Main v3

.github/workflows/checks.yml

@@ -34,7 +34,7 @@ jobs:
         run: uv run mypy
 
       - name: Run Pytest with Coverage
-        run: uv run pytest --cov
+        run: uv run pytest --cov -m "not e2e"
 
       - name: Creating coverage folder
         run: mkdir -p coverage

pyproject.toml

@@ -1,7 +1,7 @@
 [project]
-name = "authapigateway"
-version = "0.0.1"
-description = "Cookie-based JWT Auth API"
+name = "Auth-API"
+version = "0.0.3"
+description = "RBAC JWT Cookies-based API"
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
@@ -59,7 +59,7 @@ lint.ignore = [
 [tool.ruff.lint.per-file-ignores]
 "src/tests/*" = ["D103", "S101"]
 "src/app/user/exceptions.py" = ["D101"]
-"src/alembic/versions/*" = ["D103", "D400", "D415", "INP001"]
+"src/alembic/*" = ["D103", "D400", "D415", "INP001", "I001"]
 
 [tool.mypy]
 python_version = "3.12"

src/alembic/env.py

@@ -1,11 +1,11 @@
-import asyncio  # noqa: INP001
+import asyncio
 from logging.config import fileConfig
 
+from alembic import context
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.ext.asyncio import async_engine_from_config
 from sqlalchemy.pool import NullPool
 
-from alembic import context
 from app.main.settings import settings
 from app.user.models import User
 

src/app/admin/views.py

@@ -4,9 +4,9 @@
 from sqladmin import ModelView
 from wtforms.fields import EmailField, Field, PasswordField, SelectField
 
-from app.user.auth import generate_password_hash
 from app.user.constants import UserRole
 from app.user.models import User
+from app.user.security.passwords import generate_password_hash
 
 if TYPE_CHECKING:
   from sqladmin._types import MODEL_ATTR

src/app/main/app.py

@@ -2,21 +2,16 @@
 from contextlib import asynccontextmanager
 
 from fastapi import FastAPI
-from fastapi.exceptions import RequestValidationError
 from fastapi.middleware.cors import CORSMiddleware
-from sqlalchemy.exc import IntegrityError
+from redis.asyncio import Redis
 
 from app.admin.app import init_admin_app
-from app.user.errors import (
-  db_integrity_error_handler,
-  unexpected_error_handler,
-  validation_error_handler,
-)
+from app.user.errors import error_handlers as user_error_handlers
 from app.user.routes import router as user_router
 
 from .db import engine
+from .errors import error_handlers as main_error_handlers
 from .logger import configure_logging
-from .redis import redis
 from .routes import router as default_router
 from .settings import settings
 
@@ -26,39 +21,44 @@ async def lifespan(app: FastAPI) -> AsyncIterator[None]:
   """Init and release objects on app startup and shutdown.
 
   On startup:
-    - init Redis client with connection pool;
-    - init Admin app with the specified database engine;
+    - add logger object to the application state;
+    - add Redis client object to the application state;
+    - init Admin app with the provided database engine;
 
   On shutdown:
-    - dispose Redis client with connection pool;
+    - dispose Redis client including its connection pool;
     - dispose database engine.
 
-  NOTE: during testing state's objects are redeclared to adapt the
+  NOTE: during testing state objects are redeclared to adapt the
         application to the testing environment.
   """
-  redis_client = getattr(app.state, "redis", redis)
-  database_engine = getattr(app.state, "engine", engine)
+  db = getattr(app.state, "engine", engine)
+  logger = getattr(
+    app.state,
+    "logger",
+    configure_logging(settings.log_name, options=settings.logging_kwargs),
+  )
+  redis = getattr(app.state, "redis", Redis(**settings.redis_kwargs))
 
-  init_admin_app(app, database_engine)
+  # Init admin app based on the provided database engine
+  init_admin_app(app, db)
 
-  # set application state
-  app.state.logger = configure_logging()
-  app.state.redis = redis_client
+  # Init state objects of the app
+  app.state.logger = logger
+  app.state.redis = redis
 
   yield
 
-  await redis_client.close()
-  await redis_client.connection_pool.disconnect()
-  await database_engine.dispose()
+  await redis.aclose()
+  await db.dispose()
 
 
 app = FastAPI(
   **settings.fastapi_kwargs,
   lifespan=lifespan,
   exception_handlers={
-    IntegrityError: db_integrity_error_handler,
-    RequestValidationError: validation_error_handler,
-    Exception: unexpected_error_handler,
+    **user_error_handlers,
+    **main_error_handlers,
   },
 )
 app.add_middleware(CORSMiddleware, **settings.cors_kwargs)

src/app/main/dependencies.py

@@ -20,13 +20,14 @@ async def get_db() -> AsyncIterator["AsyncSession"]:
 
 
 async def get_redis(request: Request) -> "Redis":
-  """Return initialized Redis client to be used as a dependency.
+  """Return initialized in the lifespan client for Redis.
 
   :param request: request object providing access to the app state
-  :return: Redis client
+  :return: client for Redis
   """
   return cast("Redis", request.app.state.redis)
 
 
+# https://fastapi.tiangolo.com/tutorial/dependencies/#share-annotated-dependencies
 DbSession: TypeAlias = Annotated["AsyncSession", Depends(get_db)]
 RedisT: TypeAlias = Annotated["Redis", Depends(get_redis)]

src/app/main/errors.py

@@ -0,0 +1,42 @@
+from collections.abc import Callable, Coroutine
+from typing import TYPE_CHECKING, Any, cast
+
+from fastapi import Request, Response, status
+from fastapi.exceptions import RequestValidationError
+from fastapi.responses import JSONResponse
+
+if TYPE_CHECKING:
+  from logging import Logger
+
+
+async def validation_error_handler(
+  _: Request,
+  e: RequestValidationError,
+) -> JSONResponse:
+  """Pydantic validation error handler."""
+  error = e.errors()[0]
+  field = error["loc"][1]
+  error_message = f"{error['msg']}. Field: {field}"
+  client_message = {"detail": error_message}
+  return JSONResponse(client_message, status.HTTP_422_UNPROCESSABLE_ENTITY)
+
+
+async def unexpected_error_handler(
+  request: Request,
+  e: Exception,
+) -> JSONResponse:
+  """Error handler for all uncaught exceptions."""
+  logger = cast("Logger", request.app.state.logger)
+  logger.critical("Internal Server Error: %s", e)
+  client_message = {"error": "Service is temporarily unavailable"}
+  return JSONResponse(client_message, status.HTTP_500_INTERNAL_SERVER_ERROR)
+
+
+# error handlers mapping to be registered in the main FastAPI app
+error_handlers: dict[
+  int | type[Exception],
+  Callable[[Request, Any], Coroutine[Any, Any, Response]],
+] = {
+  RequestValidationError: validation_error_handler,
+  Exception: unexpected_error_handler,
+}

src/app/main/exceptions.py

@@ -1,7 +1,5 @@
 from fastapi import HTTPException, status
 
-from app.main.settings import settings
-
 
 class BaseHTTPException(HTTPException):
   """Base HTTP exception class."""
@@ -19,5 +17,5 @@ def __init__(
     super().__init__(
       status_code or self.status_code,
       detail or self.detail,
-      headers or {"WWW-Authenticate": settings.token_scheme},
+      headers or {"WWW-Authenticate": "Bearer"},
     )

src/app/main/logger.py

@@ -1,13 +1,14 @@
 import logging
 from typing import TYPE_CHECKING
 
-from .settings import settings
-
 if TYPE_CHECKING:
   from logging import Logger
 
+  from .settings import LoggingKwargs
+
 
-def configure_logging() -> "Logger":
+def configure_logging(name: str, options: "LoggingKwargs | None" = None) -> "Logger":
   """Configure app logging and return logger object."""
-  logging.basicConfig(**settings.logging_kwargs)
-  return logging.getLogger(settings.log_name)
+  if options is not None:
+    logging.basicConfig(**options)
+  return logging.getLogger(name)

src/app/main/settings.py

@@ -1,9 +1,14 @@
+import json
 import logging
-from functools import lru_cache
+from functools import cached_property, lru_cache
 from pathlib import Path
-from typing import TypedDict
+from typing import TypedDict, cast
 
 from pydantic_settings import BaseSettings
+from redis.asyncio import ConnectionPool
+
+# type to describe content of the RBAC policy file
+type RBACPolicyT = dict[str, dict[str, list[str]]]
 
 
 class FastAPIKwargs(TypedDict):
@@ -42,30 +47,37 @@ class CORSMiddlewareKwargs(TypedDict):
   max_age: int
 
 
+class RedisKwargs(TypedDict):
+  """Kwargs for Redis client."""
+
+  connection_pool: ConnectionPool
+
+
 class Settings(BaseSettings):
   """Main project settings."""
 
   # FastAPI settings
-  title: str = "JWT Auth API Gateway"
-  description: str = "RBAC JWT Cookies-based API Gateway"
-  version: str = "0.0.1"
-  debug: bool = True
+  title: str = "Auth API"
+  description: str = "RBAC JWT Cookies-based API"
+  version: str = "0.0.3"
+  debug: bool = False
   docs_url: str = "/"
 
   # Admin app setting
   admin_base_url: str = "/admin"
   admin_title: str = "Auth API Admin"
-  admin_debug: bool = True
+  admin_debug: bool = debug
 
   # Logging settings
   log_name: str = "app"
   log_level: int = logging.INFO
   log_format: str = "%(levelname)s - %(name)s - %(asctime)s - %(message)s"
   log_datefmt: str = "%Y-%m-%d %H:%M:%S"
-  # name of the logger used in testing
+  # name of the logger used when running tests
   test_log_name: str = "test"
 
   host_server_domain: str = "localhost"
+  test_client_base_url: str = f"http://{host_server_domain}"
 
   # CORS settings
   cors_max_age: int = 600  # seconds
@@ -83,9 +95,7 @@ class Settings(BaseSettings):
 
   # JWT settings
   jwt_algorithm: str = "HS256"
-  jwt_secret_key: str = "supersecret12345"  # noqa: S105
-
-  # JWT Tokens settings
+  jwt_secret_key: str = ""
   access_token_expiration_time: int = 5  # minutes
   access_token_cookie_expiration_time: int = (
     access_token_expiration_time * 60
@@ -94,16 +104,23 @@ class Settings(BaseSettings):
   refresh_token_cookie_expiration_time: int = (
     refresh_token_expiration_time * 60
   )  # seconds
-  token_scheme: str = "Bearer"  # noqa: S105
-  # size of the cache to store payload of the corresponding tokens
+  # size of the cache to store payload of JWTs
   token_payload_max_cache_hits: int = 10_000
+  # specifies value of JWTs in Redis to avoid their reuse
+  jwt_blacklist_name: str = "blacklist"
 
   # Passwords settings
   max_password_length: int = 50
   min_password_length: int = 5
 
   # RBAC settings
-  user_policy_file: Path = Path(__file__).parents[2] / "policy.json"
+  rbac_policy_fp: Path = Path(__file__).parents[2] / "policy.json"
+
+  @cached_property
+  def rbac_policy(self) -> RBACPolicyT:
+    """Read and return content of the policy.json file."""
+    with self.rbac_policy_fp.open() as f:
+      return cast("RBACPolicyT", json.load(f))
 
   @property
   def fastapi_kwargs(self) -> FastAPIKwargs:
@@ -145,6 +162,12 @@ def cors_kwargs(self) -> CORSMiddlewareKwargs:
       max_age=self.cors_max_age,
     )
 
+  @property
+  def redis_kwargs(self) -> RedisKwargs:
+    """Kwargs for Redis client."""
+    connection_pool = ConnectionPool.from_url(self.redis_url, decode_responses=True)
+    return RedisKwargs(connection_pool=connection_pool)
+
 
 @lru_cache
 def get_settings() -> Settings: