Introduce service/repository dependency protocols and tests

backend/app/routers/auth.py

@@ -12,9 +12,15 @@ from __future__ import annotations
 import structlog
 from fastapi import APIRouter, HTTPException, Request, Response, status
 
-from app.dependencies import DbDep, SessionCacheDep, SettingsDep
+from app.dependencies import (
+    AuthServiceDep,
+    DbDep,
+    SessionCacheDep,
+    SettingsDep,
+    SessionRepoDep,
+)
 from app.models.auth import LoginRequest, LoginResponse, LogoutResponse
-from app.services import auth_service
+from app.services.auth_service import sign_session_token
 
 log: structlog.stdlib.BoundLogger = structlog.get_logger()
 
@@ -33,6 +39,8 @@ async def login(
     response: Response,
     db: DbDep,
     settings: SettingsDep,
+    auth_service: AuthServiceDep,
+    session_repo: SessionRepoDep,
 ) -> LoginResponse:
     """Verify the master password and return a session token.
 
@@ -56,6 +64,7 @@ async def login(
             db,
             password=body.password,
             session_duration_minutes=settings.session_duration_minutes,
+            session_repo=session_repo,
         )
     except ValueError as exc:
         raise HTTPException(
@@ -63,7 +72,7 @@ async def login(
             detail=str(exc),
         ) from exc
 
-    signed_token = auth_service.sign_session_token(
+    signed_token = sign_session_token(
         session.token,
         settings.session_secret,
     )
@@ -89,6 +98,8 @@ async def logout(
     db: DbDep,
     settings: SettingsDep,
     session_cache: SessionCacheDep,
+    auth_service: AuthServiceDep,
+    session_repo: SessionRepoDep,
 ) -> LogoutResponse:
     """Invalidate the active session.
 
@@ -107,7 +118,12 @@ async def logout(
     """
     token = _extract_token(request)
     if token:
-        raw_token = await auth_service.logout(db, token, settings.session_secret)
+        raw_token = await auth_service.logout(
+            db,
+            token,
+            settings.session_secret,
+            session_repo=session_repo,
+        )
         if raw_token:
             session_cache.invalidate(raw_token)
             session_cache.invalidate(token)