_create_permissions.py

@@ -0,0 +1,69 @@
+"""create_permissions
+
+Revision ID: 8ed025bcc845
+Revises: 3093c7336477
+Create Date: 2025-02-08 19:09:14.536559
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+import sqlmodel  # 🔥 FastApp Modification
+from alembic import op
+from module.auth.migration_metadata import metadata
+
+# revision identifiers, used by Alembic.
+revision: str = "8ed025bcc845"
+down_revision: Union[str, None] = "3093c7336477"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.bulk_insert(
+        metadata.tables["permissions"],
+        [
+            # permission
+            {"name": "permission:create", "description": "create permission"},
+            {"name": "permission:read", "description": "read permission"},
+            {"name": "permission:update", "description": "update permission"},
+            {"name": "permission:delete", "description": "delete permission"},
+            # role
+            {"name": "role:create", "description": "create role"},
+            {"name": "role:read", "description": "read role"},
+            {"name": "role:update", "description": "update role"},
+            {"name": "role:delete", "description": "delete role"},
+            # user
+            {"name": "user:create", "description": "create user"},
+            {"name": "user:read", "description": "read user"},
+            {"name": "user:update", "description": "update user"},
+            {"name": "user:delete", "description": "delete user"},
+        ],
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    op.execute(
+        sa.delete(metadata.tables["permissions"]).where(
+            metadata.tables["permissions"].c.name.in_(
+                # user
+                "user:create",
+                "user:read",
+                "user:update",
+                "user:delete",
+                # role
+                "role:create",
+                "role:read",
+                "role:update",
+                "role:delete",
+                # permission
+                "permission:create",
+                "permission:read",
+                "permission:update",
+                "permission:delete",
+            )
+        )
+    )
+    # ### end Alembic commands ###