PyPI - zrb - Versions diffs - 1.0.0b9__py3-none-any.whl → 1.0.0b10__py3-none-any.whl - Mend

zrb 1.0.0b9py3-none-any.whl → 1.0.0b10py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/migration/versions/8ed025bcc845_create_permissions.py ADDED Viewed

@@ -0,0 +1,69 @@
+"""create_permissions
+Revision ID: 8ed025bcc845
+Revises: 3093c7336477
+Create Date: 2025-02-08 19:09:14.536559
+"""
+from typing import Sequence, Union
+import sqlalchemy as sa
+import sqlmodel  # 🔥 FastApp Modification
+from alembic import op
+from module.auth.migration_metadata import metadata
+# revision identifiers, used by Alembic.
+revision: str = "8ed025bcc845"
+down_revision: Union[str, None] = "3093c7336477"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+def upgrade() -> None:
+    op.bulk_insert(
+        metadata.tables["permissions"],
+        [
+            # permission
+            {"name": "permission:create", "description": "create permission"},
+            {"name": "permission:read", "description": "read permission"},
+            {"name": "permission:update", "description": "update permission"},
+            {"name": "permission:delete", "description": "delete permission"},
+            # role
+            {"name": "role:create", "description": "create role"},
+            {"name": "role:read", "description": "read role"},
+            {"name": "role:update", "description": "update role"},
+            {"name": "role:delete", "description": "delete role"},
+            # user
+            {"name": "user:create", "description": "create user"},
+            {"name": "user:read", "description": "read user"},
+            {"name": "user:update", "description": "update user"},
+            {"name": "user:delete", "description": "delete user"},
+        ],
+    )
+    # ### end Alembic commands ###
+def downgrade() -> None:
+    op.execute(
+        sa.delete(metadata.tables["permissions"]).where(
+            metadata.tables["permissions"].c.name.in_(
+                # user
+                "user:create",
+                "user:read",
+                "user:update",
+                "user:delete",
+                # role
+                "role:create",
+                "role:read",
+                "role:update",
+                "role:delete",
+                # permission
+                "permission:create",
+                "permission:read",
+                "permission:update",
+                "permission:delete",
+            )
+        )
+    )
+    # ### end Alembic commands ###

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/user/repository/user_db_repository.py CHANGED Viewed

@@ -49,7 +49,7 @@ class UserDBRepository(
     def _select(self) -> Select:
         return (
-            select(User, Role, Permission, UserSession)
+            select(User, Role, Permission)
             .join(UserRole, UserRole.user_id == User.id, isouter=True)
             .join(Role, Role.id == UserRole.role_id, isouter=True)
             .join(RolePermission, RolePermission.role_id == Role.id, isouter=True)
@@ -62,7 +62,7 @@ class UserDBRepository(
         user_map: dict[str, dict[str, Any]] = {}
         user_role_map: dict[str, list[str]] = {}
         user_permission_map: dict[str, list[str]] = {}
-        for user, role, permission, _ in rows:
+        for user, role, permission in rows:
             if user.id not in user_map:
                 user_map[user.id] = {"user": user, "roles": [], "permissions": []}
                 user_role_map[user.id] = []
@@ -241,6 +241,9 @@ class UserDBRepository(
         return UserSessionResponse(
             id=user_session.id,
             user_id=user_session.user_id,
+            access_token=user_session.access_token,
             access_token_expired_at=user_session.access_token_expired_at,
+            refresh_token=user_session.refresh_token,
             refresh_token_expired_at=user_session.refresh_token_expired_at,
+            token_type="bearer",
         )

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/auth/service/user/user_service.py CHANGED Viewed

@@ -46,8 +46,20 @@ class UserService(BaseService):
         methods=["get"],
         response_model=AuthUserResponse,
     )
-    async def get_current_user(self, access_token: str) -> AuthUserResponse:
-        return self._get_auth_user_by_access_token(access_token)
+    async def get_current_user(self, access_token: str | None) -> AuthUserResponse:
+        if access_token is None or access_token == "":
+            return self._get_guest_user()
+        try:
+            user_session = await self.user_repository.get_user_session_by_access_token(
+                access_token
+            )
+            user_id = user_session.user_id
+            if user_id == self.config.super_user:
+                return self._get_super_user()
+            user = await self.user_repository.get_by_id(user_id)
+            return self._to_auth_user_response(user)
+        except NotFoundError:
+            return self._get_guest_user()
     @BaseService.route(
         "/api/v1/user-sessions",
@@ -78,7 +90,7 @@ class UserService(BaseService):
     async def update_user_session(self, refresh_token: str) -> UserSessionResponse:
         current_user = await self._get_auth_user_by_refresh_token(refresh_token)
         current_user_session = (
-            await self.user_respository.get_user_sesion_by_refresh_token(refresh_token)
+            await self.user_repository.get_user_session_by_refresh_token(refresh_token)
         )
         token_data = self._create_user_token_data(current_user.username)
         return await self.user_repository.update_user_session(
@@ -94,7 +106,7 @@ class UserService(BaseService):
     )
     async def delete_user_session(self, refresh_token: str) -> UserSessionResponse:
         current_user_session = (
-            await self.user_respository.get_user_sesion_by_refresh_token(refresh_token)
+            await self.user_repository.get_user_session_by_refresh_token(refresh_token)
         )
         await self.user_repository.delete_user_sessions([current_user_session.id])
         return current_user_session
@@ -231,23 +243,6 @@ class UserService(BaseService):
         user = await self.user_repository.get_by_id(user_id)
         return self._to_auth_user_response(user)
-    async def _get_auth_user_by_access_token(
-        self, access_token: str
-    ) -> AuthUserResponse:
-        if access_token is None or access_token == "":
-            return self._get_guest_user()
-        user_session = await self.user_repository.get_user_session_by_access_token(
-            access_token
-        )
-        user_id = user_session.user_id
-        if user_id == self.config.super_user:
-            return self._get_super_user()
-        try:
-            user = await self.user_repository.get_by_id(user_id)
-            return self._to_auth_user_response(user)
-        except NotFoundError:
-            return self._get_guest_user()
     async def _get_user_by_credentials(
         self, credentials: UserCredentials
     ) -> AuthUserResponse:

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/subroute/auth.py CHANGED Viewed

@@ -2,7 +2,13 @@ from typing import Annotated
 from fastapi import Depends, FastAPI, Response
 from fastapi.security import OAuth2PasswordRequestForm
+from my_app_name.common.error import ForbiddenError
 from my_app_name.module.auth.client.auth_client_factory import auth_client
+from my_app_name.module.gateway.util.auth import (
+    get_current_user,
+    set_user_session_cookie,
+    unset_user_session_cookie,
+)
 from my_app_name.schema.permission import (
     MultiplePermissionResponse,
     PermissionCreate,
@@ -16,6 +22,7 @@ from my_app_name.schema.role import (
     RoleUpdateWithPermissions,
 )
 from my_app_name.schema.user import (
+    AuthUserResponse,
     MultipleUserResponse,
     UserCreateWithRoles,
     UserCredentials,
@@ -37,203 +44,346 @@ def serve_auth_route(app: FastAPI):
                 password=form_data.password,
             )
         )
+        set_user_session_cookie(response, user_session)
         return user_session
     @app.put("/api/v1/user-sessions", response_model=UserSessionResponse)
-    async def update_user_session(refresh_token: str) -> UserSessionResponse:
-        return await auth_client.update_user_session(refresh_token)
+    async def update_user_session(
+        response: Response, refresh_token: str
+    ) -> UserSessionResponse:
+        user_session = await auth_client.update_user_session(refresh_token)
+        set_user_session_cookie(response, user_session)
+        return user_session
     @app.delete("/api/v1/user-sessions", response_model=UserSessionResponse)
-    async def delete_user_session(refresh_token: str) -> UserSessionResponse:
-        return await auth_client.delete_user_session(refresh_token)
+    async def delete_user_session(
+        response: Response, refresh_token: str
+    ) -> UserSessionResponse:
+        user_session = await auth_client.delete_user_session(refresh_token)
+        unset_user_session_cookie(response)
+        return user_session
     # Permission routes
     @app.get("/api/v1/permissions", response_model=MultiplePermissionResponse)
     async def get_permissions(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
         page: int = 1,
         page_size: int = 10,
         sort: str | None = None,
         filter: str | None = None,
     ) -> MultiplePermissionResponse:
+        if not current_user.has_permission("permission:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_permissions(
             page=page, page_size=page_size, sort=sort, filter=filter
         )
     @app.get("/api/v1/permissions/{permission_id}", response_model=PermissionResponse)
-    async def get_permission_by_id(permission_id: str) -> PermissionResponse:
+    async def get_permission_by_id(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_id: str,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_permission_by_id(permission_id)
     @app.post(
         "/api/v1/permissions/bulk",
         response_model=list[PermissionResponse],
     )
-    async def create_permission_bulk(data: list[PermissionCreate]):
+    async def create_permission_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: list[PermissionCreate],
+    ) -> list[PermissionResponse]:
+        if not current_user.has_permission("permission:create"):
+            raise ForbiddenError("Access denied")
         return await auth_client.create_permission_bulk(
-            [row.with_audit(created_by="system") for row in data]
+            [row.with_audit(created_by=current_user.id) for row in data]
         )
     @app.post(
         "/api/v1/permissions",
         response_model=PermissionResponse,
     )
-    async def create_permission(data: PermissionCreate):
-        return await auth_client.create_permission(data.with_audit(created_by="system"))
+    async def create_permission(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: PermissionCreate,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:create"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.create_permission(
+            data.with_audit(created_by=current_user.id)
+        )
     @app.put(
         "/api/v1/permissions/bulk",
         response_model=list[PermissionResponse],
     )
-    async def update_permission_bulk(permission_ids: list[str], data: PermissionUpdate):
+    async def update_permission_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_ids: list[str],
+        data: PermissionUpdate,
+    ) -> list[PermissionResponse]:
+        if not current_user.has_permission("permission:update"):
+            raise ForbiddenError("Access denied")
         return await auth_client.update_permission_bulk(
-            permission_ids, data.with_audit(updated_by="system")
+            permission_ids, data.with_audit(updated_by=current_user.id)
         )
     @app.put(
         "/api/v1/permissions/{permission_id}",
         response_model=PermissionResponse,
     )
-    async def update_permission(permission_id: str, data: PermissionUpdate):
-        return await auth_client.update_permission(data.with_audit(updated_by="system"))
+    async def update_permission(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_id: str,
+        data: PermissionUpdate,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:update"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.update_permission(
+            permission_id, data.with_audit(updated_by=current_user.id)
+        )
     @app.delete(
         "/api/v1/permissions/bulk",
         response_model=list[PermissionResponse],
     )
-    async def delete_permission_bulk(permission_ids: list[str]):
+    async def delete_permission_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_ids: list[str],
+    ) -> list[PermissionResponse]:
+        if not current_user.has_permission("permission:delete"):
+            raise ForbiddenError("Access denied")
         return await auth_client.delete_permission_bulk(
-            permission_ids, deleted_by="system"
+            permission_ids, deleted_by=current_user.id
         )
     @app.delete(
         "/api/v1/permissions/{permission_id}",
         response_model=PermissionResponse,
     )
-    async def delete_permission(permission_id: str):
-        return await auth_client.delete_permission(permission_id, deleted_by="system")
+    async def delete_permission(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_id: str,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_permission(
+            permission_id, deleted_by=current_user.id
+        )
     # Role routes
     @app.get("/api/v1/roles", response_model=MultipleRoleResponse)
     async def get_roles(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
         page: int = 1,
         page_size: int = 10,
         sort: str | None = None,
         filter: str | None = None,
     ) -> MultipleRoleResponse:
+        if not current_user.has_permission("role:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_roles(
             page=page, page_size=page_size, sort=sort, filter=filter
         )
     @app.get("/api/v1/roles/{role_id}", response_model=RoleResponse)
-    async def get_role_by_id(role_id: str) -> RoleResponse:
+    async def get_role_by_id(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_id: str,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_role_by_id(role_id)
     @app.post(
         "/api/v1/roles/bulk",
         response_model=list[RoleResponse],
     )
-    async def create_role_bulk(data: list[RoleCreateWithPermissions]):
+    async def create_role_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: list[RoleCreateWithPermissions],
+    ) -> list[RoleResponse]:
+        if not current_user.has_permission("role:create"):
+            raise ForbiddenError("Access denied")
         return await auth_client.create_role_bulk(
-            [row.with_audit(created_by="system") for row in data]
+            [row.with_audit(created_by=current_user.id) for row in data]
         )
     @app.post(
         "/api/v1/roles",
         response_model=RoleResponse,
     )
-    async def create_role(data: RoleCreateWithPermissions):
-        return await auth_client.create_role(data.with_audit(created_by="system"))
+    async def create_role(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: RoleCreateWithPermissions,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:create"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.create_role(
+            data.with_audit(created_by=current_user.id)
+        )
     @app.put(
         "/api/v1/roles/bulk",
         response_model=list[RoleResponse],
     )
-    async def update_role_bulk(role_ids: list[str], data: RoleUpdateWithPermissions):
+    async def update_role_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_ids: list[str],
+        data: RoleUpdateWithPermissions,
+    ) -> list[RoleResponse]:
+        if not current_user.has_permission("role:update"):
+            raise ForbiddenError("Access denied")
         return await auth_client.update_role_bulk(
-            role_ids, data.with_audit(updated_by="system")
+            role_ids, data.with_audit(updated_by=current_user.id)
         )
     @app.put(
         "/api/v1/roles/{role_id}",
         response_model=RoleResponse,
     )
-    async def update_role(role_id: str, data: RoleUpdateWithPermissions):
-        return await auth_client.update_role(data.with_audit(updated_by="system"))
+    async def update_role(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_id: str,
+        data: RoleUpdateWithPermissions,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:update"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.update_role(
+            role_id, data.with_audit(updated_by=current_user.id)
+        )
     @app.delete(
         "/api/v1/roles/bulk",
         response_model=list[RoleResponse],
     )
-    async def delete_role_bulk(role_ids: list[str]):
-        return await auth_client.delete_role_bulk(role_ids, deleted_by="system")
+    async def delete_role_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_ids: list[str],
+    ) -> list[RoleResponse]:
+        if not current_user.has_permission("role:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_role_bulk(role_ids, deleted_by=current_user.id)
     @app.delete(
         "/api/v1/roles/{role_id}",
         response_model=RoleResponse,
     )
-    async def delete_role(role_id: str):
-        return await auth_client.delete_role(role_id, deleted_by="system")
+    async def delete_role(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_id: str,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_role(role_id, deleted_by=current_user.id)
     # User routes
     @app.get("/api/v1/users", response_model=MultipleUserResponse)
     async def get_users(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
         page: int = 1,
         page_size: int = 10,
         sort: str | None = None,
         filter: str | None = None,
     ) -> MultipleUserResponse:
+        if not current_user.has_permission("user:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_users(
             page=page, page_size=page_size, sort=sort, filter=filter
         )
     @app.get("/api/v1/users/{user_id}", response_model=UserResponse)
-    async def get_user_by_id(user_id: str) -> UserResponse:
+    async def get_user_by_id(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_id: str,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_user_by_id(user_id)
     @app.post(
         "/api/v1/users/bulk",
         response_model=list[UserResponse],
     )
-    async def create_user_bulk(data: list[UserCreateWithRoles]):
+    async def create_user_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: list[UserCreateWithRoles],
+    ) -> list[UserResponse]:
+        if not current_user.has_permission("user:create"):
+            raise ForbiddenError("Access denied")
         return await auth_client.create_user_bulk(
-            [row.with_audit(created_by="system") for row in data]
+            [row.with_audit(created_by=current_user.id) for row in data]
         )
     @app.post(
         "/api/v1/users",
         response_model=UserResponse,
     )
-    async def create_user(data: UserCreateWithRoles):
-        return await auth_client.create_user(data.with_audit(created_by="system"))
+    async def create_user(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: UserCreateWithRoles,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:create"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.create_user(
+            data.with_audit(created_by=current_user.id)
+        )
     @app.put(
         "/api/v1/users/bulk",
         response_model=list[UserResponse],
     )
-    async def update_user_bulk(user_ids: list[str], data: UserUpdateWithRoles):
+    async def update_user_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_ids: list[str],
+        data: UserUpdateWithRoles,
+    ) -> list[UserResponse]:
+        if not current_user.has_permission("user:update"):
+            raise ForbiddenError("Access denied")
         return await auth_client.update_user_bulk(
-            user_ids, data.with_audit(updated_by="system")
+            user_ids, data.with_audit(updated_by=current_user.id)
         )
     @app.put(
         "/api/v1/users/{user_id}",
         response_model=UserResponse,
     )
-    async def update_user(user_id: str, data: UserUpdateWithRoles):
-        return await auth_client.update_user(data.with_audit(updated_by="system"))
+    async def update_user(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_id: str,
+        data: UserUpdateWithRoles,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:update"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.update_user(
+            user_id, data.with_audit(updated_by=current_user.id)
+        )
     @app.delete(
         "/api/v1/users/bulk",
         response_model=list[UserResponse],
     )
-    async def delete_user_bulk(user_ids: list[str]):
-        return await auth_client.delete_user_bulk(user_ids, deleted_by="system")
+    async def delete_user_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_ids: list[str],
+    ) -> list[UserResponse]:
+        if not current_user.has_permission("user:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_user_bulk(user_ids, deleted_by=current_user.id)
     @app.delete(
         "/api/v1/users/{user_id}",
         response_model=UserResponse,
     )
-    async def delete_user(user_id: str):
-        return await auth_client.delete_user(user_id, deleted_by="system")
+    async def delete_user(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_id: str,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_user(user_id, deleted_by=current_user.id)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/util/auth.py ADDED Viewed

@@ -0,0 +1,57 @@
+import datetime
+from fastapi import Depends, Request, Response
+from fastapi.security import OAuth2PasswordBearer
+from my_app_name.config import (
+    APP_AUTH_ACCESS_TOKEN_COOKIE_NAME,
+    APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES,
+    APP_AUTH_REFRESH_TOKEN_COOKIE_NAME,
+    APP_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES,
+)
+from my_app_name.module.auth.client.auth_client_factory import auth_client
+from my_app_name.schema.user import AuthUserResponse, UserSessionResponse
+from typing_extensions import Annotated
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/user-sessions", auto_error=False)
+async def get_current_user(
+    request: Request,
+    response: Response,
+    bearer_access_token: Annotated[str, Depends(oauth2_scheme)],
+) -> AuthUserResponse:
+    # Bearer token exists
+    if bearer_access_token is not None and bearer_access_token != "":
+        return await auth_client.get_current_user(bearer_access_token)
+    cookie_access_token = request.cookies.get(APP_AUTH_ACCESS_TOKEN_COOKIE_NAME)
+    # Cookie exists
+    if cookie_access_token is not None and cookie_access_token != "":
+        cookie_user = await auth_client.get_current_user(cookie_access_token)
+        if cookie_user.is_guest:
+            # If user is guest, the cookie is not needed
+            unset_user_session_cookie(response)
+        return cookie_user
+    # No bearer token or cookie
+    return await auth_client.get_current_user("")
+def set_user_session_cookie(response: Response, user_session: UserSessionResponse):
+    response.set_cookie(
+        key=APP_AUTH_ACCESS_TOKEN_COOKIE_NAME,
+        value=user_session.access_token,
+        httponly=True,
+        max_age=60 * APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES,
+        expires=user_session.access_token_expired_at.astimezone(datetime.timezone.utc),
+    )
+    response.set_cookie(
+        key=APP_AUTH_REFRESH_TOKEN_COOKIE_NAME,
+        value=user_session.refresh_token,
+        httponly=True,
+        max_age=60 * APP_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES,
+        expires=user_session.refresh_token_expired_at.astimezone(datetime.timezone.utc),
+    )
+def unset_user_session_cookie(response: Response):
+    response.delete_cookie(APP_AUTH_ACCESS_TOKEN_COOKIE_NAME)
+    response.delete_cookie(APP_AUTH_REFRESH_TOKEN_COOKIE_NAME)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/requirements.txt CHANGED Viewed

@@ -4,4 +4,9 @@ sqlmodel~=0.0.22
 ulid-py~=1.1.0
 passlib~=1.7.4
 Jinja2~=3.1.5
-python-jose~=3.3.0
+python-jose~=3.3.0
+passlib~=1.7.4
+pytest~=8.3.4
+pytest-asyncio~=0.24.0
+pytest-cov~=6.0.0

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/schema/permission.py CHANGED Viewed

@@ -34,6 +34,7 @@ class PermissionUpdateWithAudit(PermissionUpdate):
 class PermissionResponse(PermissionBase):
     id: str
+    description: str
 class MultiplePermissionResponse(BaseModel):

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/schema/user.py CHANGED Viewed

@@ -90,6 +90,12 @@ class AuthUserResponse(UserResponse):
     is_super_user: bool
     is_guest: bool
+    def has_permission(self, permission_name: str):
+        return self.is_super_user or permission_name in self.permission_names
+    def has_role(self, role_name: str):
+        return self.is_super_user or role_name in self.role_names
 class MultipleUserResponse(BaseModel):
     data: list[UserResponse]
@@ -111,6 +117,9 @@ class UserTokenData(SQLModel):
 class UserSessionResponse(SQLModel):
     id: str
     user_id: str
+    access_token: str
+    refresh_token: str
+    token_type: str
     access_token_expired_at: datetime.datetime
     refresh_token_expired_at: datetime.datetime

zrb 1.0.0b9__py3-none-any.whl → 1.0.0b10__py3-none-any.whl

zrb 1.0.0b9py3-none-any.whl → 1.0.0b10py3-none-any.whl