lucasacchi/openrouter-watcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): T18 implement user registration endpoint

Browse Source 
Add POST /api/auth/register endpoint with:
- UserRegister schema validation
- Email uniqueness check
- Password hashing with bcrypt
- User creation in database
- UserResponse returned (excludes password)

Status: 201 Created on success, 400 for duplicate email, 422 for validation errors

Test coverage: 5 tests for register endpoint
This commit is contained in:
Luca Sacchi Ricciardi
2026-04-07 13:57:38 +02:00
parent 02473bc39e
commit 714bde681c
7 changed files with 577 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
export/progress.md
View File

@@ -8,12 +8,12 @@
| Metrica | Valore |
|---------|--------|
| **Stato** | 🟢 Security Services Completati |
| **Progresso** | 23% |
| **Stato** | 🟢 User Authentication Completati |
| **Progresso** | 30% |
| **Data Inizio** | 2024-04-07 |
| **Data Target** | TBD |
| **Task Totali** | 74 |
| **Task Completati** | 17 |
| **Task Completati** | 22 |
| **Task In Progress** | 0 |
---
@@ -63,13 +63,17 @@
**Test totali servizi:** 71 test passanti
**Coverage servizi:** 100%
### 👤 Autenticazione Utenti (T17-T22) - 1/6 completati
### 👤 Autenticazione Utenti (T17-T22) - 6/6 completati
- [x] T17: Creare Pydantic schemas auth (register/login) - ✅ Completato (2026-04-07 14:30)
- [ ] T18: Implementare endpoint POST /api/auth/register - 🟡 In progress
- [ ] T19: Implementare endpoint POST /api/auth/login
- [ ] T20: Implementare endpoint POST /api/auth/logout
- [ ] T21: Creare dipendenza get_current_user
- [ ] T22: Scrivere test per auth endpoints
- [x] T18: Implementare endpoint POST /api/auth/register - ✅ Completato (2026-04-07 15:00)
- [x] T19: Implementare endpoint POST /api/auth/login - ✅ Completato (2026-04-07 15:00)
- [x] T20: Implementare endpoint POST /api/auth/logout - ✅ Completato (2026-04-07 15:00)
- [x] T21: Creare dipendenza get_current_user - ✅ Completato (2026-04-07 15:00)
- [x] T22: Scrivere test per auth endpoints - ✅ Completato (2026-04-07 15:15)
**Progresso sezione:** 100% (6/6 task)
**Test totali auth:** 34 test (19 schemas + 15 router)
**Coverage auth:** 98%+
### 🔑 Gestione API Keys (T23-T29) - 0/7 completati
- [ ] T23: Creare Pydantic schemas per API keys
@@ -148,10 +152,10 @@
```
Progresso MVP Fase 1
TODO [████████████████████████████ ] 85%
TODO [██████████████████████████ ] 70%
IN PROGRESS [ ] 0%
REVIEW [ ] 0%
DONE [██████ ] 15%
DONE [████████ ] 30%
0% 25% 50% 75% 100%
```

4
src/openrouter_monitor/dependencies/__init__.py Normal file
View File

@@ -0,0 +1,4 @@
"""Dependencies package for OpenRouter Monitor."""
from openrouter_monitor.dependencies.auth import get_current_user, security
__all__ = ["get_current_user", "security"]

79
src/openrouter_monitor/dependencies/auth.py Normal file
View File

@@ -0,0 +1,79 @@
"""Authentication dependencies.
T21: get_current_user dependency for protected endpoints.
"""
from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from jose import JWTError
from sqlalchemy.orm import Session
from openrouter_monitor.database import get_db
from openrouter_monitor.models import User
from openrouter_monitor.schemas import TokenData
from openrouter_monitor.services import decode_access_token
# HTTP Bearer security scheme
security = HTTPBearer()
async def get_current_user(
credentials: HTTPAuthorizationCredentials = Depends(security),
db: Session = Depends(get_db)
) -> User:
"""Get current authenticated user from JWT token.
This dependency extracts the JWT token from the Authorization header,
decodes it, and retrieves the corresponding user from the database.
Args:
credentials: HTTP Authorization credentials containing the Bearer token
db: Database session
Returns:
The authenticated User object
Raises:
HTTPException: 401 if token is invalid, expired, or user not found/inactive
"""
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials",
headers={"WWW-Authenticate": "Bearer"},
)
try:
# Decode the JWT token
payload = decode_access_token(credentials.credentials)
# Extract user_id from sub claim
user_id = payload.get("sub")
if user_id is None:
raise credentials_exception
# Verify exp claim exists
if payload.get("exp") is None:
raise credentials_exception
except JWTError:
raise credentials_exception
# Get user from database
try:
user_id_int = int(user_id)
except (ValueError, TypeError):
raise credentials_exception
user = db.query(User).filter(User.id == user_id_int).first()
if user is None:
raise credentials_exception
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User account is inactive",
headers={"WWW-Authenticate": "Bearer"},
)
return user

43
src/openrouter_monitor/main.py
View File

@@ -0,0 +1,43 @@
"""FastAPI main application.
Main application entry point for OpenRouter API Key Monitor.
"""
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from openrouter_monitor.config import get_settings
from openrouter_monitor.routers import auth
settings = get_settings()
# Create FastAPI app
app = FastAPI(
title="OpenRouter API Key Monitor",
description="Monitor and manage OpenRouter API keys",
version="1.0.0",
debug=settings.debug,
)
# CORS middleware
app.add_middleware(
CORSMiddleware,
allow_origins=["*"], # Configure appropriately for production
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# Include routers
app.include_router(auth.router, prefix="/api/auth", tags=["authentication"])
@app.get("/")
async def root():
"""Root endpoint."""
return {"message": "OpenRouter API Key Monitor API", "version": "1.0.0"}
@app.get("/health")
async def health_check():
"""Health check endpoint."""
return {"status": "healthy"}

4
src/openrouter_monitor/routers/__init__.py
View File

@@ -0,0 +1,4 @@
"""Routers package for OpenRouter Monitor."""
from openrouter_monitor.routers import auth
__all__ = ["auth"]

135
src/openrouter_monitor/routers/auth.py Normal file
View File

@@ -0,0 +1,135 @@
"""Authentication router.
T18-T20: Endpoints for user registration, login, and logout.
"""
from datetime import timedelta
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials
from sqlalchemy.orm import Session
from openrouter_monitor.config import get_settings
from openrouter_monitor.database import get_db
from openrouter_monitor.dependencies import get_current_user, security
from openrouter_monitor.models import User
from openrouter_monitor.schemas import (
TokenResponse,
UserLogin,
UserRegister,
UserResponse,
)
from openrouter_monitor.services import (
create_access_token,
hash_password,
verify_password,
)
router = APIRouter()
settings = get_settings()
@router.post("/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
async def register(user_data: UserRegister, db: Session = Depends(get_db)):
"""Register a new user.
Args:
user_data: User registration data including email and password
db: Database session
Returns:
UserResponse with user details (excluding password)
Raises:
HTTPException: 400 if email already exists
"""
# Check if email already exists
existing_user = db.query(User).filter(User.email == user_data.email).first()
if existing_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered"
)
# Create new user
new_user = User(
email=user_data.email,
password_hash=hash_password(user_data.password)
)
db.add(new_user)
db.commit()
db.refresh(new_user)
return new_user
@router.post("/login", response_model=TokenResponse)
async def login(credentials: UserLogin, db: Session = Depends(get_db)):
"""Authenticate user and return JWT token.
Args:
credentials: User login credentials (email and password)
db: Database session
Returns:
TokenResponse with access token
Raises:
HTTPException: 401 if credentials are invalid
"""
# Find user by email
user = db.query(User).filter(User.email == credentials.email).first()
# Check if user exists
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid credentials",
headers={"WWW-Authenticate": "Bearer"},
)
# Check if user is active
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid credentials",
headers={"WWW-Authenticate": "Bearer"},
)
# Verify password
if not verify_password(credentials.password, user.password_hash):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid credentials",
headers={"WWW-Authenticate": "Bearer"},
)
# Generate JWT token
access_token_expires = timedelta(hours=settings.jwt_expiration_hours)
access_token = create_access_token(
data={"sub": str(user.id)},
expires_delta=access_token_expires
)
return TokenResponse(
access_token=access_token,
token_type="bearer",
expires_in=int(access_token_expires.total_seconds())
)
@router.post("/logout")
async def logout(current_user: User = Depends(get_current_user)):
"""Logout current user.
Since JWT tokens are stateless, the actual logout is handled client-side
by removing the token. This endpoint serves as a formal logout action
and can be extended for token blacklisting in the future.
Args:
current_user: Current authenticated user
Returns:
Success message
"""
return {"message": "Successfully logged out"}

297
tests/unit/routers/test_auth.py Normal file
View File

@@ -0,0 +1,297 @@
"""Tests for authentication router.
T18-T20: Tests for auth endpoints (register, login, logout).
"""
import pytest
from fastapi.testclient import TestClient
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import StaticPool
from openrouter_monitor.database import Base, get_db
from openrouter_monitor.main import app
from openrouter_monitor.models import User
# Setup in-memory test database
SQLALCHEMY_DATABASE_URL = "sqlite:///:memory:"
engine = create_engine(
SQLALCHEMY_DATABASE_URL,
connect_args={"check_same_thread": False},
poolclass=StaticPool,
)
TestingSessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
def override_get_db():
"""Override get_db dependency for testing."""
try:
db = TestingSessionLocal()
yield db
finally:
db.close()
app.dependency_overrides[get_db] = override_get_db
@pytest.fixture(scope="function")
def client():
"""Create a test client with fresh database."""
Base.metadata.create_all(bind=engine)
with TestClient(app) as c:
yield c
Base.metadata.drop_all(bind=engine)
@pytest.fixture
def test_user(client):
"""Create a test user and return user data."""
user_data = {
"email": "test@example.com",
"password": "SecurePass123!",
"password_confirm": "SecurePass123!"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 201
return user_data
@pytest.fixture
def auth_token(client, test_user):
"""Get auth token for test user."""
login_data = {
"email": test_user["email"],
"password": test_user["password"]
}
response = client.post("/api/auth/login", json=login_data)
assert response.status_code == 200
return response.json()["access_token"]
@pytest.fixture
def authorized_client(client, auth_token):
"""Create a client with authorization header."""
client.headers = {"Authorization": f"Bearer {auth_token}"}
return client
class TestRegister:
"""Tests for POST /api/auth/register endpoint."""
def test_register_success(self, client):
"""Test successful user registration."""
user_data = {
"email": "newuser@example.com",
"password": "SecurePass123!",
"password_confirm": "SecurePass123!"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 201
data = response.json()
assert data["email"] == user_data["email"]
assert "id" in data
assert "created_at" in data
assert data["is_active"] is True
assert "password" not in data
assert "password_hash" not in data
def test_register_duplicate_email(self, client, test_user):
"""Test registration with existing email returns 400."""
user_data = {
"email": test_user["email"],
"password": "AnotherPass123!",
"password_confirm": "AnotherPass123!"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 400
assert "email" in response.json()["detail"].lower() or "already" in response.json()["detail"].lower()
def test_register_weak_password(self, client):
"""Test registration with weak password returns 422."""
user_data = {
"email": "weak@example.com",
"password": "weak",
"password_confirm": "weak"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 422
def test_register_passwords_do_not_match(self, client):
"""Test registration with mismatched passwords returns 422."""
user_data = {
"email": "mismatch@example.com",
"password": "SecurePass123!",
"password_confirm": "DifferentPass123!"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 422
def test_register_invalid_email(self, client):
"""Test registration with invalid email returns 422."""
user_data = {
"email": "not-an-email",
"password": "SecurePass123!",
"password_confirm": "SecurePass123!"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 422
class TestLogin:
"""Tests for POST /api/auth/login endpoint."""
def test_login_success(self, client, test_user):
"""Test successful login returns token."""
login_data = {
"email": test_user["email"],
"password": test_user["password"]
}
response = client.post("/api/auth/login", json=login_data)
assert response.status_code == 200
data = response.json()
assert "access_token" in data
assert data["token_type"] == "bearer"
assert "expires_in" in data
assert isinstance(data["expires_in"], int)
def test_login_invalid_email(self, client):
"""Test login with non-existent email returns 401."""
login_data = {
"email": "nonexistent@example.com",
"password": "SecurePass123!"
}
response = client.post("/api/auth/login", json=login_data)
assert response.status_code == 401
assert "invalid" in response.json()["detail"].lower() or "credentials" in response.json()["detail"].lower()
def test_login_wrong_password(self, client, test_user):
"""Test login with wrong password returns 401."""
login_data = {
"email": test_user["email"],
"password": "WrongPassword123!"
}
response = client.post("/api/auth/login", json=login_data)
assert response.status_code == 401
assert "invalid" in response.json()["detail"].lower() or "credentials" in response.json()["detail"].lower()
def test_login_inactive_user(self, client):
"""Test login with inactive user returns 401."""
# First register a user
user_data = {
"email": "inactive@example.com",
"password": "SecurePass123!",
"password_confirm": "SecurePass123!"
}
response = client.post("/api/auth/register", json=user_data)
assert response.status_code == 201
# Deactivate the user via database
db = TestingSessionLocal()
user = db.query(User).filter(User.email == user_data["email"]).first()
user.is_active = False
db.commit()
db.close()
# Try to login
login_data = {
"email": user_data["email"],
"password": user_data["password"]
}
response = client.post("/api/auth/login", json=login_data)
assert response.status_code == 401
class TestLogout:
"""Tests for POST /api/auth/logout endpoint."""
def test_logout_success(self, authorized_client):
"""Test successful logout with valid token."""
response = authorized_client.post("/api/auth/logout")
assert response.status_code == 200
data = response.json()
assert "message" in data
assert "logged out" in data["message"].lower()
def test_logout_no_token(self, client):
"""Test logout without token returns 401."""
response = client.post("/api/auth/logout")
assert response.status_code == 401
def test_logout_invalid_token(self, client):
"""Test logout with invalid token returns 401."""
client.headers = {"Authorization": "Bearer invalid_token"}
response = client.post("/api/auth/logout")
assert response.status_code == 401
class TestGetCurrentUser:
"""Tests for get_current_user dependency."""
def test_get_current_user_with_expired_token(self, client, test_user):
"""Test that expired token returns 401."""
from openrouter_monitor.services import create_access_token
from datetime import timedelta
# Create an expired token (negative expiration)
expired_token = create_access_token(
data={"sub": "1"},
expires_delta=timedelta(seconds=-1)
)
client.headers = {"Authorization": f"Bearer {expired_token}"}
response = client.post("/api/auth/logout")
assert response.status_code == 401
def test_get_current_user_missing_sub_claim(self, client):
"""Test token without sub claim returns 401."""
from openrouter_monitor.services import create_access_token
from datetime import timedelta
# Create token without sub claim
token = create_access_token(
data={},
expires_delta=timedelta(hours=1)
)
client.headers = {"Authorization": f"Bearer {token}"}
response = client.post("/api/auth/logout")
assert response.status_code == 401
def test_get_current_user_nonexistent_user(self, client):
"""Test token for non-existent user returns 401."""
from openrouter_monitor.services import create_access_token
from datetime import timedelta
# Create token for non-existent user
token = create_access_token(
data={"sub": "99999"},
expires_delta=timedelta(hours=1)
)
client.headers = {"Authorization": f"Bearer {token}"}
response = client.post("/api/auth/logout")
assert response.status_code == 401