Spaces:
Runtime error
Runtime error
File size: 3,711 Bytes
04a921d | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 | """FastAPI application entry point."""
from contextlib import asynccontextmanager
from typing import AsyncGenerator
from fastapi import FastAPI, Request, status
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import JSONResponse
from pydantic import ValidationError
from src.api.auth import router as auth_router
from src.api.tasks import router as tasks_router
from src.config import get_settings
from src.database import init_db
from src.schemas.error import ErrorCode, ErrorResponse
settings = get_settings()
@asynccontextmanager
async def lifespan(_app: FastAPI) -> AsyncGenerator[None, None]:
"""Application lifespan events."""
# Startup: initialize database
await init_db()
yield
# Shutdown: cleanup if needed
app = FastAPI(
title="Todo App API",
description="""
Full-Stack Web Todo Application REST API.
## Features
* **Authentication** - JWT-based user registration and login
* **Tasks** - Full CRUD operations for todo items
* **Pagination** - Efficient list pagination for tasks
* **Filtering** - Filter tasks by completion status
## Authentication
All task endpoints require authentication. Include the JWT token in the Authorization header:
```
Authorization: Bearer <your-token>
```
Tokens are valid for 7 days after login.
""",
version="1.0.0",
lifespan=lifespan,
docs_url="/docs",
redoc_url="/redoc",
openapi_url="/openapi.json",
openapi_tags=[
{
"name": "Authentication",
"description": "User registration, login, and session management",
},
{
"name": "Tasks",
"description": "CRUD operations for todo items",
},
],
)
# Configure CORS
app.add_middleware(
CORSMiddleware,
allow_origins=settings.cors_origins_list,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# Security headers middleware
@app.middleware("http")
async def add_security_headers(request: Request, call_next):
"""Add security headers to all responses."""
response = await call_next(request)
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["X-Frame-Options"] = "DENY"
response.headers["X-XSS-Protection"] = "1; mode=block"
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
return response
@app.exception_handler(ValidationError)
async def validation_exception_handler(
_request: Request,
exc: ValidationError,
) -> JSONResponse:
"""Handle Pydantic validation errors."""
details = {}
for error in exc.errors():
field = ".".join(str(loc) for loc in error["loc"])
details[field] = error["msg"]
return JSONResponse(
status_code=status.HTTP_400_BAD_REQUEST,
content=ErrorResponse(
code=ErrorCode.VALIDATION_ERROR,
message="Invalid input data",
details=details,
).model_dump(),
)
@app.exception_handler(Exception)
async def general_exception_handler(
_request: Request,
exc: Exception,
) -> JSONResponse:
"""Handle uncaught exceptions."""
if settings.debug:
message = str(exc)
else:
message = "An unexpected error occurred"
return JSONResponse(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
content=ErrorResponse(
code=ErrorCode.INTERNAL_ERROR,
message=message,
).model_dump(),
)
# Register API routers
app.include_router(auth_router, prefix="/api")
app.include_router(tasks_router, prefix="/api")
@app.get("/health")
async def health_check() -> dict[str, str]:
"""Health check endpoint."""
return {"status": "healthy"}
|