2025-07-17 13:09:24 +02:00
|
|
|
"""
|
2025-10-06 15:27:01 +02:00
|
|
|
Authentication Operations API Endpoints
|
|
|
|
|
Business logic for login, register, token refresh, password reset, and email verification
|
2025-07-17 13:09:24 +02:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, status, Request
|
2025-07-20 08:33:23 +02:00
|
|
|
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
2025-10-27 16:33:26 +01:00
|
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
|
from typing import Dict, Any
|
2025-07-18 14:41:39 +02:00
|
|
|
import structlog
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
from app.schemas.auth import (
|
|
|
|
|
UserRegistration, UserLogin, TokenResponse, RefreshTokenRequest,
|
|
|
|
|
PasswordChange, PasswordReset, UserResponse
|
|
|
|
|
)
|
|
|
|
|
from app.services.auth_service import EnhancedAuthService
|
2025-10-27 16:33:26 +01:00
|
|
|
from app.models.users import User
|
|
|
|
|
from app.core.database import get_db
|
2025-08-08 09:08:41 +02:00
|
|
|
from shared.database.base import create_database_manager
|
2025-07-20 08:33:23 +02:00
|
|
|
from shared.monitoring.decorators import track_execution_time
|
2025-07-26 20:04:24 +02:00
|
|
|
from shared.monitoring.metrics import get_metrics_collector
|
2025-10-27 16:33:26 +01:00
|
|
|
from shared.auth.decorators import get_current_user_dep
|
2025-08-08 09:08:41 +02:00
|
|
|
from app.core.config import settings
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-18 14:41:39 +02:00
|
|
|
logger = structlog.get_logger()
|
2025-10-06 15:27:01 +02:00
|
|
|
router = APIRouter(tags=["auth-operations"])
|
2025-07-26 20:04:24 +02:00
|
|
|
security = HTTPBearer()
|
2025-07-20 08:33:23 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
|
|
|
|
|
def get_auth_service():
|
|
|
|
|
"""Dependency injection for EnhancedAuthService"""
|
|
|
|
|
database_manager = create_database_manager(settings.DATABASE_URL, "auth-service")
|
|
|
|
|
return EnhancedAuthService(database_manager)
|
|
|
|
|
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/register", response_model=TokenResponse)
|
2025-08-08 09:08:41 +02:00
|
|
|
@track_execution_time("enhanced_registration_duration_seconds", "auth-service")
|
2025-07-26 22:03:55 +02:00
|
|
|
async def register(
|
|
|
|
|
user_data: UserRegistration,
|
2025-07-18 12:34:28 +02:00
|
|
|
request: Request,
|
2025-08-08 09:08:41 +02:00
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-17 13:09:24 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Register new user using enhanced repository pattern"""
|
2025-07-18 12:34:28 +02:00
|
|
|
metrics = get_metrics_collector(request)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Registration attempt using repository pattern",
|
|
|
|
|
email=user_data.email)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
try:
|
2025-08-08 09:08:41 +02:00
|
|
|
# Enhanced input validation
|
2025-07-26 22:03:55 +02:00
|
|
|
if not user_data.email or not user_data.email.strip():
|
2025-07-20 08:33:23 +02:00
|
|
|
raise HTTPException(
|
2025-07-26 22:03:55 +02:00
|
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
|
|
|
detail="Email is required"
|
2025-07-20 08:33:23 +02:00
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 22:03:55 +02:00
|
|
|
if not user_data.password or len(user_data.password) < 8:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
|
|
|
detail="Password must be at least 8 characters long"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 22:03:55 +02:00
|
|
|
if not user_data.full_name or not user_data.full_name.strip():
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
|
|
|
detail="Full name is required"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
# Register user using enhanced service
|
|
|
|
|
result = await auth_service.register_user(user_data)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 22:03:55 +02:00
|
|
|
# Record successful registration
|
2025-07-26 20:04:24 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_registration_total", labels={"status": "success"})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Registration successful using repository pattern",
|
|
|
|
|
user_id=result.user.id,
|
|
|
|
|
email=user_data.email)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
return result
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-18 12:34:28 +02:00
|
|
|
except HTTPException as e:
|
|
|
|
|
if metrics:
|
2025-07-26 22:03:55 +02:00
|
|
|
error_type = "validation_error" if e.status_code == 400 else "conflict" if e.status_code == 409 else "failed"
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_registration_total", labels={"status": error_type})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.warning("Registration failed using repository pattern",
|
|
|
|
|
email=user_data.email,
|
|
|
|
|
error=e.detail)
|
2025-07-17 13:09:24 +02:00
|
|
|
raise
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
except Exception as e:
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_registration_total", labels={"status": "error"})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.error("Registration system error using repository pattern",
|
|
|
|
|
email=user_data.email,
|
|
|
|
|
error=str(e))
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
2025-08-08 09:08:41 +02:00
|
|
|
detail="Registration failed"
|
2025-07-17 13:09:24 +02:00
|
|
|
)
|
|
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/login", response_model=TokenResponse)
|
2025-08-08 09:08:41 +02:00
|
|
|
@track_execution_time("enhanced_login_duration_seconds", "auth-service")
|
2025-07-26 22:03:55 +02:00
|
|
|
async def login(
|
|
|
|
|
login_data: UserLogin,
|
2025-07-17 13:09:24 +02:00
|
|
|
request: Request,
|
2025-08-08 09:08:41 +02:00
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-17 13:09:24 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Login user using enhanced repository pattern"""
|
2025-07-18 12:34:28 +02:00
|
|
|
metrics = get_metrics_collector(request)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Login attempt using repository pattern",
|
|
|
|
|
email=login_data.email)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
try:
|
2025-08-08 09:08:41 +02:00
|
|
|
# Enhanced input validation
|
2025-07-26 22:03:55 +02:00
|
|
|
if not login_data.email or not login_data.email.strip():
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
|
|
|
detail="Email is required"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 22:03:55 +02:00
|
|
|
if not login_data.password:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
|
|
|
detail="Password is required"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
# Login using enhanced service
|
|
|
|
|
result = await auth_service.login_user(login_data)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 22:03:55 +02:00
|
|
|
# Record successful login
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_login_success_total")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Login successful using repository pattern",
|
|
|
|
|
user_id=result.user.id,
|
|
|
|
|
email=login_data.email)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
return result
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 21:25:27 +02:00
|
|
|
except HTTPException as e:
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-07-26 22:03:55 +02:00
|
|
|
reason = "validation_error" if e.status_code == 400 else "auth_failed"
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_login_failure_total", labels={"reason": reason})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.warning("Login failed using repository pattern",
|
|
|
|
|
email=login_data.email,
|
|
|
|
|
error=e.detail)
|
2025-07-17 13:09:24 +02:00
|
|
|
raise
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
except Exception as e:
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_login_failure_total", labels={"reason": "error"})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.error("Login system error using repository pattern",
|
|
|
|
|
email=login_data.email,
|
|
|
|
|
error=str(e))
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
2025-07-26 22:03:55 +02:00
|
|
|
detail="Login failed"
|
2025-07-17 13:09:24 +02:00
|
|
|
)
|
|
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/refresh")
|
2025-08-08 09:08:41 +02:00
|
|
|
@track_execution_time("enhanced_token_refresh_duration_seconds", "auth-service")
|
2025-07-17 13:09:24 +02:00
|
|
|
async def refresh_token(
|
|
|
|
|
refresh_data: RefreshTokenRequest,
|
2025-07-18 12:34:28 +02:00
|
|
|
request: Request,
|
2025-08-08 09:08:41 +02:00
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-17 13:09:24 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Refresh access token using repository pattern"""
|
2025-07-18 12:34:28 +02:00
|
|
|
metrics = get_metrics_collector(request)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
try:
|
2025-08-08 09:08:41 +02:00
|
|
|
result = await auth_service.refresh_access_token(refresh_data.refresh_token)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-18 12:34:28 +02:00
|
|
|
# Record successful refresh
|
|
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_token_refresh_success_total")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.debug("Access token refreshed using repository pattern")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
return result
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-18 12:34:28 +02:00
|
|
|
except HTTPException as e:
|
|
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_token_refresh_failure_total")
|
|
|
|
|
logger.warning("Token refresh failed using repository pattern", error=e.detail)
|
2025-07-17 13:09:24 +02:00
|
|
|
raise
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
except Exception as e:
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_token_refresh_failure_total")
|
|
|
|
|
logger.error("Token refresh error using repository pattern", error=str(e))
|
2025-07-17 13:09:24 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
|
|
|
detail="Token refresh failed"
|
|
|
|
|
)
|
|
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/verify")
|
2025-08-08 09:08:41 +02:00
|
|
|
@track_execution_time("enhanced_token_verify_duration_seconds", "auth-service")
|
2025-07-17 13:09:24 +02:00
|
|
|
async def verify_token(
|
2025-07-20 08:33:23 +02:00
|
|
|
credentials: HTTPAuthorizationCredentials = Depends(security),
|
2025-08-08 09:08:41 +02:00
|
|
|
request: Request = None,
|
|
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-17 13:09:24 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Verify access token using repository pattern"""
|
2025-07-20 08:33:23 +02:00
|
|
|
metrics = get_metrics_collector(request) if request else None
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
try:
|
2025-07-26 20:04:24 +02:00
|
|
|
if not credentials:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
|
detail="Authentication required"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
result = await auth_service.verify_user_token(credentials.credentials)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 20:04:24 +02:00
|
|
|
# Record successful verification
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_token_verify_success_total")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-26 20:04:24 +02:00
|
|
|
return {
|
|
|
|
|
"valid": True,
|
|
|
|
|
"user_id": result.get("user_id"),
|
|
|
|
|
"email": result.get("email"),
|
2025-08-08 09:08:41 +02:00
|
|
|
"role": result.get("role"),
|
2025-07-26 20:04:24 +02:00
|
|
|
"exp": result.get("exp"),
|
|
|
|
|
"message": None
|
|
|
|
|
}
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-18 12:34:28 +02:00
|
|
|
except HTTPException as e:
|
|
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_token_verify_failure_total")
|
|
|
|
|
logger.warning("Token verification failed using repository pattern", error=e.detail)
|
2025-07-17 13:09:24 +02:00
|
|
|
raise
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
except Exception as e:
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_token_verify_failure_total")
|
|
|
|
|
logger.error("Token verification error using repository pattern", error=str(e))
|
2025-07-17 13:09:24 +02:00
|
|
|
raise HTTPException(
|
2025-07-20 08:33:23 +02:00
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
|
detail="Invalid token"
|
2025-07-17 13:09:24 +02:00
|
|
|
)
|
|
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/logout")
|
2025-08-08 09:08:41 +02:00
|
|
|
@track_execution_time("enhanced_logout_duration_seconds", "auth-service")
|
2025-07-17 13:09:24 +02:00
|
|
|
async def logout(
|
2025-07-20 08:33:23 +02:00
|
|
|
refresh_data: RefreshTokenRequest,
|
2025-07-17 13:09:24 +02:00
|
|
|
request: Request,
|
2025-08-08 09:08:41 +02:00
|
|
|
credentials: HTTPAuthorizationCredentials = Depends(security),
|
|
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-17 13:09:24 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Logout user using repository pattern"""
|
2025-07-18 12:34:28 +02:00
|
|
|
metrics = get_metrics_collector(request)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
try:
|
2025-08-08 09:08:41 +02:00
|
|
|
# Verify token to get user_id
|
|
|
|
|
payload = await auth_service.verify_user_token(credentials.credentials)
|
|
|
|
|
user_id = payload.get("user_id")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
if not user_id:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
|
detail="Invalid token"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
success = await auth_service.logout_user(user_id, refresh_data.refresh_token)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
if metrics:
|
2025-07-22 13:46:05 +02:00
|
|
|
status_label = "success" if success else "failed"
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_logout_total", labels={"status": status_label})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Logout using repository pattern",
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
success=success)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-22 13:46:05 +02:00
|
|
|
return {"message": "Logout successful" if success else "Logout failed"}
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
except HTTPException:
|
|
|
|
|
raise
|
2025-07-20 08:33:23 +02:00
|
|
|
except Exception as e:
|
|
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_logout_total", labels={"status": "error"})
|
|
|
|
|
logger.error("Logout error using repository pattern", error=str(e))
|
2025-07-20 08:33:23 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
|
|
|
detail="Logout failed"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/change-password")
|
2025-07-20 08:33:23 +02:00
|
|
|
async def change_password(
|
|
|
|
|
password_data: PasswordChange,
|
|
|
|
|
credentials: HTTPAuthorizationCredentials = Depends(security),
|
|
|
|
|
request: Request = None,
|
2025-08-08 09:08:41 +02:00
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-20 08:33:23 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Change user password using repository pattern"""
|
2025-07-20 08:33:23 +02:00
|
|
|
metrics = get_metrics_collector(request) if request else None
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
try:
|
|
|
|
|
if not credentials:
|
2025-07-18 12:34:28 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
2025-07-20 08:33:23 +02:00
|
|
|
detail="Authentication required"
|
2025-07-18 12:34:28 +02:00
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
# Verify current token
|
2025-08-08 09:08:41 +02:00
|
|
|
payload = await auth_service.verify_user_token(credentials.credentials)
|
2025-07-20 08:33:23 +02:00
|
|
|
user_id = payload.get("user_id")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
if not user_id:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
|
detail="Invalid token"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
# Validate new password length
|
|
|
|
|
if len(password_data.new_password) < 8:
|
2025-07-20 08:33:23 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
2025-08-08 09:08:41 +02:00
|
|
|
detail="New password must be at least 8 characters long"
|
2025-07-20 08:33:23 +02:00
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
# Change password using enhanced service
|
|
|
|
|
success = await auth_service.change_password(
|
|
|
|
|
user_id,
|
|
|
|
|
password_data.current_password,
|
|
|
|
|
password_data.new_password
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
status_label = "success" if success else "failed"
|
|
|
|
|
metrics.increment_counter("enhanced_password_change_total", labels={"status": status_label})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Password changed using repository pattern",
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
success=success)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
return {"message": "Password changed successfully"}
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
except HTTPException:
|
2025-07-18 12:34:28 +02:00
|
|
|
raise
|
2025-07-20 08:33:23 +02:00
|
|
|
except Exception as e:
|
|
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_password_change_total", labels={"status": "error"})
|
|
|
|
|
logger.error("Password change error using repository pattern", error=str(e))
|
2025-07-20 08:33:23 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
|
|
|
detail="Password change failed"
|
|
|
|
|
)
|
|
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.get("/api/v1/auth/me", response_model=UserResponse)
|
2025-08-08 09:08:41 +02:00
|
|
|
async def get_profile(
|
2025-10-27 16:33:26 +01:00
|
|
|
current_user: Dict[str, Any] = Depends(get_current_user_dep),
|
|
|
|
|
db: AsyncSession = Depends(get_db)
|
2025-08-08 09:08:41 +02:00
|
|
|
):
|
2025-10-27 16:33:26 +01:00
|
|
|
"""Get user profile - works for JWT auth AND demo sessions"""
|
2026-01-12 14:24:14 +01:00
|
|
|
logger.info(f"📋 Profile request received",
|
|
|
|
|
user_id=current_user.get("user_id"),
|
|
|
|
|
is_demo=current_user.get("is_demo", False),
|
|
|
|
|
demo_session_id=current_user.get("demo_session_id", ""),
|
|
|
|
|
email=current_user.get("email", ""),
|
|
|
|
|
path="/api/v1/auth/me")
|
2025-08-08 09:08:41 +02:00
|
|
|
try:
|
2025-10-27 16:33:26 +01:00
|
|
|
user_id = current_user.get("user_id")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
if not user_id:
|
2026-01-12 14:24:14 +01:00
|
|
|
logger.error(f"❌ No user_id in current_user context for profile request",
|
|
|
|
|
current_user=current_user)
|
2025-08-08 09:08:41 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
2025-10-27 16:33:26 +01:00
|
|
|
detail="Invalid user context"
|
2025-08-08 09:08:41 +02:00
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2026-01-12 14:24:14 +01:00
|
|
|
logger.info(f"🔎 Fetching user profile for user_id: {user_id}",
|
|
|
|
|
is_demo=current_user.get("is_demo", False),
|
|
|
|
|
demo_session_id=current_user.get("demo_session_id", ""))
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
# Fetch user from database
|
|
|
|
|
from app.repositories import UserRepository
|
|
|
|
|
user_repo = UserRepository(User, db)
|
|
|
|
|
user = await user_repo.get_by_id(user_id)
|
|
|
|
|
|
|
|
|
|
if not user:
|
2026-01-12 14:24:14 +01:00
|
|
|
logger.error(f"🚨 User not found in database",
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
is_demo=current_user.get("is_demo", False))
|
2025-08-08 09:08:41 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
|
|
|
detail="User profile not found"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2026-01-12 14:24:14 +01:00
|
|
|
logger.info(f"🎉 User profile found",
|
|
|
|
|
user_id=user.id,
|
|
|
|
|
email=user.email,
|
|
|
|
|
full_name=user.full_name,
|
|
|
|
|
is_active=user.is_active)
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
return UserResponse(
|
|
|
|
|
id=str(user.id),
|
|
|
|
|
email=user.email,
|
|
|
|
|
full_name=user.full_name,
|
|
|
|
|
is_active=user.is_active,
|
|
|
|
|
is_verified=user.is_verified,
|
|
|
|
|
phone=user.phone,
|
|
|
|
|
language=user.language or "es",
|
|
|
|
|
timezone=user.timezone or "Europe/Madrid",
|
|
|
|
|
created_at=user.created_at,
|
|
|
|
|
last_login=user.last_login,
|
|
|
|
|
role=user.role,
|
|
|
|
|
tenant_id=current_user.get("tenant_id")
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
except HTTPException:
|
|
|
|
|
raise
|
|
|
|
|
except Exception as e:
|
2025-10-27 16:33:26 +01:00
|
|
|
logger.error("Get profile error", error=str(e))
|
2025-08-08 09:08:41 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
|
|
|
detail="Failed to get profile"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.put("/api/v1/auth/me", response_model=UserResponse)
|
2025-08-08 09:08:41 +02:00
|
|
|
async def update_profile(
|
|
|
|
|
update_data: dict,
|
2025-10-27 16:33:26 +01:00
|
|
|
current_user: Dict[str, Any] = Depends(get_current_user_dep),
|
|
|
|
|
db: AsyncSession = Depends(get_db)
|
2025-08-08 09:08:41 +02:00
|
|
|
):
|
2025-10-27 16:33:26 +01:00
|
|
|
"""Update user profile - works for JWT auth AND demo sessions"""
|
2025-08-08 09:08:41 +02:00
|
|
|
try:
|
2025-10-27 16:33:26 +01:00
|
|
|
user_id = current_user.get("user_id")
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
if not user_id:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
2025-10-27 16:33:26 +01:00
|
|
|
detail="Invalid user context"
|
2025-08-08 09:08:41 +02:00
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
# Prepare update data - filter out read-only fields
|
|
|
|
|
from app.repositories import UserRepository
|
|
|
|
|
user_repo = UserRepository(User, db)
|
|
|
|
|
|
|
|
|
|
# Update user profile
|
|
|
|
|
updated_user = await user_repo.update(user_id, update_data)
|
|
|
|
|
|
|
|
|
|
if not updated_user:
|
2025-08-08 09:08:41 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
|
|
|
detail="User not found"
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
logger.info("Profile updated",
|
2025-08-08 09:08:41 +02:00
|
|
|
user_id=user_id,
|
|
|
|
|
updated_fields=list(update_data.keys()))
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
return UserResponse(
|
|
|
|
|
id=str(updated_user.id),
|
|
|
|
|
email=updated_user.email,
|
|
|
|
|
full_name=updated_user.full_name,
|
|
|
|
|
is_active=updated_user.is_active,
|
|
|
|
|
is_verified=updated_user.is_verified,
|
|
|
|
|
phone=updated_user.phone,
|
|
|
|
|
language=updated_user.language,
|
|
|
|
|
timezone=updated_user.timezone,
|
|
|
|
|
created_at=updated_user.created_at,
|
|
|
|
|
last_login=updated_user.last_login,
|
|
|
|
|
role=updated_user.role,
|
|
|
|
|
tenant_id=current_user.get("tenant_id")
|
|
|
|
|
)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
except HTTPException:
|
|
|
|
|
raise
|
|
|
|
|
except Exception as e:
|
2025-10-27 16:33:26 +01:00
|
|
|
logger.error("Update profile error", error=str(e))
|
2025-08-08 09:08:41 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
|
|
|
detail="Failed to update profile"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/verify-email")
|
2025-08-08 09:08:41 +02:00
|
|
|
async def verify_email(
|
|
|
|
|
user_id: str,
|
|
|
|
|
verification_token: str,
|
|
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
|
|
|
|
):
|
|
|
|
|
"""Verify user email using repository pattern"""
|
|
|
|
|
try:
|
|
|
|
|
success = await auth_service.verify_user_email(user_id, verification_token)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Email verification using repository pattern",
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
success=success)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
return {"message": "Email verified successfully" if success else "Email verification failed"}
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
except Exception as e:
|
|
|
|
|
logger.error("Email verification error using repository pattern", error=str(e))
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
|
|
|
detail="Email verification failed"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.post("/api/v1/auth/reset-password")
|
2025-07-20 08:33:23 +02:00
|
|
|
async def reset_password(
|
|
|
|
|
reset_data: PasswordReset,
|
|
|
|
|
request: Request,
|
2025-08-08 09:08:41 +02:00
|
|
|
auth_service: EnhancedAuthService = Depends(get_auth_service)
|
2025-07-20 08:33:23 +02:00
|
|
|
):
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Request password reset using repository pattern"""
|
2025-07-20 08:33:23 +02:00
|
|
|
metrics = get_metrics_collector(request)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
try:
|
2025-08-08 09:08:41 +02:00
|
|
|
# In a full implementation, you'd send an email with a reset token
|
|
|
|
|
# For now, just log the request
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_password_reset_total", labels={"status": "requested"})
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-08-08 09:08:41 +02:00
|
|
|
logger.info("Password reset requested using repository pattern",
|
|
|
|
|
email=reset_data.email)
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-20 08:33:23 +02:00
|
|
|
return {"message": "Password reset email sent if account exists"}
|
2025-10-06 15:27:01 +02:00
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
except Exception as e:
|
2025-07-18 12:34:28 +02:00
|
|
|
if metrics:
|
2025-08-08 09:08:41 +02:00
|
|
|
metrics.increment_counter("enhanced_password_reset_total", labels={"status": "error"})
|
|
|
|
|
logger.error("Password reset error using repository pattern", error=str(e))
|
2025-07-17 13:09:24 +02:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
2025-07-20 08:33:23 +02:00
|
|
|
detail="Password reset failed"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2025-10-27 16:33:26 +01:00
|
|
|
@router.get("/api/v1/auth/health")
|
2025-07-20 08:33:23 +02:00
|
|
|
async def health_check():
|
2025-08-08 09:08:41 +02:00
|
|
|
"""Health check endpoint for enhanced auth service"""
|
2025-07-20 08:33:23 +02:00
|
|
|
return {
|
|
|
|
|
"status": "healthy",
|
2025-08-08 09:08:41 +02:00
|
|
|
"service": "enhanced-auth-service",
|
|
|
|
|
"version": "2.0.0",
|
|
|
|
|
"features": ["repository-pattern", "dependency-injection", "enhanced-error-handling"]
|
2025-10-06 15:27:01 +02:00
|
|
|
}
|
