lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Refactor auth and setup services

Browse Source 
- Updated auth_service.py to improve authentication logic
- Modified setup_service.py for better configuration handling
- Added comprehensive tests for setup_service
- Updated documentation in Tasks.md

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Lukas
2026-04-30 20:10:00 +02:00
parent 7f68d6b7d7
commit 9afdbe2852
4 changed files with 23 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
Docs/Tasks.md
View File

@@ -1,42 +1,3 @@
## [Backend] Module-level imports inside dependency provider functions
**Where found**
- `backend/app/dependencies.py:151``from app.db import open_db` inside `get_db()`
- `backend/app/dependencies.py:258, 270, 282, 294, 307, 319, 332` — local imports inside each `get_<repo>()` provider
- Similar patterns in service provider functions
**Why this is needed**
FastAPI calls dependency provider functions on every request. While Python caches modules, the import statement still has overhead. More importantly, the pattern is inconsistent — some providers have module-level imports while others have local imports, making it unclear which providers are safe to call at high frequency.
**Goal**
Move all repository and service imports to module level in `dependencies.py`.
**What to do**
1. Move all repository imports to module level near the top
2. Similarly move `from app.services import health_service` to module level
3. Keep `from app.db import open_db` as local import (only needed within `get_db()`)
4. Move `from app.services import auth_service` to module level with `TYPE_CHECKING` guard if circular deps prevent it
**Possible traps and issues**
- Moving imports to module level may expose hidden circular imports
- Current local-import pattern was likely chosen to avoid circular deps — verify no circular dependencies before making change
**Docs changes needed**
- Update `Docs/Architekture.md` § 2.3 (Dependency Wiring) — repository and service imports should be at module level
**Doc references**
- `Docs/Architekture.md` § 2.3 (Dependency Wiring)
- `backend/app/dependencies.py` (composition root)
---
## [Backend] `get_password_hash` lives in `setup_service` but is used by `auth_service` ## [Backend] `get_password_hash` lives in `setup_service` but is used by `auth_service`
**Where found** **Where found**

23
backend/app/services/auth_service.py
View File

@@ -21,15 +21,18 @@ if TYPE_CHECKING:
import aiosqlite import aiosqlite
from app.models.auth import Session from app.models.auth import Session
from app.repositories.protocols import SessionRepository from app.repositories.protocols import SessionRepository, SettingsRepository
from app.repositories import session_repo as default_session_repo from app.repositories import session_repo as default_session_repo
from app.services.setup_service import get_password_hash from app.repositories import settings_repo as default_settings_repo
from app.utils.constants import SESSION_TOKEN_BYTES, SESSION_TOKEN_SIGNATURE_SEPARATOR from app.utils.constants import SESSION_TOKEN_BYTES, SESSION_TOKEN_SIGNATURE_SEPARATOR
from app.utils.time_utils import add_minutes, utc_now from app.utils.time_utils import add_minutes, utc_now
log: structlog.stdlib.BoundLogger = structlog.get_logger() log: structlog.stdlib.BoundLogger = structlog.get_logger()
# Settings key for password hash
_KEY_PASSWORD_HASH = "master_password_hash"
def _session_token_signature(token: str, secret: str) -> str: def _session_token_signature(token: str, secret: str) -> str:
"""Return the HMAC-SHA256 signature for a session token.""" """Return the HMAC-SHA256 signature for a session token."""
@@ -85,6 +88,22 @@ async def _check_password(plain: str, hashed: str) -> bool:
return await run_blocking(lambda: bool(bcrypt.checkpw(plain_bytes, hashed_bytes))) return await run_blocking(lambda: bool(bcrypt.checkpw(plain_bytes, hashed_bytes)))
async def get_password_hash(
db: aiosqlite.Connection,
settings_repo: SettingsRepository = default_settings_repo,
) -> str | None:
"""Return the stored bcrypt password hash, or ``None`` if not set.
Args:
db: Active aiosqlite connection.
settings_repo: Repository interface for settings persistence.
Returns:
The stored bcrypt hash string, or ``None`` if not configured.
"""
return await settings_repo.get_setting(db, _KEY_PASSWORD_HASH)
async def login( async def login(
db: aiosqlite.Connection, db: aiosqlite.Connection,
password: str, password: str,

8
backend/app/services/setup_service.py
View File

@@ -208,14 +208,6 @@ async def run_setup(
log.info("bangui_setup_completed") log.info("bangui_setup_completed")
async def get_password_hash(
db: aiosqlite.Connection,
settings_repo: SettingsRepository = default_settings_repo,
) -> str | None:
"""Return the stored bcrypt password hash, or ``None`` if not set."""
return await settings_repo.get_setting(db, _KEY_PASSWORD_HASH)
async def get_runtime_database_path( async def get_runtime_database_path(
db: aiosqlite.Connection, db: aiosqlite.Connection,
settings_repo: SettingsRepository = default_settings_repo, settings_repo: SettingsRepository = default_settings_repo,

4
backend/tests/test_services/test_setup_service.py
View File

@@ -12,7 +12,7 @@ import pytest
from app.db import init_db from app.db import init_db
from app.repositories import settings_repo from app.repositories import settings_repo
from app.services import settings_service, setup_service from app.services import auth_service, settings_service, setup_service
@pytest.fixture @pytest.fixture
@@ -113,7 +113,7 @@ class TestRunSetup:
timezone="UTC", timezone="UTC",
session_duration_minutes=60, session_duration_minutes=60,
) )
stored = await setup_service.get_password_hash(db) stored = await auth_service.get_password_hash(db)
assert stored is not None assert stored is not None
assert stored != "mypassword1" assert stored != "mypassword1"
# Verify it is a valid bcrypt hash. # Verify it is a valid bcrypt hash.