feat: add basic auth functionality

.gitignore

@@ -5,3 +5,4 @@ __pycache__
 .ruff_cache
 .env
 db-data/
+certs/

.pre-commit-config.yaml

@@ -11,13 +11,13 @@ repos:
       - id: check-toml
   - repo: local
     hooks:
-      - id: ruff lint
+      - id: ruff-lint
         name: ruff (linter)
-        entry: just ruff-fix
+        entry: poetry run ruff check --fix .
         language: system
         types: [python]
-      - id: ruff format
+      - id: ruff-format
         name: ruff (formatter)
-        entry: just ruff-format
+        entry: poetry run ruff format .
         language: system
         types: [python]

basic_auth/src/alembic.ini

@@ -0,0 +1,116 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = alembic
+
+# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
+# Uncomment the line below if you want the files to be prepended with date and time
+# see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
+# for all available tokens
+# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+
+# sys.path path, will be prepended to sys.path if present.
+# defaults to the current working directory.
+prepend_sys_path = ../..
+
+# timezone to use when rendering the date within the migration file
+# as well as the filename.
+# If specified, requires the python>=3.9 or backports.zoneinfo library.
+# Any required deps can installed by adding `alembic[tz]` to the pip requirements
+# string value is passed to ZoneInfo()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; This defaults
+# to alembic/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path.
+# The path separator used here should be the separator specified by "version_path_separator" below.
+# version_locations = %(here)s/bar:%(here)s/bat:alembic/versions
+
+# version path separator; As mentioned above, this is the character used to split
+# version_locations. The default within new alembic.ini files is "os", which uses os.pathsep.
+# If this key is omitted entirely, it falls back to the legacy behavior of splitting on spaces and/or commas.
+# Valid values for version_path_separator are:
+#
+# version_path_separator = :
+# version_path_separator = ;
+# version_path_separator = space
+version_path_separator = os  # Use os.pathsep. Default configuration used for new projects.
+
+# set to 'true' to search source files recursively
+# in each "version_locations" directory
+# new in Alembic version 1.10
+# recursive_version_locations = false
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url = driver://user:pass@localhost/dbname
+
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks = black
+# black.type = console_scripts
+# black.entrypoint = black
+# black.options = -l 79 REVISION_SCRIPT_FILENAME
+
+# lint with attempts to fix using "ruff" - use the exec runner, execute a binary
+# hooks = ruff
+# ruff.type = exec
+# ruff.executable = %(here)s/.venv/bin/ruff
+# ruff.options = --fix REVISION_SCRIPT_FILENAME
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

basic_auth/src/alembic/README

@@ -0,0 +1 @@
+Generic single-database configuration.

basic_auth/src/alembic/env.py

@@ -0,0 +1,78 @@
+from logging.config import fileConfig
+
+from alembic import context
+from sqlalchemy import engine_from_config, pool
+
+from basic_auth.src.models.user import SQLModel
+from config import settings
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+config.set_main_option("sqlalchemy.url", settings.database_url)
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name)
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+# from myapp import mymodel
+# target_metadata = mymodel.Base.metadata
+target_metadata = SQLModel.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def run_migrations_offline() -> None:
+    """Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(
+        url=url,
+        target_metadata=target_metadata,
+        literal_binds=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online() -> None:
+    """Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+    connectable = engine_from_config(
+        config.get_section(config.config_ini_section, {}),
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+
+    with connectable.connect() as connection:
+        context.configure(connection=connection, target_metadata=target_metadata)
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

basic_auth/src/alembic/script.py.mako

@@ -0,0 +1,27 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision}
+Create Date: ${create_date}
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision: str = ${repr(up_revision)}
+down_revision: str | None = ${repr(down_revision)}
+branch_labels: str | Sequence[str] | None = ${repr(branch_labels)}
+depends_on: str | Sequence[str] | None = ${repr(depends_on)}
+
+
+def upgrade() -> None:
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    ${downgrades if downgrades else "pass"}

basic_auth/src/alembic/versions/fb4554c0e46f_first_commit.py

@@ -0,0 +1,37 @@
+"""first commit
+
+Revision ID: fb4554c0e46f
+Revises:
+Create Date: 2024-03-27 14:56:49.769411
+
+"""
+
+from collections.abc import Sequence
+
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "fb4554c0e46f"
+down_revision: str | None = None
+branch_labels: str | Sequence[str] | None = None
+depends_on: str | Sequence[str] | None = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "basic_users",
+        sa.Column("username", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+        sa.Column("hashed_password", sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+        sa.PrimaryKeyConstraint("username"),
+        sa.UniqueConstraint("username"),
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table("basic_users")
+    # ### end Alembic commands ###

basic_auth/src/apis/api.py

@@ -0,0 +1,6 @@
+from fastapi import APIRouter
+
+from basic_auth.src.apis.v1 import routes
+
+router = APIRouter(prefix="/basic", tags=["login"])
+router.include_router(routes.router)

basic_auth/src/apis/utils/authenticate.py

@@ -0,0 +1,14 @@
+from sqlmodel import Session
+
+from basic_auth.src.apis.utils.security import verify_password
+from basic_auth.src.crud.user import get_user
+from basic_auth.src.models.user import User
+
+
+async def authenticate(username: str, password: str, db: Session) -> User | None:
+    user = await get_user(username=username, db=db)
+    if not user:
+        return None
+    if not verify_password(password, user.hashed_password):
+        return None
+    return user

basic_auth/src/apis/utils/security.py

@@ -0,0 +1,11 @@
+from passlib.context import CryptContext
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+
+def get_password_hash(password: str) -> str:
+    return pwd_context.hash(secret=password)
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return pwd_context.verify(secret=plain_password, hash=hashed_password)

basic_auth/src/apis/v1/routes.py

@@ -0,0 +1,44 @@
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
+from sqlalchemy.exc import IntegrityError
+from sqlmodel import Session
+
+from basic_auth.src.apis.utils.authenticate import authenticate
+from basic_auth.src.crud.user import create_user
+from basic_auth.src.db.session import get_session
+from basic_auth.src.models.user import UserCreate, UserResponse
+
+router = APIRouter()
+security = HTTPBasic()
+
+
+@router.post("/register", status_code=status.HTTP_201_CREATED, response_model=UserResponse)
+async def register(
+    user: UserCreate,
+    db: Annotated[Session, Depends(get_session)],
+) -> UserResponse | None:
+    try:
+        new_user = await create_user(user=user, db=db)
+    except IntegrityError as exc:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"{user.username} already exists.",
+        ) from exc
+    return new_user
+
+
+@router.post("/login", response_model=UserResponse)
+async def login(
+    credentials: Annotated[HTTPBasicCredentials, Depends(security)],
+    db: Annotated[Session, Depends(get_session)],
+) -> UserResponse | None:
+    user = await authenticate(username=credentials.username, password=credentials.password, db=db)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials.",
+            headers={"WWW-Authenticate": "Basic"},
+        )
+    return user

basic_auth/src/crud/user.py

@@ -0,0 +1,17 @@
+from sqlmodel import Session
+
+from basic_auth.src.apis.utils.security import get_password_hash
+from basic_auth.src.models.user import User, UserCreate
+
+
+async def create_user(user: UserCreate, db: Session) -> User:
+    hashed_password = get_password_hash(user.password)
+    user_obj = User(**user.model_dump(), hashed_password=hashed_password)
+    db.add(user_obj)
+    db.commit()
+    db.refresh(user_obj)
+    return user_obj
+
+
+async def get_user(username: str, db: Session) -> User | None:
+    return db.get(entity=User, ident=username)

basic_auth/src/db/session.py

@@ -0,0 +1,11 @@
+from sqlmodel import Session, create_engine
+
+from config import settings
+
+DATABASE_URL = settings.database_url
+engine = create_engine(url=DATABASE_URL, echo=True)
+
+
+def get_session() -> Session:
+    with Session(engine) as session:
+        yield session