feat: Addition of authentication and user management systems

app/api/v1/endpoints/__init__.py

@@ -0,0 +1,11 @@
+from fastapi import APIRouter
+
+router = APIRouter()
+
+from .user import router as user_router
+from .auth import router as auth_router
+
+router.include_router(user_router, prefix="/users")
+router.include_router(auth_router, prefix="/auth")
+
+ 

app/api/v1/endpoints/auth.py

@@ -0,0 +1,68 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Response
+
+from sqlalchemy import select
+from sqlalchemy.orm import Session
+
+from app.core import settings
+from app.core.security import (
+    verify_password,
+    create_access_token,
+    set_auth_cookie,
+)
+
+from app.db import get_async_db
+from app.db.models import User
+
+from app.api.v1.schemas import TokenRequest, TokenResponse
+
+
+router = APIRouter()
+
+
+# ------------------------
+# Authentication
+# ------------------------
+
+@router.post(
+    "/login",
+    response_model=TokenResponse,
+    status_code=status.HTTP_200_OK,
+    tags=["Authentication"]
+)
+async def get_token(payload: TokenRequest, response: Response, db: Session = Depends(get_async_db)):
+    result = await db.execute(select(User).where(User.username == payload.username))
+    user = result.scalar_one_or_none()
+    if not user or not verify_password(payload.password, user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid crendentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    access_token = create_access_token(
+        data = {"sub": str(user.id)}
+    )
+
+    set_auth_cookie(
+        response,
+        token=access_token,
+        max_age=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
+    )
+
+    return {"access_token": access_token}
+
+
+@router.post(
+    "/logout",
+    status_code=status.HTTP_200_OK,
+    tags=["Authentication"],
+)
+def logout(response: Response) -> dict:
+    response.delete_cookie(
+        key="access_token",
+        path="/",               # même chemin que lors du set_cookie
+        httponly=True,
+        samesite="lax" if settings.ENV == "dev" else "strict",
+        secure=settings.USE_SSL,          # mettre True en prod sur HTTPS
+    )
+    return {"detail": "Logged out successfully"}

app/api/v1/endpoints/user.py

@@ -0,0 +1,194 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Response, Request
+
+from sqlalchemy import select
+from sqlalchemy.orm import Session
+
+from app.core import settings
+from app.core.security import (
+    hash_password,
+    get_token_payload,
+    get_current_user,
+    get_cookie_token,
+    verify_password,
+    create_access_token,
+    set_auth_cookie,
+)
+
+from app.db import get_async_db
+from app.db.models import User
+
+from app.api.v1.schemas import UserCreate, UserRead
+
+
+router = APIRouter()
+
+
+# ------------------------
+# User
+# ------------------------
+
+@router.post(
+    "/new", 
+    response_model=UserRead, 
+    status_code=status.HTTP_201_CREATED, 
+    tags=["Users"]
+)
+async def register_user(user_in: UserCreate, response: Response, db: Session = Depends(get_async_db)):
+
+    result = await db.execute(select(User).where(User.email == user_in.email))
+    if result.scalar_one_or_none():
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST, 
+            detail="Email already registered"
+        )
+    result = await db.execute(select(User).where(User.username == user_in.username))
+    if result.scalar_one_or_none():
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST, 
+            detail="Username already registered"
+        )
+    
+    user = User(
+        username=user_in.username,
+        email=user_in.email,
+        hashed_password=hash_password(user_in.password),
+
+        stats = "{}"
+    )
+    db.add(user)
+    await db.commit()
+    await db.refresh(user)
+    
+    access_token = create_access_token(
+        data = {"sub": str(user.id)}
+    )
+
+    set_auth_cookie(
+        response,
+        token=access_token,
+        max_age=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
+    )
+    
+    return UserRead.model_validate(user)
+
+
+@router.get(
+    "/me",
+    response_model=UserRead,
+    status_code=status.HTTP_200_OK,
+    tags=["Users"]
+)
+async def get_user(payload: dict = Depends(get_token_payload), db: Session = Depends(get_async_db)):
+    user_id = payload.get('sub')
+    if not user_id:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid token payload"
+        )
+    
+    result = await db.execute(select(User).where(User.id == int(user_id)))
+    user = result.scalar_one_or_none()
+
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found",
+        )
+    
+    return UserRead.model_validate(user)
+
+
+@router.put(
+    "/me",
+    response_model=UserRead,
+    status_code=status.HTTP_200_OK,
+    tags=["Users"]
+)
+async def update_user(user_in: UserCreate, payload: dict = Depends(get_token_payload), db: Session = Depends(get_async_db)):
+    user_id = payload.get('sub')
+    if not user_id:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid token payload"
+        )
+    
+    result = await db.execute(select(User).where(User.id == int(user_id)))
+    user = result.scalar_one_or_none()
+
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found",
+        )
+    
+    if user_in.email != user.email:
+        result = await db.execute(select(User).where(
+            (User.email == user_in.email)
+        ))
+        if result.scalar_one_or_none():
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST, 
+                detail="Email or username already registered"
+            )
+    
+    if user_in.username != user.username:
+        result = await db.execute(select(User).where(
+            (User.username == user_in.username)
+        ))
+        if result.scalar_one_or_none():
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST, 
+                detail="Email or username already registered"
+            )
+
+    user.username = user_in.username
+    user.email = user_in.email
+    user.hashed_password = hash_password(user_in.password)
+
+    await db.commit()
+    await db.refresh(user)
+
+    return UserRead.model_validate(user)
+
+
+@router.delete(
+    "/me",
+    status_code=status.HTTP_200_OK,
+    tags=['Users']
+)
+async def delete_user(payload: dict = Depends(get_token_payload), db: Session = Depends(get_async_db)):
+    user_id = payload.get('sub')
+    if not user_id:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid token payload"
+        )
+    
+    result = await db.execute(select(User).where(User.id == int(user_id)))
+    user = result.scalar_one_or_none()
+
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found",
+        )
+    
+    await db.delete(user)
+    await db.commit()
+
+    response = Response()
+    response.delete_cookie(
+        key="access_token",
+        path="/",               # mesmo chemin que lors du set_cookie
+        httponly=True,
+        samesite="lax" if settings.ENV == "dev" else "strict",
+        secure=settings.USE_SSL,          # mettre True en prod sur HTTPS
+    )
+
+    return response
+
+
+
+
+
+