Complete backend rebuild

Main components:

- Inboard 0.10.4 -> 0.37.0, including FastAPI 0.88
- SQLAlchemy 1.3 -> 1.4
- Authentication refresh token stored for long-term issuing of a new access token.

NOTE: Tests have not been updated and will fail ...

Author: turukawa

{{cookiecutter.project_slug}}/backend/.dockerignore

@@ -0,0 +1,3 @@
+# Get rid of .venv when copying
+*/.venv
+*/*/.venv

{{cookiecutter.project_slug}}/backend/app/.flake8

@@ -1,3 +1,5 @@
 [flake8]
-max-line-length = 88
+ignore = E302, E305, E203, E501, W503
+select = C,E,F,W,B,B950
+max-line-length = 120
 exclude = .git,__pycache__,__init__.py,.mypy_cache,.pytest_cache

{{cookiecutter.project_slug}}/backend/app/.gitignore

@@ -1,3 +1,23 @@
 .mypy_cache
 .coverage
 htmlcov
+.venv
+.vscode
+*.py[co]
+*.egg
+*.egg-info
+*.ipynb
+*.code-workspace
+dist
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+pip-log.txt
+.coverage
+.tox
+*.mo
+.s3cfg

{{cookiecutter.project_slug}}/backend/app/.python-version

@@ -0,0 +1 @@
+3.9.4

{{cookiecutter.project_slug}}/backend/app/alembic/versions/c4f38069dc24_first_revision.py

@@ -0,0 +1,53 @@
+"""First revision
+
+Revision ID: c4f38069dc24
+Revises: 
+Create Date: 2022-12-16 08:09:54.834747
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = 'c4f38069dc24'
+down_revision = None
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('user',
+    sa.Column('id', postgresql.UUID(as_uuid=True), nullable=False),
+    sa.Column('full_name', sa.String(), nullable=True),
+    sa.Column('email', sa.String(), nullable=False),
+    sa.Column('hashed_password', sa.String(), nullable=False),
+    sa.Column('email_validated', sa.Boolean(), nullable=True),
+    sa.Column('is_active', sa.Boolean(), nullable=True),
+    sa.Column('is_superuser', sa.Boolean(), nullable=True),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True)
+    op.create_index(op.f('ix_user_full_name'), 'user', ['full_name'], unique=False)
+    op.create_index(op.f('ix_user_id'), 'user', ['id'], unique=False)
+    op.create_table('token',
+    sa.Column('token', sa.String(), nullable=False),
+    sa.Column('is_valid', sa.Boolean(), nullable=True),
+    sa.Column('authenticates_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.ForeignKeyConstraint(['authenticates_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('token')
+    )
+    op.create_index(op.f('ix_token_token'), 'token', ['token'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_token_token'), table_name='token')
+    op.drop_table('token')
+    op.drop_index(op.f('ix_user_id'), table_name='user')
+    op.drop_index(op.f('ix_user_full_name'), table_name='user')
+    op.drop_index(op.f('ix_user_email'), table_name='user')
+    op.drop_table('user')
+    # ### end Alembic commands ###

{{cookiecutter.project_slug}}/backend/app/alembic/versions/d4867f3a4c0a_first_revision.py

@@ -1,9 +1,12 @@
 from fastapi import APIRouter
 
-from app.api.api_v1.endpoints import items, login, users, utils
+from app.api.api_v1.endpoints import (
+    login,
+    users,
+    proxy,
+)
 
 api_router = APIRouter()
 api_router.include_router(login.router, tags=["login"])
 api_router.include_router(users.router, prefix="/users", tags=["users"])
-api_router.include_router(utils.router, prefix="/utils", tags=["utils"])
-api_router.include_router(items.router, prefix="/items", tags=["items"])
+api_router.include_router(proxy.router, prefix="/proxy", tags=["proxy"])

{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/api.py

@@ -10,7 +10,7 @@
 from app.core import security
 from app.core.config import settings
 from app.core.security import get_password_hash
-from app.utils import (
+from app.utilities import (
     generate_password_reset_token,
     send_reset_password_email,
     verify_password_reset_token,
@@ -20,34 +20,55 @@
 
 
 @router.post("/login/access-token", response_model=schemas.Token)
-def login_access_token(
-    db: Session = Depends(deps.get_db), form_data: OAuth2PasswordRequestForm = Depends()
-) -> Any:
+def login_access_token(db: Session = Depends(deps.get_db), form_data: OAuth2PasswordRequestForm = Depends()) -> Any:
     """
     OAuth2 compatible token login, get an access token for future requests
     """
-    user = crud.user.authenticate(
-        db, email=form_data.username, password=form_data.password
-    )
+    user = crud.user.authenticate(db, email=form_data.username, password=form_data.password)
     if not user:
         raise HTTPException(status_code=400, detail="Incorrect email or password")
     elif not crud.user.is_active(user):
         raise HTTPException(status_code=400, detail="Inactive user")
-    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token_expires = timedelta(seconds=settings.ACCESS_TOKEN_EXPIRE_SECONDS)
+    refresh_token_expires = timedelta(seconds=settings.REFRESH_TOKEN_EXPIRE_SECONDS)
+    refresh_token = security.create_refresh_token(user.id, expires_delta=refresh_token_expires)
+    crud.token.create(db=db, obj_in=refresh_token, user_obj=user)
     return {
-        "access_token": security.create_access_token(
-            user.id, expires_delta=access_token_expires
-        ),
+        "access_token": security.create_access_token(user.id, expires_delta=access_token_expires),
+        "refresh_token": refresh_token,
         "token_type": "bearer",
     }
 
 
-@router.post("/login/test-token", response_model=schemas.User)
-def test_token(current_user: models.User = Depends(deps.get_current_user)) -> Any:
+@router.post("/login/refresh-token", response_model=schemas.Token)
+def refresh_token(
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_refresh_user),
+) -> Any:
     """
-    Test access token
+    Refresh tokens for future requests
     """
-    return current_user
+    access_token_expires = timedelta(seconds=settings.ACCESS_TOKEN_EXPIRE_SECONDS)
+    refresh_token_expires = timedelta(seconds=settings.REFRESH_TOKEN_EXPIRE_SECONDS)
+    refresh_token = security.create_refresh_token(current_user.id, expires_delta=refresh_token_expires)
+    crud.token.create(db=db, obj_in=refresh_token, user_obj=current_user)
+    access_token = security.create_access_token(current_user.id, expires_delta=access_token_expires)
+    return {
+        "access_token": access_token,
+        "refresh_token": refresh_token,
+        "token_type": "bearer",
+    }
+
+
+@router.post("/login/revoke-token", response_model=schemas.Msg)
+def revoke_token(
+    db: Session = Depends(deps.get_db),
+    current_user: models.User = Depends(deps.get_refresh_user),
+) -> Any:
+    """
+    Revoke a refresh token
+    """
+    return {"msg": "Token revoked"}
 
 
 @router.post("/password-recovery/{email}", response_model=schemas.Msg)
@@ -56,20 +77,17 @@ def recover_password(email: str, db: Session = Depends(deps.get_db)) -> Any:
     Password Recovery
     """
     user = crud.user.get_by_email(db, email=email)
-
     if not user:
         raise HTTPException(
             status_code=404,
-            detail="The user with this username does not exist in the system.",
+            detail="This user does not exist in the system.",
         )
     password_reset_token = generate_password_reset_token(email=email)
-    send_reset_password_email(
-        email_to=user.email, email=email, token=password_reset_token
-    )
-    return {"msg": "Password recovery email sent"}
+    send_reset_password_email(email_to=user.email, email=email, token=password_reset_token)
+    return {"msg": "Password recovery email sent."}
 
 
-@router.post("/reset-password/", response_model=schemas.Msg)
+@router.post("/reset-password", response_model=schemas.Msg)
 def reset_password(
     token: str = Body(...),
     new_password: str = Body(...),
@@ -85,12 +103,12 @@ def reset_password(
     if not user:
         raise HTTPException(
             status_code=404,
-            detail="The user with this username does not exist in the system.",
+            detail="This user does not exist in the system.",
         )
     elif not crud.user.is_active(user):
         raise HTTPException(status_code=400, detail="Inactive user")
     hashed_password = get_password_hash(new_password)
     user.hashed_password = hashed_password
     db.add(user)
     db.commit()
-    return {"msg": "Password updated successfully"}
+    return {"msg": "Password updated successfully."}