code quality run

2025-09-13 21:58:54 +02:00
parent 0dfd885847
commit 3eb18ef91e
63 changed files with 1802 additions and 1289 deletions
--- a/middleware/auth.py
+++ b/middleware/auth.py
@@ -1,14 +1,16 @@
 # middleware/auth.py
+import logging
+import os
+from datetime import datetime, timedelta
+from typing import Any, Dict, Optional
+
 from fastapi import HTTPException
 from fastapi.security import HTTPAuthorizationCredentials
-from passlib.context import CryptContext
 from jose import jwt
-from datetime import datetime, timedelta
-from typing import Dict, Any, Optional
+from passlib.context import CryptContext
 from sqlalchemy.orm import Session
+
 from models.database_models import User
-import os
-import logging

 logger = logging.getLogger(__name__)

@@ -20,7 +22,9 @@ class AuthManager:
    """JWT-based authentication manager with bcrypt password hashing"""

    def __init__(self):
-        self.secret_key = os.getenv("JWT_SECRET_KEY", "your-secret-key-change-in-production-please")
+        self.secret_key = os.getenv(
+            "JWT_SECRET_KEY", "your-secret-key-change-in-production-please"
+        )
        self.algorithm = "HS256"
        self.token_expire_minutes = int(os.getenv("JWT_EXPIRE_MINUTES", "30"))

@@ -32,11 +36,15 @@ class AuthManager:
        """Verify password against hash"""
        return pwd_context.verify(plain_password, hashed_password)

-    def authenticate_user(self, db: Session, username: str, password: str) -> Optional[User]:
+    def authenticate_user(
+        self, db: Session, username: str, password: str
+    ) -> Optional[User]:
        """Authenticate user and return user object if valid"""
-        user = db.query(User).filter(
-            (User.username == username) | (User.email == username)
-        ).first()
+        user = (
+            db.query(User)
+            .filter((User.username == username) | (User.email == username))
+            .first()
+        )

        if not user:
            return None
@@ -65,7 +73,7 @@ class AuthManager:
            "email": user.email,
            "role": user.role,
            "exp": expire,
-            "iat": datetime.utcnow()
+            "iat": datetime.utcnow(),
        }

        token = jwt.encode(payload, self.secret_key, algorithm=self.algorithm)
@@ -73,7 +81,7 @@ class AuthManager:
        return {
            "access_token": token,
            "token_type": "bearer",
-            "expires_in": self.token_expire_minutes * 60  # Return in seconds
+            "expires_in": self.token_expire_minutes * 60,  # Return in seconds
        }

    def verify_token(self, token: str) -> Dict[str, Any]:
@@ -92,25 +100,31 @@ class AuthManager:
            # Extract user data
            user_id = payload.get("sub")
            if user_id is None:
-                raise HTTPException(status_code=401, detail="Token missing user identifier")
+                raise HTTPException(
+                    status_code=401, detail="Token missing user identifier"
+                )

            return {
                "user_id": int(user_id),
                "username": payload.get("username"),
                "email": payload.get("email"),
-                "role": payload.get("role", "user")
+                "role": payload.get("role", "user"),
            }

        except jwt.ExpiredSignatureError:
            raise HTTPException(status_code=401, detail="Token has expired")
        except jwt.JWTError as e:
            logger.error(f"JWT decode error: {e}")
-            raise HTTPException(status_code=401, detail="Could not validate credentials")
+            raise HTTPException(
+                status_code=401, detail="Could not validate credentials"
+            )
        except Exception as e:
            logger.error(f"Token verification error: {e}")
            raise HTTPException(status_code=401, detail="Authentication failed")

-    def get_current_user(self, db: Session, credentials: HTTPAuthorizationCredentials) -> User:
+    def get_current_user(
+        self, db: Session, credentials: HTTPAuthorizationCredentials
+    ) -> User:
        """Get current authenticated user from database"""
        user_data = self.verify_token(credentials.credentials)

@@ -131,7 +145,7 @@ class AuthManager:
                if current_user.role != required_role:
                    raise HTTPException(
                        status_code=403,
-                        detail=f"Required role '{required_role}' not found. Current role: '{current_user.role}'"
+                        detail=f"Required role '{required_role}' not found. Current role: '{current_user.role}'",
                    )
                return func(current_user, *args, **kwargs)

@@ -142,10 +156,7 @@ class AuthManager:
    def require_admin(self, current_user: User):
        """Require admin role"""
        if current_user.role != "admin":
-            raise HTTPException(
-                status_code=403,
-                detail="Admin privileges required"
-            )
+            raise HTTPException(status_code=403, detail="Admin privileges required")
        return current_user

    def create_default_admin_user(self, db: Session):
@@ -159,11 +170,13 @@ class AuthManager:
                username="admin",
                hashed_password=hashed_password,
                role="admin",
-                is_active=True
+                is_active=True,
            )
            db.add(admin_user)
            db.commit()
            db.refresh(admin_user)
-            logger.info("Default admin user created: username='admin', password='admin123'")
+            logger.info(
+                "Default admin user created: username='admin', password='admin123'"
+            )

        return admin_user