refactor: app structure (#71)

* feat: add black & flake8 auto format config for vscode

* chore: update README.md for auto formatting by vscode extention

* refactor: app structure

* chore: update README.md

* chore: add github template

* Update api/auth/routers.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* feat: add AccessTokenResponseModel

* chore: delete unused file

* Update api/user/routers.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* refactor: to use http status from fastapi

* chore: add default value for env variables

* chore: update user update model

* fix: user select query

* refactor: to use fastapi's built-in exception handlers

* Update api/auth/controllers.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update api/auth/controllers.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update api/auth/models.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update api/database/query.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* refactor: raise exception if env variables not found

* fix: EmailStr import error

* fix: typo

* chore: update db init exception messages

* refactor: user update api

* refactor: users get query to consider pagination

* chore: add constructor to auth provider

* feat: refactor code again

* refactor: update code by ai feedback

* fix: update user

* refactor: update by ai feedback

* refactor: update auth code

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: qlawmarq

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**System Info (if dev / build issue):**
+ - OS: [e.g. iOS]
+ - Node version (please ensure you are using 12+)
+ - Npm version
+
+**Browser Info (if display / formatting issue):**
+- Device [e.g. Desktop, iPhone6]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,10 @@
+## Description
+
+-
+
+## Related Issues
+
+<!--
+  Link to the issue that is fixed by this PR (if there is one)
+  e.g. Fixes #1234, Addresses #1234, Related to #1234, etc.
+-->

.gitignore

@@ -1,5 +1,10 @@
+# Git
+.git
+.github
+
 # API Server
 __pycache__
 
 # Front-end
-frontend
+frontend
+node_modules

README.md

@@ -1,10 +1,14 @@
 # fastapi-mysql-docker
 
+## Elements
+
 - FastAPI
 - MySQL
 - Docker
 
-## Setup
+---
+
+## Setup development environment
 
 Please install `Docker` and `Docker compose` first.
 
@@ -56,8 +60,8 @@ If you need a front-end app for this server-side & DB server.
 You can clone the front-end template from:
 
 - https://github.com/qlawmarq/nuxt3-tailwind-auth-app
-- https://github.com/qlawmarq/expo-react-native-base
-- https://github.com/qlawmarq/next-web-app-template
+
+---
 
 ## Note
 

api/Dockerfile

@@ -0,0 +1 @@
+from .provider import *

api/auth/__init__.py

@@ -0,0 +1,43 @@
+from fastapi import HTTPException, status
+from database.query import query_put
+from auth.provider import AuthProvider
+from auth.models import SignUpRequestModel
+from user.controllers import get_users_by_email
+
+auth_handler = AuthProvider()
+
+
+def register_user(user_model: SignUpRequestModel):
+    user = get_users_by_email(user_model.email)
+    if len(user) != 0:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT, detail="Email already exists."
+        )
+    hashed_password = auth_handler.get_password_hash(user_model.password)
+    query_put(
+        """
+                INSERT INTO user (
+                    first_name,
+                    last_name,
+                    email,
+                    password_hash
+                ) VALUES (%s,%s,%s,%s)
+                """,
+        (
+            user_model.first_name,
+            user_model.last_name,
+            user_model.email,
+            hashed_password,
+        ),
+    )
+    return {
+        "first_name": user_model.first_name,
+        "last_name": user_model.last_name,
+        "email": user_model.email,
+        # Do not return the password hash or any sensitive information
+    }
+
+
+def signin_user(email, password):
+    user = auth_handler.authenticate_user(email, password)
+    return user

api/auth/controllers.py

@@ -0,0 +1,28 @@
+from pydantic import BaseModel, EmailStr
+from user.models import UserResponseModel
+
+
+class SignInRequestModel(BaseModel):
+    email: str
+    password: str
+
+
+class SignUpRequestModel(BaseModel):
+    email: EmailStr
+    password: str
+    first_name: str
+    last_name: str
+
+
+class TokenModel(BaseModel):
+    access_token: str
+    refresh_token: str
+
+
+class UserAuthResponseModel(BaseModel):
+    token: TokenModel
+    user: UserResponseModel
+
+
+class AccessTokenResponseModel(BaseModel):
+    access_token: str

api/auth/models.py

@@ -0,0 +1,140 @@
+from datetime import datetime, timedelta
+from typing import Annotated
+from database import query_get
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+from jose import JWTError, jwt
+from passlib.context import CryptContext
+from pydantic import BaseModel
+import os
+
+OAUTH2_SCHEME = OAuth2PasswordBearer(tokenUrl="token")
+
+CREDENTIALS_EXCEPTION = HTTPException(
+    status_code=status.HTTP_401_UNAUTHORIZED,
+    detail="Could not validate credentials",
+    headers={"WWW-Authenticate": "Bearer"},
+)
+USER_NOT_FOUND_EXCEPTION = HTTPException(
+    status_code=status.HTTP_404_NOT_FOUND,
+    detail="User not found",
+)
+
+
+class TokenData(BaseModel):
+    user_email: str | None = None
+
+
+class AuthUser(BaseModel):
+    id: int
+    first_name: str
+    last_name: str
+    user_email: str
+
+
+class AuthProvider:
+    ALGORITHM = "HS256"
+    TOKEN_EXPIRE_MINS = 30
+    REFRESH_TOKEN_EXPIRE_HOURS = 10
+    PWD_CONTEXT = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+    def __init__(self) -> None:
+        self.SECRET_KEY = os.getenv("APP_SECRET_STRING")
+        if not self.SECRET_KEY:
+            raise EnvironmentError("APP_SECRET_STRING environment variable not found")
+
+    def verify_password(self, plain_password, hashed_password) -> bool:
+        return self.PWD_CONTEXT.verify(plain_password, hashed_password)
+
+    def get_password_hash(self, password) -> str:
+        return self.PWD_CONTEXT.hash(password)
+
+    def authenticate_user(self, user_email: str, password: str) -> AuthUser:
+        user = self.get_user_by_email(user_email)
+        if not user:
+            raise USER_NOT_FOUND_EXCEPTION
+        if not self.verify_password(password, user["password_hash"]):
+            raise CREDENTIALS_EXCEPTION
+        return user
+
+    def create_access_token(
+        self, data: dict, expires_delta: timedelta | None = None
+    ) -> str:
+        to_encode = data.copy()
+        if expires_delta:
+            expire = datetime.utcnow() + expires_delta
+        else:
+            expire = datetime.utcnow() + timedelta(minutes=self.TOKEN_EXPIRE_MINS)
+        to_encode.update({"exp": expire})
+        encoded_jwt = jwt.encode(to_encode, self.SECRET_KEY, algorithm=self.ALGORITHM)
+        return encoded_jwt
+
+    def encode_token(self, user_email) -> str:
+        payload = {
+            "exp": datetime.utcnow()
+            + timedelta(days=0, minutes=self.TOKEN_EXPIRE_MINS),
+            "iat": datetime.utcnow(),
+            "scope": "access_token",
+            "sub": user_email,
+        }
+        return jwt.encode(payload, self.SECRET_KEY, algorithm=self.ALGORITHM)
+
+    def refresh_token(self, refresh_token) -> str:
+        try:
+            payload = jwt.decode(
+                refresh_token, self.SECRET_KEY, algorithms=self.ALGORITHM
+            )
+            if payload["scope"] == "refresh_token":
+                user_email = payload["sub"]
+                new_token = self.encode_token(user_email)
+                return new_token
+            raise CREDENTIALS_EXCEPTION
+        except jwt.ExpiredSignatureError:
+            raise CREDENTIALS_EXCEPTION
+        except jwt.InvalidTokenError:
+            raise CREDENTIALS_EXCEPTION
+
+    def encode_refresh_token(self, user_email) -> str:
+        payload = {
+            "exp": datetime.utcnow()
+            + timedelta(days=0, hours=self.REFRESH_TOKEN_EXPIRE_HOURS),
+            "iat": datetime.utcnow(),
+            "scope": "refresh_token",
+            "sub": user_email,
+        }
+        return jwt.encode(payload, self.SECRET_KEY, algorithm=self.ALGORITHM)
+
+    async def get_current_user(
+        self, token: Annotated[str, Depends(OAUTH2_SCHEME)]
+    ) -> AuthUser:
+        user = None
+        try:
+            payload = jwt.decode(token, self.SECRET_KEY, algorithms=[self.ALGORITHM])
+            user_email: str = payload.get("sub")
+            if user_email is None:
+                raise CREDENTIALS_EXCEPTION
+            token_data = TokenData(user_email=user_email)
+        except JWTError:
+            raise CREDENTIALS_EXCEPTION
+        user = self.get_user_by_email(token_data.user_email)
+        if user is None:
+            raise CREDENTIALS_EXCEPTION
+        return user
+
+    def get_user_by_email(self, user_email: str) -> AuthUser:
+        user = query_get(
+            """
+            SELECT
+                user.id,
+                user.first_name,
+                user.last_name,
+                user.email,
+                user.password_hash
+            FROM user
+            WHERE email = %s
+            """,
+            [user_email],
+        )
+        if len(user) == 0:
+            raise USER_NOT_FOUND_EXCEPTION
+        return user[0]