update v1

Docs.md

@@ -1,6 +1,274 @@
-Access_Levels:
-    - Default: Basic access level for regular users. Mostly for the Chat application accounts
-    - Member: Standard member privileges
-    - Admin: Administrative access
-    - Dev: Developer access for technical operations
-    - Hush: Special restricted access level
+# Authentication System API Documentation
+
+## Base URL
+```
+/v1/api
+```
+
+## Authentication Routes
+
+### 1. Sign Up
+Creates a new user account.
+
+**Endpoint:** `POST /auth/signup`
+
+**Request Body:**
+```json
+{
+  "username": "string",
+  "password": "string",
+  "email": "string (optional)"
+}
+```
+
+**Response (201 Created):**
+```json
+{
+  "message": "User created successfully"
+}
+```
+
+**Possible Errors:**
+- `400 Bad Request`: Username already exists
+
+### 2. Login
+Authenticates a user and creates a new session.
+
+**Endpoint:** `POST /auth/login`
+
+**Headers:**
+- `user-agent`: Browser/device user agent string (required)
+
+**Request Body:**
+```json
+{
+  "username": "string",
+  "password": "string"
+}
+```
+
+**Response (200 OK):**
+```json
+{
+  "user_id": "string",
+  "username": "string",
+  "email": "string",
+  "access_level": "string",
+  "date_joined": "datetime",
+  "access_token": "string",
+  "token_type": "bearer"
+}
+```
+
+**Possible Errors:**
+- `401 Unauthorized`: Invalid credentials
+
+### 3. Logout
+Terminates an active session.
+
+**Endpoint:** `POST /auth/logout`
+
+**Query Parameters:**
+- `user_id`: string
+- `token`: string
+
+**Response (200 OK):**
+```json
+{
+  "message": "Session forcefully expired"
+}
+```
+
+**Possible Errors:**
+- `400 Bad Request`: No active sessions
+
+### 4. Validate Token
+Validates an existing session token.
+
+**Endpoint:** `GET /auth/validate`
+
+**Headers:**
+- `user-agent`: Browser/device user agent string (required)
+
+**Query Parameters:**
+- `user_id`: string
+- `token`: string
+
+**Response (200 OK):**
+```json
+{
+  "access_token": "string",
+  "token_type": "bearer"
+}
+```
+
+**Possible Errors:**
+- `401 Unauthorized`: No active sessions, Device mismatch, Token expired, Invalid token
+
+### 5. Search Users
+Search for users by username.
+
+**Endpoint:** `GET /auth/search-users`
+
+**Query Parameters:**
+- `query`: string
+
+**Response (200 OK):**
+```json
+[
+  "string"
+]
+```
+
+### 6. Get User ID
+Retrieve user ID by username.
+
+**Endpoint:** `GET /auth/get-user-id`
+
+**Query Parameters:**
+- `username`: string
+
+**Response (200 OK):**
+```
+"string" (user_id)
+```
+
+**Possible Errors:**
+- `404 Not Found`: Username not found
+
+### 7. Update Own Data
+Update authenticated user's information.
+
+**Endpoint:** `PUT /auth/user/update`
+
+**Headers:**
+- `token`: string
+- `user-agent`: Browser/device user agent string (required)
+
+**Query Parameters:**
+- `user_id`: string
+
+**Request Body:**
+```json
+{
+  "password": "string (optional)",
+  "email": "string (optional)",
+  "username": "string (optional)"
+}
+```
+
+**Response (200 OK):**
+```json
+{
+  "username": "string",
+  "email": "string",
+  "access_level": "string",
+  "date_joined": "datetime"
+}
+```
+
+## Admin Routes
+
+### 1. Get All Users
+Retrieve all users (requires HUSH access level).
+
+**Endpoint:** `GET /admin/users`
+
+**Headers:**
+- `user-agent`: Browser/device user agent string (required)
+
+**Query Parameters:**
+- `user_id`: string (admin's user ID)
+- `token`: string
+
+**Response (200 OK):**
+```json
+[
+  {
+    "username": "string",
+    "email": "string",
+    "access_level": "string",
+    "date_joined": "datetime"
+  }
+]
+```
+
+**Possible Errors:**
+- `403 Forbidden`: Insufficient permissions
+
+### 2. Get User Details
+Retrieve specific user details (requires HUSH access level).
+
+**Endpoint:** `GET /admin/user/{user_id}`
+
+**Headers:**
+- `user-agent`: Browser/device user agent string (required)
+
+**Query Parameters:**
+- `admin_id`: string
+- `token`: string
+
+**Response (200 OK):**
+```json
+{
+  "username": "string",
+  "email": "string",
+  "access_level": "string",
+  "date_joined": "datetime"
+}
+```
+
+### 3. Update User
+Update user information (requires HUSH access level).
+
+**Endpoint:** `PUT /admin/user/{user_id}`
+
+**Headers:**
+- `user-agent`: Browser/device user agent string (required)
+
+**Query Parameters:**
+- `admin_id`: string
+- `token`: string
+
+**Request Body:**
+```json
+{
+  "password": "string (optional)",
+  "email": "string (optional)",
+  "username": "string (optional)"
+}
+```
+
+### 4. Update Access Level
+Update user access level (requires HUSH access level).
+
+**Endpoint:** `PUT /admin/user/{user_id}/access-level`
+
+**Headers:**
+- `user-agent`: Browser/device user agent string (required)
+
+**Query Parameters:**
+- `admin_id`: string
+- `token`: string
+
+**Request Body:**
+```json
+{
+  "access_level": "string"
+}
+```
+
+## Access Levels
+The system supports the following access levels in ascending order of privileges:
+1. `default`
+2. `member`
+3. `admin`
+4. `dev`
+5. `hush`
+
+## Notes
+- All timestamps are in UTC
+- Token expiration is set to 60 minutes
+- Sessions are device-specific and validated against the user agent
+- Database changes are saved to disk in debug mode
+- The system automatically creates a HUSH-level system user on startup

init_supabase_sql.txt

@@ -0,0 +1,47 @@
+-- Enable UUID extension
+create extension if not exists "uuid-ossp";
+
+-- Users table
+create table if not exists public.users (
+    id uuid primary key,
+    username text unique not null,
+    password text not null,
+    email text,
+    date_joined timestamp with time zone not null,
+    access_level text not null
+);
+
+-- Sessions table
+create table if not exists public.sessions (
+    id uuid primary key default uuid_generate_v4(),
+    user_id uuid references public.users(id),
+    token text not null,
+    expires timestamp with time zone not null,
+    device text not null
+);
+
+-- Create indexes for better performance
+create index if not exists idx_users_username on public.users(username);
+create index if not exists idx_sessions_user_id on public.sessions(user_id);
+create index if not exists idx_sessions_token on public.sessions(token);
+
+-- Set up Row Level Security (RLS)
+alter table public.users enable row level security;
+alter table public.sessions enable row level security;
+
+-- Create policies
+create policy "Enable read access for all users"
+    on public.users for select
+    using (true);
+
+create policy "Enable insert for authenticated users only"
+    on public.users for insert
+    with check (true);
+
+create policy "Enable update for authenticated users"
+    on public.users for update
+    using (true);
+
+create policy "Enable all access for sessions"
+    on public.sessions for all
+    using (true);

main.py

@@ -4,16 +4,20 @@ from pydantic import BaseModel, EmailStr
 from typing import Dict, List
 from datetime import datetime, timedelta, timezone
 import secrets
-import threading
-import time
-import json
 import hashlib
 import uuid
 from user_agents import parse
 from dotenv import load_dotenv
+from supabase import create_client, Client
+from typing import Optional
 
 load_dotenv()
 
+# Supabase Configuration
+SUPABASE_URL = os.getenv("SUPABASE_URL")
+SUPABASE_KEY = os.getenv("SUPABASE_KEY")
+supabase: Client = create_client(SUPABASE_URL, SUPABASE_KEY)
+
 SYSTEM_USER = os.getenv("SYSTEM_USER")
 SYSTEM_PASSWORD = os.getenv("SYSTEM_PASSWORD")
 
@@ -23,28 +27,6 @@ app = FastAPI()
 auth_router = APIRouter(prefix="/v1/api/auth", tags=["Authentication"])
 admin_router = APIRouter(prefix="/v1/api/admin", tags=["Admin"])
 
-# Simulated in-memory databases
-users_db: Dict[str, dict] = {}
-sessions_db: Dict[str, List[dict]] = {}
-
-# Debug Mode
-DEBUG = True
-DB_FILE_USERS = "users_db.json"
-DB_FILE_SESSIONS = "sessions_db.json"
-
-if DEBUG:
-    try:
-        with open(DB_FILE_USERS, "r") as f:
-            users_db = json.load(f)
-    except FileNotFoundError:
-        users_db = {}
-
-    try:
-        with open(DB_FILE_SESSIONS, "r") as f:
-            sessions_db = json.load(f)
-    except FileNotFoundError:
-        sessions_db = {}
-
 # Constants
 TOKEN_EXPIRATION_MINUTES = 60
 ACCESS_LEVELS = ["default", "member", "admin", "dev", "hush"]
@@ -53,7 +35,7 @@ ACCESS_LEVELS = ["default", "member", "admin", "dev", "hush"]
 class SignupRequest(BaseModel):
     username: str
     password: str
-    email: EmailStr = None  # Make email optional
+    email: Optional[EmailStr] = None
 
 class LoginRequest(BaseModel):
     username: str
@@ -79,9 +61,9 @@ class UserResponse(BaseModel):
     date_joined: datetime
 
 class UpdateUserRequest(BaseModel):
-    password: str = None
-    email: EmailStr = None
-    username: str = None
+    password: Optional[str] = None
+    email: Optional[EmailStr] = None
+    username: Optional[str] = None
 
 class UpdateAccessLevelRequest(BaseModel):
     access_level: str
@@ -101,279 +83,265 @@ def create_device_token(username: str, user_agent: str) -> str:
 def is_token_expired(expiration_time: datetime) -> bool:
     return datetime.now(timezone.utc) > expiration_time
 
-def save_databases():
-    if DEBUG:
-        with open(DB_FILE_USERS, "w") as f:
-            json.dump(users_db, f, default=str)
-
-        with open(DB_FILE_SESSIONS, "w") as f:
-            json.dump(sessions_db, f, default=str)
-
-# Background task for cleaning up expired sessions
-def cleanup_expired_sessions():
-    while True:
-        now = datetime.now(timezone.utc)
-        for user_id, sessions in list(sessions_db.items()):
-            sessions_db[user_id] = [
-                session for session in sessions if session["expires"] > now
-            ]
-            if not sessions_db[user_id]:  # Remove user if no active sessions
-                del sessions_db[user_id]
-        save_databases()
-        time.sleep(60)  # Run cleanup every 60 seconds
-
-# Set timezone
-now = datetime.now(timezone.utc)
-print(f"Server starting at: {now.astimezone(timezone(timedelta(hours=5, minutes=30)))} (Sri Lankan Time)")
-
-# Start the background cleanup task
-cleanup_thread = threading.Thread(target=cleanup_expired_sessions, daemon=True)
-cleanup_thread.start()
-
-# Create system hush user
-SYSTEM_USER_ID = str(uuid.uuid4())
-users_db[SYSTEM_USER_ID] = {
-    "username": SYSTEM_USER,
-    "password": hash_password(SYSTEM_PASSWORD),
-    "email": None,
-    "date_joined": datetime.now(timezone.utc),
-    "access_level": "hush",
-}
-save_databases()
+# Initialize system user
+async def init_system_user():
+    system_user_data = {
+        "id": str(uuid.uuid4()),
+        "username": SYSTEM_USER,
+        "password": hash_password(SYSTEM_PASSWORD),
+        "email": None,
+        "date_joined": datetime.now(timezone.utc).isoformat(),
+        "access_level": "hush"
+    }
+    
+    # Check if system user exists
+    existing_user = supabase.table("users").select("*").eq("username", SYSTEM_USER).execute()
+    if not existing_user.data:
+        supabase.table("users").insert(system_user_data).execute()
 
 # Authentication Routes
 @auth_router.post("/signup", status_code=status.HTTP_201_CREATED)
-def signup(request: SignupRequest):
-    for user in users_db.values():
-        if user["username"] == request.username:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST, detail="Username already exists"
-            )
-
-    user_id = str(uuid.uuid4())
-    date_joined = datetime.now(timezone.utc)
-
-    # Auto apply default access level
-    users_db[user_id] = {
+async def signup(request: SignupRequest):
+    # Check if username exists
+    existing_user = supabase.table("users").select("*").eq("username", request.username).execute()
+    if existing_user.data:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST, detail="Username already exists"
+        )
+
+    user_data = {
+        "id": str(uuid.uuid4()),
         "username": request.username,
         "password": hash_password(request.password),
         "email": request.email,
-        "date_joined": date_joined,
-        "access_level": "default",  # Default access level
+        "date_joined": datetime.now(timezone.utc).isoformat(),
+        "access_level": "default"
     }
-    save_databases()
+    
+    supabase.table("users").insert(user_data).execute()
     return {"message": "User created successfully"}
 
 @auth_router.post("/login", response_model=LoginResponse)
-def login(request: LoginRequest, user_agent: str = Header(...)):
-    user_id = next((uid for uid, user in users_db.items() if user["username"] == request.username), None)
-    if not user_id or not verify_password(request.password, users_db[user_id]["password"]):
+async def login(request: LoginRequest, user_agent: str = Header(...)):
+    user_query = supabase.table("users").select("*").eq("username", request.username).execute()
+    
+    if not user_query.data or not verify_password(request.password, user_query.data[0]["password"]):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials"
         )
 
-    # Generate a new device-specific session token
+    user = user_query.data[0]
     token = create_device_token(request.username, user_agent)
     expiration_time = datetime.now(timezone.utc) + timedelta(minutes=TOKEN_EXPIRATION_MINUTES)
 
-    # Add the session
-    if user_id not in sessions_db:
-        sessions_db[user_id] = []
-    sessions_db[user_id].append({"token": token, "expires": expiration_time, "device": user_agent})
-    save_databases()
+    session_data = {
+        "user_id": user["id"],
+        "token": token,
+        "expires": expiration_time.isoformat(),
+        "device": user_agent
+    }
+    
+    supabase.table("sessions").insert(session_data).execute()
 
-    user = users_db[user_id]
     return LoginResponse(
-        user_id=user_id,
+        user_id=user["id"],
         username=user["username"],
         email=user["email"],
         access_level=user["access_level"],
-        date_joined=user["date_joined"],
+        date_joined=datetime.fromisoformat(user["date_joined"]),
         access_token=token
     )
 
 @auth_router.post("/logout")
-def logout(user_id: str, token: str):
-    sessions = sessions_db.get(user_id)
-    if not sessions:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="No active sessions"
-        )
-    sessions_db[user_id] = [s for s in sessions if s["token"] != token]
-    if not sessions_db[user_id]:
-        del sessions_db[user_id]
-    save_databases()
+async def logout(user_id: str, token: str):
+    supabase.table("sessions").delete().eq("user_id", user_id).eq("token", token).execute()
     return {"message": "Session forcefully expired"}
 
 @auth_router.get("/validate", response_model=TokenResponse)
-def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
-    sessions = sessions_db.get(user_id)
-    if not sessions:
+async def validate_token(user_id: str, token: str, user_agent: str = Header(...)):
+    session_query = (
+        supabase.table("sessions")
+        .select("*")
+        .eq("user_id", user_id)
+        .eq("token", token)
+        .eq("device", user_agent)
+        .execute()
+    )
+
+    if not session_query.data:
         raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="No active sessions"
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
         )
 
-    for session in sessions:
-        if session["token"] == token:
-            if session["device"] != user_agent:
-                raise HTTPException(
-                    status_code=status.HTTP_401_UNAUTHORIZED, detail="Device mismatch"
-                )
-            if is_token_expired(session["expires"]):
-                sessions.remove(session)
-                if not sessions:
-                    del sessions_db[user_id]
-                save_databases()
-                raise HTTPException(
-                    status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
-                )
-            return TokenResponse(access_token=token)
-
-    raise HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
-    )
+    session = session_query.data[0]
+    if is_token_expired(datetime.fromisoformat(session["expires"])):
+        supabase.table("sessions").delete().eq("id", session["id"]).execute()
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Token expired"
+        )
+
+    return TokenResponse(access_token=token)
 
 @auth_router.get("/search-users", response_model=List[str])
-def search_users(query: str):
-    return [user["username"] for user in users_db.values() if query.lower() in user["username"].lower()]
+async def search_users(query: str):
+    users = supabase.table("users").select("username").ilike("username", f"%{query}%").execute()
+    return [user["username"] for user in users.data]
+
+@auth_router.get("/get-user-id", response_model=str)
+async def get_user_id(username: str):
+    user_query = supabase.table("users").select("id").eq("username", username).execute()
+    
+    if not user_query.data:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Username not found"
+        )
+    
+    return user_query.data[0]["id"]
 
 # Admin Routes
 @admin_router.get("/users", response_model=List[UserResponse])
-def get_all_users(user_id: str, token: str, user_agent: str = Header(...)):
-    validate_token(user_id, token, user_agent)
+async def get_all_users(user_id: str, token: str, user_agent: str = Header(...)):
+    await validate_token(user_id, token, user_agent)
 
-    if users_db[user_id]["access_level"] != "hush":
+    admin_query = supabase.table("users").select("access_level").eq("id", user_id).execute()
+    if not admin_query.data or admin_query.data[0]["access_level"] != "hush":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions"
         )
 
+    users = supabase.table("users").select("*").execute()
     return [
-        {
-            "username": data["username"],
-            "email": data["email"],
-            "access_level": data["access_level"],
-            "date_joined": data["date_joined"],
-        }
-        for data in users_db.values()
+        UserResponse(
+            username=user["username"],
+            email=user["email"],
+            access_level=user["access_level"],
+            date_joined=datetime.fromisoformat(user["date_joined"])
+        )
+        for user in users.data
     ]
 
 @admin_router.get("/user/{user_id}", response_model=UserResponse)
-def get_user(admin_id: str, token: str, user_id: str, user_agent: str = Header(...)):
-    validate_token(admin_id, token, user_agent)
+async def get_user(admin_id: str, token: str, user_id: str, user_agent: str = Header(...)):
+    await validate_token(admin_id, token, user_agent)
 
-    if users_db[admin_id]["access_level"] != "hush":
+    admin_query = supabase.table("users").select("access_level").eq("id", admin_id).execute()
+    if not admin_query.data or admin_query.data[0]["access_level"] != "hush":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions"
         )
 
-    user = users_db.get(user_id)
-    if not user:
+    user_query = supabase.table("users").select("*").eq("id", user_id).execute()
+    if not user_query.data:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
         )
-    return {
-        "username": user["username"],
-        "email": user["email"],
-        "access_level": user["access_level"],
-        "date_joined": user["date_joined"],
-    }
+
+    user = user_query.data[0]
+    return UserResponse(
+        username=user["username"],
+        email=user["email"],
+        access_level=user["access_level"],
+        date_joined=datetime.fromisoformat(user["date_joined"])
+    )
 
 @admin_router.put("/user/{user_id}", response_model=UserResponse)
-def update_user(admin_id: str, token: str, user_id: str, request: UpdateUserRequest, user_agent: str = Header(...)):
-    validate_token(admin_id, token, user_agent)
+async def update_user(admin_id: str, token: str, user_id: str, request: UpdateUserRequest, user_agent: str = Header(...)):
+    await validate_token(admin_id, token, user_agent)
 
-    if users_db[admin_id]["access_level"] != "hush":
+    admin_query = supabase.table("users").select("access_level").eq("id", admin_id).execute()
+    if not admin_query.data or admin_query.data[0]["access_level"] != "hush":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions"
         )
 
-    user = users_db.get(user_id)
-    if not user:
+    update_data = {}
+    if request.password:
+        update_data["password"] = hash_password(request.password)
+    if request.email:
+        update_data["email"] = request.email
+    if request.username:
+        update_data["username"] = request.username
+
+    updated_user = supabase.table("users").update(update_data).eq("id", user_id).execute()
+    if not updated_user.data:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
         )
 
-    # Update only the fields provided in the request
-    if request.password:
-        user["password"] = hash_password(request.password)
-    if request.email:
-        user["email"] = request.email
-    if request.username:
-        user["username"] = request.username
-
-    users_db[user_id] = user
-    save_databases()
-    return {
-        "username": user["username"],
-        "email": user["email"],
-        "access_level": user["access_level"],
-        "date_joined": user["date_joined"],
-    }
+    user = updated_user.data[0]
+    return UserResponse(
+        username=user["username"],
+        email=user["email"],
+        access_level=user["access_level"],
+        date_joined=datetime.fromisoformat(user["date_joined"])
+    )
 
 @admin_router.put("/user/{user_id}/access-level")
-def update_access_level(admin_id: str, token: str, user_id: str, request: UpdateAccessLevelRequest, user_agent: str = Header(...)):
-    validate_token(admin_id, token, user_agent)
+async def update_access_level(admin_id: str, token: str, user_id: str, request: UpdateAccessLevelRequest, user_agent: str = Header(...)):
+    await validate_token(admin_id, token, user_agent)
 
-    if users_db[admin_id]["access_level"] != "hush":
+    admin_query = supabase.table("users").select("access_level").eq("id", admin_id).execute()
+    if not admin_query.data or admin_query.data[0]["access_level"] != "hush":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions"
         )
 
-    if user_id not in users_db:
+    user_query = supabase.table("users").select("*").eq("id", user_id).execute()
+    if not user_query.data:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
         )
 
-    user = users_db.get(user_id)
+    user = user_query.data[0]
     new_access_level = request.access_level
 
-    # Check if the user has the necessary access level to perform the upgrade
     if ACCESS_LEVELS.index(new_access_level) <= ACCESS_LEVELS.index(user["access_level"]):
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail="Cannot downgrade a user or change to the same level",
         )
 
-    user["access_level"] = new_access_level
-    users_db[user_id] = user
-    save_databases()
-
-    return {
-        "username": user["username"],
-        "email": user["email"],
-        "access_level": user["access_level"],
-        "date_joined": user["date_joined"],
-    }
+    updated_user = supabase.table("users").update({"access_level": new_access_level}).eq("id", user_id).execute()
+    user = updated_user.data[0]
+    return UserResponse(
+        username=user["username"],
+        email=user["email"],
+        access_level=user["access_level"],
+        date_joined=datetime.fromisoformat(user["date_joined"])
+    )
 
-# User Auth Routes
 @auth_router.put("/user/update", response_model=UserResponse)
-def update_own_data(user_id: str, request: UpdateUserRequest, token: str = Header(...), user_agent: str = Header(...)):
-    validate_token(user_id, token, user_agent)
+async def update_own_data(user_id: str, request: UpdateUserRequest, token: str = Header(...), user_agent: str = Header(...)):
+    await validate_token(user_id, token, user_agent)
 
-    user = users_db.get(user_id)
-    if not user:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
-        )
-
-    # Update only the fields provided in the request
+    update_data = {}
     if request.password:
-        user["password"] = hash_password(request.password)
+        update_data["password"] = hash_password(request.password)
     if request.email:
-        user["email"] = request.email
+        update_data["email"] = request.email
     if request.username:
-        user["username"] = request.username
+        update_data["username"] = request.username
 
-    users_db[user_id] = user
-    save_databases()
+    updated_user = supabase.table("users").update(update_data).eq("id", user_id).execute()
+    if not updated_user.data:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
+        )
 
-    return {
-        "username": user["username"],
-        "email": user["email"],
-        "access_level": user["access_level"],
-        "date_joined": user["date_joined"],
-    }
+    user = updated_user.data[0]
+    return UserResponse(
+        username=user["username"],
+        email=user["email"],
+        access_level=user["access_level"],
+        date_joined=datetime.fromisoformat(user["date_joined"])
+    )
 
 # Include routes
 app.include_router(auth_router)
 app.include_router(admin_router)
+
+# Initialize system user on startup
+@app.on_event("startup")
+async def startup_event():
+    await init_system_user()

requirements.txt

@@ -2,4 +2,5 @@ fastapi
 pydantic[email]
 user-agents
 python-dotenv
-uvicorn[standard]
+uvicorn[standard]
+supabase