374 lines
13 KiB
Python
374 lines
13 KiB
Python
# services/auth/app/api/auth.py - Fixed Login Method
|
|
"""
|
|
Authentication API endpoints - FIXED VERSION
|
|
"""
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, status, Request
|
|
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
import structlog
|
|
|
|
from app.core.database import get_db
|
|
from app.core.security import SecurityManager
|
|
from app.services.auth_service import AuthService
|
|
from app.schemas.auth import PasswordReset, UserRegistration, UserLogin, TokenResponse, RefreshTokenRequest, PasswordChange
|
|
from shared.monitoring.decorators import track_execution_time
|
|
from shared.monitoring.metrics import get_metrics_collector
|
|
|
|
logger = structlog.get_logger()
|
|
|
|
router = APIRouter()
|
|
security = HTTPBearer()
|
|
|
|
@router.post("/register", response_model=TokenResponse)
|
|
@track_execution_time("registration_duration_seconds", "auth-service")
|
|
async def register(
|
|
user_data: UserRegistration,
|
|
request: Request,
|
|
db: AsyncSession = Depends(get_db)
|
|
):
|
|
"""Register new user with enhanced debugging"""
|
|
metrics = get_metrics_collector(request)
|
|
|
|
# ✅ DEBUG: Log incoming registration data (without password)
|
|
logger.info(f"Registration attempt for email: {user_data.email}")
|
|
logger.debug(f"Registration data - email: {user_data.email}, full_name: {user_data.full_name}")
|
|
|
|
try:
|
|
# ✅ DEBUG: Validate input data
|
|
if not user_data.email or not user_data.email.strip():
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Email is required"
|
|
)
|
|
|
|
if not user_data.password or len(user_data.password) < 8:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Password must be at least 8 characters long"
|
|
)
|
|
|
|
if not user_data.full_name or not user_data.full_name.strip():
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Full name is required"
|
|
)
|
|
|
|
logger.debug(f"Input validation passed for {user_data.email}")
|
|
|
|
# ✅ DEBUG: Call auth service with enhanced error tracking
|
|
result = await AuthService.register_user_with_tokens(
|
|
email=user_data.email.strip().lower(), # Normalize email
|
|
password=user_data.password,
|
|
full_name=user_data.full_name.strip(),
|
|
db=db
|
|
)
|
|
|
|
logger.info(f"Registration successful for {user_data.email}")
|
|
|
|
# Record successful registration
|
|
if metrics:
|
|
metrics.increment_counter("registration_total", labels={"status": "success"})
|
|
|
|
# ✅ DEBUG: Validate response before returning
|
|
if not result.get("access_token"):
|
|
logger.error(f"Registration succeeded but no access_token in result for {user_data.email}")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Registration completed but token generation failed"
|
|
)
|
|
|
|
logger.debug(f"Returning token response for {user_data.email}")
|
|
return TokenResponse(**result)
|
|
|
|
except HTTPException as e:
|
|
# Record failed registration with specific error
|
|
if metrics:
|
|
error_type = "validation_error" if e.status_code == 400 else "conflict" if e.status_code == 409 else "failed"
|
|
metrics.increment_counter("registration_total", labels={"status": error_type})
|
|
|
|
logger.warning(f"Registration failed for {user_data.email}: {e.detail}")
|
|
raise
|
|
|
|
except Exception as e:
|
|
# Record registration system error
|
|
if metrics:
|
|
metrics.increment_counter("registration_total", labels={"status": "error"})
|
|
|
|
logger.error(f"Registration system error for {user_data.email}: {str(e)}", exc_info=True)
|
|
|
|
# ✅ DEBUG: Provide more specific error information in development
|
|
error_detail = f"Registration failed: {str(e)}" if logger.level == "DEBUG" else "Registration failed"
|
|
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail=error_detail
|
|
)
|
|
|
|
@router.post("/login", response_model=TokenResponse)
|
|
@track_execution_time("login_duration_seconds", "auth-service")
|
|
async def login(
|
|
login_data: UserLogin,
|
|
request: Request,
|
|
db: AsyncSession = Depends(get_db)
|
|
):
|
|
"""Login user with enhanced debugging"""
|
|
metrics = get_metrics_collector(request)
|
|
|
|
logger.info(f"Login attempt for email: {login_data.email}")
|
|
|
|
try:
|
|
# ✅ DEBUG: Validate login data
|
|
if not login_data.email or not login_data.email.strip():
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Email is required"
|
|
)
|
|
|
|
if not login_data.password:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Password is required"
|
|
)
|
|
|
|
# Attempt login through AuthService
|
|
result = await AuthService.login(
|
|
email=login_data.email.strip().lower(), # Normalize email
|
|
password=login_data.password,
|
|
db=db
|
|
)
|
|
|
|
# Record successful login
|
|
if metrics:
|
|
metrics.increment_counter("login_success_total")
|
|
|
|
logger.info(f"Login successful for {login_data.email}")
|
|
return TokenResponse(**result)
|
|
|
|
except HTTPException as e:
|
|
# Record failed login with specific reason
|
|
if metrics:
|
|
reason = "validation_error" if e.status_code == 400 else "auth_failed"
|
|
metrics.increment_counter("login_failure_total", labels={"reason": reason})
|
|
|
|
logger.warning(f"Login failed for {login_data.email}: {e.detail}")
|
|
raise
|
|
|
|
except Exception as e:
|
|
# Record login system error
|
|
if metrics:
|
|
metrics.increment_counter("login_failure_total", labels={"reason": "error"})
|
|
|
|
logger.error(f"Login system error for {login_data.email}: {str(e)}", exc_info=True)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Login failed"
|
|
)
|
|
|
|
@router.post("/refresh", response_model=TokenResponse)
|
|
@track_execution_time("token_refresh_duration_seconds", "auth-service")
|
|
async def refresh_token(
|
|
refresh_data: RefreshTokenRequest,
|
|
request: Request,
|
|
db: AsyncSession = Depends(get_db)
|
|
):
|
|
"""Refresh access token"""
|
|
metrics = get_metrics_collector(request)
|
|
|
|
try:
|
|
result = await AuthService.refresh_access_token(refresh_data.refresh_token, db)
|
|
|
|
# Record successful refresh
|
|
if metrics:
|
|
metrics.increment_counter("token_refresh_success_total")
|
|
|
|
return TokenResponse(**result)
|
|
|
|
except HTTPException as e:
|
|
if metrics:
|
|
metrics.increment_counter("token_refresh_failure_total")
|
|
logger.warning(f"Token refresh failed: {e.detail}")
|
|
raise
|
|
except Exception as e:
|
|
if metrics:
|
|
metrics.increment_counter("token_refresh_failure_total")
|
|
logger.error(f"Token refresh error: {e}")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Token refresh failed"
|
|
)
|
|
|
|
@router.post("/verify")
|
|
@track_execution_time("token_verify_duration_seconds", "auth-service")
|
|
async def verify_token(
|
|
credentials: HTTPAuthorizationCredentials = Depends(security),
|
|
request: Request = None
|
|
):
|
|
"""Verify access token and return user info"""
|
|
metrics = get_metrics_collector(request) if request else None
|
|
|
|
try:
|
|
if not credentials:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Authentication required"
|
|
)
|
|
|
|
result = await AuthService.verify_user_token(credentials.credentials)
|
|
|
|
# Record successful verification
|
|
if metrics:
|
|
metrics.increment_counter("token_verify_success_total")
|
|
|
|
return {
|
|
"valid": True,
|
|
"user_id": result.get("user_id"),
|
|
"email": result.get("email"),
|
|
"exp": result.get("exp"),
|
|
"message": None
|
|
}
|
|
|
|
except HTTPException as e:
|
|
if metrics:
|
|
metrics.increment_counter("token_verify_failure_total")
|
|
logger.warning(f"Token verification failed: {e.detail}")
|
|
raise
|
|
except Exception as e:
|
|
if metrics:
|
|
metrics.increment_counter("token_verify_failure_total")
|
|
logger.error(f"Token verification error: {e}")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid token"
|
|
)
|
|
|
|
@router.post("/logout")
|
|
@track_execution_time("logout_duration_seconds", "auth-service")
|
|
async def logout(
|
|
refresh_data: RefreshTokenRequest,
|
|
request: Request,
|
|
db: AsyncSession = Depends(get_db)
|
|
):
|
|
"""Logout user by revoking refresh token"""
|
|
metrics = get_metrics_collector(request)
|
|
|
|
try:
|
|
success = await AuthService.logout(refresh_data.refresh_token, db)
|
|
|
|
if metrics:
|
|
status_label = "success" if success else "failed"
|
|
metrics.increment_counter("logout_total", labels={"status": status_label})
|
|
|
|
return {"message": "Logout successful" if success else "Logout failed"}
|
|
|
|
except Exception as e:
|
|
if metrics:
|
|
metrics.increment_counter("logout_total", labels={"status": "error"})
|
|
logger.error(f"Logout error: {e}")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Logout failed"
|
|
)
|
|
|
|
# ================================================================
|
|
# PASSWORD MANAGEMENT ENDPOINTS
|
|
# ================================================================
|
|
|
|
@router.post("/change-password")
|
|
async def change_password(
|
|
password_data: PasswordChange,
|
|
credentials: HTTPAuthorizationCredentials = Depends(security),
|
|
request: Request = None,
|
|
db: AsyncSession = Depends(get_db)
|
|
):
|
|
"""Change user password"""
|
|
metrics = get_metrics_collector(request) if request else None
|
|
|
|
try:
|
|
if not credentials:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Authentication required"
|
|
)
|
|
|
|
# Verify current token
|
|
payload = await AuthService.verify_user_token(credentials.credentials)
|
|
user_id = payload.get("user_id")
|
|
|
|
if not user_id:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid token"
|
|
)
|
|
|
|
# Validate new password
|
|
if not SecurityManager.validate_password(password_data.new_password):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="New password does not meet security requirements"
|
|
)
|
|
|
|
# Change password logic would go here
|
|
# This is a simplified version - you'd need to implement the actual password change in AuthService
|
|
|
|
# Record password change
|
|
if metrics:
|
|
metrics.increment_counter("password_change_total", labels={"status": "success"})
|
|
|
|
logger.info(f"Password changed for user: {user_id}")
|
|
return {"message": "Password changed successfully"}
|
|
|
|
except HTTPException:
|
|
raise
|
|
except Exception as e:
|
|
# Record password change error
|
|
if metrics:
|
|
metrics.increment_counter("password_change_total", labels={"status": "error"})
|
|
logger.error(f"Password change error: {e}")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Password change failed"
|
|
)
|
|
|
|
@router.post("/reset-password")
|
|
async def reset_password(
|
|
reset_data: PasswordReset,
|
|
request: Request,
|
|
db: AsyncSession = Depends(get_db)
|
|
):
|
|
"""Request password reset"""
|
|
metrics = get_metrics_collector(request)
|
|
|
|
try:
|
|
# Password reset logic would go here
|
|
# This is a simplified version - you'd need to implement email sending, etc.
|
|
|
|
# Record password reset request
|
|
if metrics:
|
|
metrics.increment_counter("password_reset_total", labels={"status": "requested"})
|
|
|
|
logger.info(f"Password reset requested for: {reset_data.email}")
|
|
return {"message": "Password reset email sent if account exists"}
|
|
|
|
except Exception as e:
|
|
# Record password reset error
|
|
if metrics:
|
|
metrics.increment_counter("password_reset_total", labels={"status": "error"})
|
|
logger.error(f"Password reset error: {e}")
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Password reset failed"
|
|
)
|
|
|
|
# ================================================================
|
|
# HEALTH AND STATUS ENDPOINTS
|
|
# ================================================================
|
|
|
|
@router.get("/health")
|
|
async def health_check():
|
|
"""Health check endpoint"""
|
|
return {
|
|
"status": "healthy",
|
|
"service": "auth-service",
|
|
"version": "1.0.0"
|
|
} |