Adriano/TieMeasureFlow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: FASE 1 - Backend Core (modelli, auth, API)

Browse Source 
Implementazione completa del backend FastAPI:
- Modelli SQLAlchemy: User, Recipe, RecipeVersion, RecipeTask,
  RecipeSubtask, Measurement, AccessLog, SystemSetting, RecipeVersionAudit
- Schemas Pydantic v2 per tutti i CRUD + statistiche SPC
- Middleware: API Key auth (X-API-Key) con role checking + access logging
- Router: auth, users, recipes, tasks, measurements, files, settings
- Services: auth (bcrypt+secrets), recipe (copy-on-write versioning),
  measurement (auto pass/fail con UTL/UWL/LWL/LTL)
- Alembic env.py con import modelli attivi
- Fix architect review: no double-commit, recipe_id subquery filter,
  user_id in access logs, type annotations corrette

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Adriano
2026-02-07 00:40:50 +01:00
parent 76be6f5ac4
commit d6508e0ae8
28 changed files with 2942 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/routers/auth.py
+62
View File
@@ -0,0 +1,62 @@
"""Authentication router - login, logout, profile."""
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.ext.asyncio import AsyncSession
from database import get_db
from middleware.api_key import get_current_user
from models.user import User
from schemas.user import (
LoginRequest,
LoginResponse,
UserProfileUpdate,
UserResponse,
)
from services.auth_service import authenticate_user, login_user, logout_user
router = APIRouter(prefix="/api/auth", tags=["auth"])
@router.post("/login", response_model=LoginResponse)
async def login(data: LoginRequest, db: AsyncSession = Depends(get_db)):
"""Login with username and password, receive API key."""
user = await authenticate_user(db, data.username, data.password)
if user is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid username or password",
)
api_key = await login_user(db, user)
return LoginResponse(
user=UserResponse.model_validate(user),
api_key=api_key,
)
@router.post("/logout", status_code=status.HTTP_204_NO_CONTENT)
async def logout(
user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
):
"""Logout - invalidate API key."""
await logout_user(db, user)
@router.get("/me", response_model=UserResponse)
async def get_profile(user: User = Depends(get_current_user)):
"""Get current user profile."""
return UserResponse.model_validate(user)
@router.put("/me", response_model=UserResponse)
async def update_profile(
data: UserProfileUpdate,
user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
):
"""Update own profile (display_name, language, theme)."""
update_data = data.model_dump(exclude_unset=True)
for field, value in update_data.items():
setattr(user, field, value)
await db.flush()
await db.refresh(user)
return UserResponse.model_validate(user)