lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Stage 2 — authentication and setup flow

Browse Source 
Backend (tasks 2.1–2.6, 2.10):
- settings_repo: get/set/delete/get_all CRUD for the key-value settings table
- session_repo: create/get/delete/delete_expired for session rows
- setup_service: bcrypt password hashing, one-time-only enforcement,
  run_setup() / is_setup_complete() / get_password_hash()
- auth_service: login() with bcrypt verify + token creation,
  validate_session() with expiry check, logout()
- setup router: GET /api/setup (status), POST /api/setup (201 / 409)
- auth router: POST /api/auth/login (token + HttpOnly cookie),
               POST /api/auth/logout (clears cookie, idempotent)
- SetupRedirectMiddleware: 307 → /api/setup for all API paths until setup done
- require_auth dependency: cookie or Bearer token → Session or 401
- conftest.py: manually bootstraps app.state.db for router tests
  (ASGITransport does not trigger ASGI lifespan)
- 85 tests pass; ruff 0 errors; mypy --strict 0 errors

Frontend (tasks 2.7–2.9):
- types/auth.ts, types/setup.ts, api/auth.ts, api/setup.ts
- AuthProvider: sessionStorage-backed context (isAuthenticated, login, logout)
- RequireAuth: guard component → /login?next=<path> when unauthenticated
- SetupPage: Fluent UI form, client-side validation, inline errors
- LoginPage: single password input, ?next= redirect after success
- DashboardPage: placeholder (full impl Stage 5)
- App.tsx: full route tree (/setup, /login, /, *)
This commit is contained in:
Lukas
2026-02-28 21:33:30 +01:00
parent 7392c930d6
commit 750785680b
26 changed files with 2075 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
backend/app/repositories/session_repo.py Normal file
View File

@@ -0,0 +1,100 @@
"""Session repository.
Provides storage, retrieval, and deletion of session records in the
``sessions`` table of the application SQLite database.
"""
from __future__ import annotations
from typing import TYPE_CHECKING
if TYPE_CHECKING:
import aiosqlite
from app.models.auth import Session
async def create_session(
db: aiosqlite.Connection,
token: str,
created_at: str,
expires_at: str,
) -> Session:
"""Insert a new session row and return the domain model.
Args:
db: Active aiosqlite connection.
token: Opaque random session token (hex string).
created_at: ISO 8601 UTC creation timestamp.
expires_at: ISO 8601 UTC expiry timestamp.
Returns:
The newly created :class:`~app.models.auth.Session`.
"""
cursor = await db.execute(
"INSERT INTO sessions (token, created_at, expires_at) VALUES (?, ?, ?)",
(token, created_at, expires_at),
)
await db.commit()
return Session(
id=int(cursor.lastrowid) if cursor.lastrowid else 0,
token=token,
created_at=created_at,
expires_at=expires_at,
)
async def get_session(db: aiosqlite.Connection, token: str) -> Session | None:
"""Look up a session by its token.
Args:
db: Active aiosqlite connection.
token: The session token to retrieve.
Returns:
The :class:`~app.models.auth.Session` if found, else ``None``.
"""
async with db.execute(
"SELECT id, token, created_at, expires_at FROM sessions WHERE token = ?",
(token,),
) as cursor:
row = await cursor.fetchone()
if row is None:
return None
return Session(
id=int(row[0]),
token=str(row[1]),
created_at=str(row[2]),
expires_at=str(row[3]),
)
async def delete_session(db: aiosqlite.Connection, token: str) -> None:
"""Delete a session by token (logout / expiry clean-up).
Args:
db: Active aiosqlite connection.
token: The session token to remove.
"""
await db.execute("DELETE FROM sessions WHERE token = ?", (token,))
await db.commit()
async def delete_expired_sessions(db: aiosqlite.Connection, now_iso: str) -> int:
"""Remove all sessions whose ``expires_at`` timestamp is in the past.
Args:
db: Active aiosqlite connection.
now_iso: Current UTC time as ISO 8601 string used as the cutoff.
Returns:
Number of rows deleted.
"""
cursor = await db.execute(
"DELETE FROM sessions WHERE expires_at <= ?",
(now_iso,),
)
await db.commit()
return int(cursor.rowcount)