PyPI - zrb - Versions diffs - 1.0.0b8__py3-none-any.whl → 1.0.0b10__py3-none-any.whl - Mend

zrb 1.0.0b8py3-none-any.whl → 1.0.0b10py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/migration_metadata.py CHANGED Viewed

@@ -1,7 +1,6 @@
 from my_app_name.schema.permission import Permission
 from my_app_name.schema.role import Role, RolePermission
-from my_app_name.schema.session import Session
-from my_app_name.schema.user import User, UserRole
+from my_app_name.schema.user import User, UserRole, UserSession
 from sqlalchemy import MetaData
 metadata = MetaData()
@@ -19,5 +18,5 @@ User.__table__.tometadata(metadata)
 UserRole.metadata = metadata
 UserRole.__table__.tometadata(metadata)
-Session.metadata = metadata
-Session.__table__.tometadata(metadata)
+UserSession.metadata = metadata
+UserSession.__table__.tometadata(metadata)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/route.py CHANGED Viewed

@@ -5,10 +5,23 @@ from my_app_name.config import APP_MAIN_MODULE, APP_MODE, APP_MODULES
 from my_app_name.module.auth.service.permission.permission_service_factory import (
     permission_service,
 )
+from my_app_name.module.auth.service.role.role_service_factory import role_service
 from my_app_name.module.auth.service.user.user_service_factory import user_service
-def serve_health_check(app: FastAPI):
+def serve_route(app: FastAPI):
+    if APP_MODE != "microservices" or "auth" not in APP_MODULES:
+        return
+    if APP_MAIN_MODULE == "auth":
+        _serve_health_check(app)
+        _serve_readiness_check(app)
+    permission_service.serve_route(app)
+    role_service.serve_route(app)
+    user_service.serve_route(app)
+def _serve_health_check(app: FastAPI):
     @app.api_route("/health", methods=["GET", "HEAD"], response_model=BasicResponse)
     async def health():
         """
@@ -17,7 +30,7 @@ def serve_health_check(app: FastAPI):
         return BasicResponse(message="ok")
-def serve_readiness_check(app: FastAPI):
+def _serve_readiness_check(app: FastAPI):
     @app.api_route("/readiness", methods=["GET", "HEAD"], response_model=BasicResponse)
     async def readiness():
         """
@@ -26,16 +39,4 @@ def serve_readiness_check(app: FastAPI):
         return BasicResponse(message="ok")
-def serve_route(app: FastAPI):
-    if APP_MODE != "microservices" or "auth" not in APP_MODULES:
-        return
-    if APP_MAIN_MODULE == "auth":
-        serve_health_check(app)
-        serve_readiness_check(app)
-    # Serve user endpoints for APIClient
-    user_service.serve_route(app)
-    permission_service.serve_route(app)
 serve_route(app)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/permission/permission_service.py CHANGED Viewed

@@ -71,11 +71,11 @@ class PermissionService(BaseService):
     @BaseService.route(
         "/api/v1/permissions/bulk",
         methods=["put"],
-        response_model=PermissionResponse,
+        response_model=list[PermissionResponse],
     )
     async def update_permission_bulk(
         self, permission_ids: list[str], data: PermissionUpdateWithAudit
-    ) -> PermissionResponse:
+    ) -> list[PermissionResponse]:
         await self.permission_repository.update_bulk(permission_ids, data)
         return await self.permission_repository.get_by_ids(permission_ids)
@@ -93,11 +93,11 @@ class PermissionService(BaseService):
     @BaseService.route(
         "/api/v1/permissions/bulk",
         methods=["delete"],
-        response_model=PermissionResponse,
+        response_model=list[PermissionResponse],
     )
     async def delete_permission_bulk(
         self, permission_ids: list[str], deleted_by: str
-    ) -> PermissionResponse:
+    ) -> list[PermissionResponse]:
         permissions = await self.permission_repository.get_by_ids(permission_ids)
         await self.permission_repository.delete_bulk(permission_ids)
         return permissions

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/role/repository/role_db_repository.py CHANGED Viewed

@@ -54,28 +54,47 @@ class RoleDBRepository(
                 and permission.id not in role_permission_map[role.id]
             ):
                 role_permission_map[role.id].append(permission.id)
-                role_map[role.id]["permissions"].append(permission.model_dump())
+                role_map[role.id]["permissions"].append(permission)
         return [
-            RoleResponse(**data["role"].model_dump(), permissions=data["permissions"])
+            RoleResponse(
+                **data["role"].model_dump(),
+                permission_names=[
+                    permission.name for permission in data["permissions"]
+                ],
+            )
             for data in role_map.values()
         ]
     async def add_permissions(self, data: dict[str, list[str]], created_by: str):
         now = datetime.datetime.now(datetime.timezone.utc)
+        # get mapping from perrmission names to permission ids
+        all_permission_names = {
+            name for permission_names in data.values() for name in permission_names
+        }
+        async with self._session_scope() as session:
+            result = await self._execute_statement(
+                session,
+                select(Permission.id, Permission.name).where(
+                    Permission.name.in_(all_permission_names)
+                ),
+            )
+            permission_mapping = {row.name: row.id for row in result}
+        # Assemble data dict
         data_dict_list: list[dict[str, Any]] = []
-        for role_id, permission_ids in data.items():
-            for permission_id in permission_ids:
+        for role_id, permission_names in data.items():
+            for permission_name in permission_names:
                 data_dict_list.append(
                     self._model_to_data_dict(
                         RolePermission(
                             id=ulid.new().str,
                             role_id=role_id,
-                            permission_id=permission_id,
+                            permission_id=permission_mapping.get(permission_name),
                             created_at=now,
                             created_by=created_by,
                         )
                     )
                 )
+        # Insert rolePermissions
         async with self._session_scope() as session:
             await self._execute_statement(
                 session, insert(RolePermission).values(data_dict_list)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/role/role_service.py CHANGED Viewed

@@ -50,13 +50,13 @@ class RoleService(BaseService):
     async def create_role_bulk(
         self, data: list[RoleCreateWithPermissionsAndAudit]
     ) -> list[RoleResponse]:
-        permission_ids = [row.get_permission_ids() for row in data]
+        permission_names = [row.get_permission_names() for row in data]
         data = [row.get_role_create_with_audit() for row in data]
         roles = await self.role_repository.create_bulk(data)
         if len(roles) > 0:
             created_by = roles[0].created_by
             await self.role_repository.add_permissions(
-                data={role.id: permission_ids[i] for i, role in enumerate(roles)},
+                data={role.id: permission_names[i] for i, role in enumerate(roles)},
                 created_by=created_by,
             )
         return await self.role_repository.get_by_ids([role.id for role in roles])
@@ -69,30 +69,32 @@ class RoleService(BaseService):
     async def create_role(
         self, data: RoleCreateWithPermissionsAndAudit
     ) -> RoleResponse:
-        permission_ids = data.get_permission_ids()
+        permission_names = data.get_permission_names()
         data = data.get_role_create_with_audit()
         role = await self.role_repository.create(data)
         await self.role_repository.add_permissions(
-            data={role.id: permission_ids}, created_by=role.created_by
+            data={role.id: permission_names}, created_by=role.created_by
         )
         return await self.role_repository.get_by_id(role.id)
     @BaseService.route(
         "/api/v1/roles/bulk",
         methods=["put"],
-        response_model=RoleResponse,
+        response_model=list[RoleResponse],
     )
     async def update_role_bulk(
         self, role_ids: list[str], data: RoleUpdateWithPermissionsAndAudit
-    ) -> RoleResponse:
-        permission_ids = [row.get_permission_ids() for row in data]
+    ) -> list[RoleResponse]:
+        permission_names = [row.get_permission_names() for row in data]
         data = [row.get_role_update_with_audit() for row in data]
         await self.role_repository.update_bulk(role_ids, data)
         if len(role_ids) > 0:
             updated_by = data[0].updated_by
             await self.role_repository.remove_all_permissions(role_ids)
             await self.role_repository.add_permissions(
-                data={role_id: permission_ids[i] for i, role_id in enumerate(role_ids)},
+                data={
+                    role_id: permission_names[i] for i, role_id in enumerate(role_ids)
+                },
                 created_by=updated_by,
             )
         return await self.role_repository.get_by_ids(role_ids)
@@ -105,23 +107,23 @@ class RoleService(BaseService):
     async def update_role(
         self, role_id: str, data: RoleUpdateWithPermissionsAndAudit
     ) -> RoleResponse:
-        permission_ids = data.get_permission_ids()
+        permission_names = data.get_permission_names()
         role_data = data.get_role_update_with_audit()
         await self.role_repository.update(role_id, role_data)
         await self.role_repository.remove_all_permissions([role_id])
         await self.role_repository.add_permissions(
-            data={role_id: permission_ids}, created_by=role_data.updated_by
+            data={role_id: permission_names}, created_by=role_data.updated_by
         )
         return await self.role_repository.get_by_id(role_id)
     @BaseService.route(
         "/api/v1/roles/bulk",
         methods=["delete"],
-        response_model=RoleResponse,
+        response_model=list[RoleResponse],
     )
     async def delete_role_bulk(
         self, role_ids: list[str], deleted_by: str
-    ) -> RoleResponse:
+    ) -> list[RoleResponse]:
         roles = await self.role_repository.get_by_ids(role_ids)
         await self.role_repository.delete_bulk(role_ids)
         await self.role_repository.remove_all_permissions(role_ids)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/user/repository/user_db_repository.py CHANGED Viewed

@@ -1,35 +1,27 @@
 import datetime
-from typing import Any, Callable
+from typing import Any
 import ulid
 from my_app_name.common.base_db_repository import BaseDBRepository
-from my_app_name.common.error import NotFoundError
-from my_app_name.config import (
-    APP_AUTH_GUEST_USER,
-    APP_AUTH_GUEST_USER_PERMISSIONS,
-    APP_AUTH_SUPER_USER,
-    APP_AUTH_SUPER_USER_PASSWORD,
-    APP_MAX_PARALLEL_SESSION,
-    APP_SESSION_EXPIRE_MINUTES,
-)
+from my_app_name.common.error import NotFoundError, UnauthorizedError
 from my_app_name.module.auth.service.user.repository.user_repository import (
     UserRepository,
 )
 from my_app_name.schema.permission import Permission
 from my_app_name.schema.role import Role, RolePermission
-from my_app_name.schema.session import Session, SessionResponse
 from my_app_name.schema.user import (
     User,
     UserCreateWithAudit,
     UserResponse,
     UserRole,
+    UserSession,
+    UserSessionResponse,
+    UserTokenData,
     UserUpdateWithAudit,
 )
 from passlib.context import CryptContext
-from sqlalchemy.engine import Engine
-from sqlalchemy.ext.asyncio import AsyncEngine
-from sqlalchemy.sql import ClauseElement, ColumnElement, Select
-from sqlmodel import SQLModel, delete, insert, select
+from sqlalchemy.sql import Select
+from sqlmodel import delete, insert, select, update
 # Password hashing context
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@@ -39,6 +31,11 @@ def hash_password(password: str) -> str:
     return pwd_context.hash(password)
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """Verifies if a password matches the stored hash."""
+    return pwd_context.verify(plain_password, hashed_password)
 class UserDBRepository(
     BaseDBRepository[User, UserResponse, UserCreateWithAudit, UserUpdateWithAudit],
     UserRepository,
@@ -50,86 +47,65 @@ class UserDBRepository(
     entity_name = "user"
     column_preprocessors = {"password": hash_password}
-    def __init__(
-        self,
-        engine: Engine | AsyncEngine,
-        super_user_username: str = APP_AUTH_SUPER_USER,
-        super_user_password: str = APP_AUTH_SUPER_USER_PASSWORD,
-        guest_user_username: str = APP_AUTH_GUEST_USER,
-        guest_user_password: str = APP_AUTH_SUPER_USER_PASSWORD,
-        guest_user_permission_names: list[str] = APP_AUTH_GUEST_USER_PERMISSIONS,
-        max_parallel_session: int = APP_MAX_PARALLEL_SESSION,
-        session_expire_minutes: int = APP_SESSION_EXPIRE_MINUTES,
-        filter_param_parser: (
-            Callable[[SQLModel, str], list[ClauseElement]] | None
-        ) = None,
-        sort_param_parser: Callable[[SQLModel, str], list[ColumnElement]] | None = None,
-    ):
-        super().__init__(
-            engine=engine,
-            filter_param_parser=filter_param_parser,
-            sort_param_parser=sort_param_parser,
-        )
-        self._super_user_username = super_user_username
-        self._super_user_passwored = super_user_password
-        self._guest_user_username = guest_user_username
-        self._guest_user_password = guest_user_password
-        self._guest_user_permission_names = guest_user_permission_names
-        self._max_parallel_session = max_parallel_session
-        self._session_expire_minutes = session_expire_minutes
-        self._super_user: User | None = None
-        self._guest_user: User | None = None
     def _select(self) -> Select:
         return (
-            select(User, Role, Permission, Session)
+            select(User, Role, Permission)
             .join(UserRole, UserRole.user_id == User.id, isouter=True)
             .join(Role, Role.id == UserRole.role_id, isouter=True)
             .join(RolePermission, RolePermission.role_id == Role.id, isouter=True)
             .join(
                 Permission, Permission.id == RolePermission.permission_id, isouter=True
             )
-            .join(Session, Session.user_id == User.id)
         )
     def _rows_to_responses(self, rows: list[tuple[Any, ...]]) -> list[UserResponse]:
         user_map: dict[str, dict[str, Any]] = {}
         user_role_map: dict[str, list[str]] = {}
         user_permission_map: dict[str, list[str]] = {}
-        for user, role, permission, _ in rows:
+        for user, role, permission in rows:
             if user.id not in user_map:
                 user_map[user.id] = {"user": user, "roles": [], "permissions": []}
                 user_role_map[user.id] = []
                 user_permission_map[user.id] = []
             if role is not None and role.id not in user_role_map[user.id]:
                 user_role_map[user.id].append(role.id)
-                user_map[user.id]["roles"].append(role.model_dump())
+                user_map[user.id]["roles"].append(role)
             if (
                 permission is not None
                 and permission.id not in user_permission_map[user.id]
             ):
                 user_permission_map[user.id].append(permission.id)
-                user_map[user.id]["permissions"].append(permission.model_dump())
+                user_map[user.id]["permissions"].append(permission)
         return [
             UserResponse(
                 **data["user"].model_dump(),
-                roles=list(data["roles"]),
-                permissions=list(data["permissions"]),
+                role_names=[role.name for role in data["roles"]],
+                permission_names=[
+                    permission.name for permission in data["permissions"]
+                ],
             )
             for data in user_map.values()
         ]
     async def add_roles(self, data: dict[str, list[str]], created_by: str):
         now = datetime.datetime.now(datetime.timezone.utc)
+        # get mapping from role names to role ids
+        all_role_names = {name for role_names in data.values() for name in role_names}
+        async with self._session_scope() as session:
+            result = await self._execute_statement(
+                session, select(Role.id, Role.name).where(Role.name.in_(all_role_names))
+            )
+            role_mapping = {row.name: row.id for row in result}
+        # Assemble data dict
         data_dict_list: list[dict[str, Any]] = []
-        for user_id, role_ids in data.items():
-            for role_id in role_ids:
+        for user_id, role_names in data.items():
+            for role_name in role_names:
                 data_dict_list.append(
                     self._model_to_data_dict(
                         UserRole(
                             id=ulid.new().str,
                             user_id=user_id,
-                            role_id=role_id,
+                            role_id=role_mapping.get(role_name),
                             created_at=now,
                             created_by=created_by,
                         )
@@ -148,65 +124,126 @@ class UserDBRepository(
             )
     async def get_by_credentials(self, username: str, password: str) -> UserResponse:
-        rows = await self._select_to_response(
-            lambda q: q.where(
-                User.username == username, User.password == hash_password(password)
+        async with self._session_scope() as session:
+            result = await self._execute_statement(
+                session, select(User).where(User.username == username, User.active)
             )
-        )
-        return self._ensure_one(rows)
+            user = result.scalar_one_or_none()
+            if user is None or not verify_password(password, user.password):
+                raise UnauthorizedError("Invalid username or password")
+            return await self.get_by_id(user.id)
-    async def get_by_token(self, token: str) -> UserResponse:
-        rows = await self._select_tor_response(
-            lambda q: q.where(Session.token == token)
-        )
-        return self._ensure_one(rows)
-    async def add_token(self, user_id: str, token: str):
+    async def delete_expired_user_sessions(self, user_id: str):
+        now = datetime.datetime.now(datetime.timezone.utc)
         async with self._session_scope() as session:
             await self._execute_statement(
                 session,
-                insert(Session).values(
-                    {
-                        "id": ulid.new().str,
-                        "user_id": user_id,
-                        "token": token,
-                        "created_by": "system",
-                        "created_at": datetime.datetime.now(datetime.timezone.utc),
-                    }
+                delete(UserSession).where(
+                    UserSession.user_id == user_id,
+                    UserSession.refresh_token_expired_at < now,
                 ),
             )
-    async def remove_token(self, user_id: str, token: str):
+    async def get_active_user_sessions(self, user_id: str) -> list[UserSessionResponse]:
+        now = datetime.datetime.now(datetime.timezone.utc)
         async with self._session_scope() as session:
-            await self._execute_statement(
+            result = await self._execute_statement(
                 session,
-                delete(Session).where(
-                    Session.token == token, Session.user_id == user_id
+                select(UserSession).where(
+                    UserSession.user_id == user_id,
+                    UserSession.refresh_token_expired_at > now,
                 ),
             )
+            return [self._user_session_to_response(row[0]) for row in result.all()]
-    async def get_sessions(self, user_id: str) -> list[SessionResponse]:
+    async def get_user_session_by_access_token(
+        self, access_token: str
+    ) -> UserSessionResponse:
+        now = datetime.datetime.now(datetime.timezone.utc)
+        async with self._session_scope() as session:
+            result = await self._execute_statement(
+                session,
+                select(UserSession).where(
+                    UserSession.access_token == access_token,
+                    UserSession.access_token_expired_at > now,
+                ),
+            )
+            user_session = result.scalar_one_or_none()
+            if user_session is None:
+                raise NotFoundError("User session not found")
+            return self._user_session_to_response(user_session)
+    async def get_user_session_by_refresh_token(
+        self, refresh_token: str
+    ) -> UserSessionResponse:
+        now = datetime.datetime.now(datetime.timezone.utc)
         async with self._session_scope() as session:
-            statement = select(Session).where(Session.user_id == user_id)
-            result = await self._execute_statement(session, statement)
-            return [
-                SessionResponse(**session.model_dump())
-                for session in result.scalars().all()
-            ]
-    async def remove_session(self, user_id: str, session_id: str) -> SessionResponse:
+            result = await self._execute_statement(
+                session,
+                select(UserSession).where(
+                    UserSession.refresh_token == refresh_token,
+                    UserSession.refresh_token_expired_at > now,
+                ),
+            )
+            user_session = result.scalar_one_or_none()
+            if user_session is None:
+                raise NotFoundError("User session not found")
+            return self._user_session_to_response(user_session)
+    async def create_user_session(
+        self, user_id: str, token_data: UserTokenData
+    ) -> UserSessionResponse:
+        data_dict = self._model_to_data_dict(
+            token_data, user_id=user_id, id=ulid.new().str
+        )
         async with self._session_scope() as session:
-            statement = select(Session).where(
-                Session.user_id == user_id, Session.id == session_id
+            await self._execute_statement(
+                session, insert(UserSession).values(**data_dict)
+            )
+            result = await self._execute_statement(
+                session, select(UserSession).where(UserSession.id == data_dict["id"])
             )
-            result = await self._execute_statement(session, statement)
-            session = result.scalar_one_or_none()
-            if not session:
-                raise NotFoundError(f"{self.entity_name} not found")
+            user_session = result.scalar_one_or_none()
+            if user_session is None:
+                raise NotFoundError("User session not found after created")
+            return self._user_session_to_response(user_session)
+    async def update_user_session(
+        self, user_id: str, session_id: str, token_data: UserTokenData
+    ) -> UserSessionResponse:
+        data_dict = self._model_to_data_dict(token_data, user_id=user_id)
+        async with self._session_scope() as session:
             await self._execute_statement(
                 session,
-                delete(Session).where(
-                    Session.id == session_id, Session.user_id == user_id
+                (
+                    update(UserSession)
+                    .where(UserSession.id == session_id)
+                    .values(**data_dict)
                 ),
             )
-            return SessionResponse(**session.model_dump())
+            result = await self._execute_statement(
+                session, select(UserSession).where(UserSession.id == session_id)
+            )
+            user_session = result.scalar_one_or_none()
+            if user_session is None:
+                raise NotFoundError("User session not found after created")
+            return self._user_session_to_response(user_session)
+    async def delete_user_sessions(self, session_ids: list[str]):
+        async with self._session_scope() as session:
+            await self._execute_statement(
+                session, delete(UserSession).where(UserSession.id.in_(session_ids))
+            )
+    def _user_session_to_response(
+        self, user_session: UserSession
+    ) -> UserSessionResponse:
+        return UserSessionResponse(
+            id=user_session.id,
+            user_id=user_session.user_id,
+            access_token=user_session.access_token,
+            access_token_expired_at=user_session.access_token_expired_at,
+            refresh_token=user_session.refresh_token,
+            refresh_token_expired_at=user_session.refresh_token_expired_at,
+            token_type="bearer",
+        )

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/user/repository/user_repository.py CHANGED Viewed

@@ -1,10 +1,11 @@
 from abc import ABC, abstractmethod
-from my_app_name.schema.session import SessionResponse
 from my_app_name.schema.user import (
     User,
     UserCreateWithAudit,
     UserResponse,
+    UserSessionResponse,
+    UserTokenData,
     UserUpdateWithAudit,
 )
@@ -72,21 +73,37 @@ class UserRepository(ABC):
         """Get user by credential"""
     @abstractmethod
-    async def get_by_token(self, token: str) -> UserResponse:
-        """Get user by token"""
+    async def get_active_user_sessions(self, user_id: str) -> list[UserSessionResponse]:
+        """Get user sessions"""
     @abstractmethod
-    async def add_token(self, user_id: str, token: str):
-        """Add token to user"""
+    async def get_user_session_by_access_token(
+        self, access_token: str
+    ) -> UserSessionResponse:
+        """Get user session by access token"""
     @abstractmethod
-    async def remove_token(self, user_id: str, token: str):
-        """Remove token from user"""
+    async def get_user_session_by_refresh_token(
+        self, refresh_token: str
+    ) -> UserSessionResponse:
+        """Get user session by refresh token"""
     @abstractmethod
-    async def get_sessions(self, user_id: str) -> list[SessionResponse]:
-        """Get sessions"""
+    async def create_user_session(
+        self, user_id: str, token_data: UserTokenData
+    ) -> UserSessionResponse:
+        """Create new user session"""
     @abstractmethod
-    async def remove_session(self, user_id: str, session_id: str) -> SessionResponse:
-        """Remove a session"""
+    async def update_user_session(
+        self, user_id: str, session_id: str, token_data: UserTokenData
+    ) -> UserSessionResponse:
+        """Update user session"""
+    @abstractmethod
+    async def delete_expired_user_sessions(self, user_id: str):
+        """Delete expired user sessions"""
+    @abstractmethod
+    async def delete_user_sessions(self, session_ids: list[str]):
+        """Delete user session"""

zrb 1.0.0b8__py3-none-any.whl → 1.0.0b10__py3-none-any.whl

zrb 1.0.0b8py3-none-any.whl → 1.0.0b10py3-none-any.whl