ref

core/dependencies/__init__.py

@@ -0,0 +1,14 @@
+"""
+Core Dependencies
+
+FastAPI dependencies for authentication, authorization, and rate limiting.
+Re-exports all dependency functions for backward compatibility.
+"""
+from .auth import get_current_user, get_optional_user
+from .rate_limit import check_rate_limit
+
+__all__ = [
+    "get_current_user",
+    "get_optional_user",
+    "check_rate_limit",
+]

dependencies.py → core/dependencies/auth.py

@@ -1,14 +1,16 @@
+"""
+Authentication Dependencies
+
+FastAPI dependencies for user authentication and authorization.
+"""
 import logging
-from datetime import datetime, timedelta
-from typing import Optional, Tuple, Union
-import ipaddress
-import httpx
+from typing import Optional
 from fastapi import Request, Depends, HTTPException, status
-from sqlalchemy import select, and_
+from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from core.database import get_db
-from core.models import User, RateLimit
+from core.models import User
 from services.auth_service.jwt_provider import (
     verify_access_token,
     TokenExpiredError,
@@ -18,56 +20,6 @@ from services.auth_service.jwt_provider import (
 
 logger = logging.getLogger(__name__)
 
-# Geolocation API settings
-GEOLOCATION_API_URL = "http://ip-api.com/json/{ip}?fields=status,country,regionName"
-GEOLOCATION_TIMEOUT = 2.0  # seconds
-
-async def check_rate_limit(
-    db: AsyncSession,
-    identifier: str,
-    endpoint: str,
-    limit: int,
-    window_minutes: int
-) -> bool:
-    """
-    Check if request is within rate limits.
-    Returns True if allowed, False if limit exceeded.
-    """
-    now = datetime.utcnow()
-    window_start = now - timedelta(minutes=window_minutes)
-    
-    # Check existing limit (get most recent if multiple exist)
-    query = select(RateLimit).where(
-        and_(
-            RateLimit.identifier == identifier,
-            RateLimit.endpoint == endpoint,
-            RateLimit.window_start >= window_start
-        )
-    ).order_by(RateLimit.window_start.desc())
-    result = await db.execute(query)
-    rate_limit = result.scalars().first()
-    
-    if rate_limit:
-        if rate_limit.attempts >= limit:
-            return False
-        
-        # Increment attempts
-        rate_limit.attempts += 1
-        await db.commit()
-        return True
-    else:
-        # Create new rate limit record
-        new_limit = RateLimit(
-            identifier=identifier,
-            endpoint=endpoint,
-            attempts=1,
-            window_start=now,
-            expires_at=now + timedelta(minutes=window_minutes)
-        )
-        db.add(new_limit)
-        await db.commit()
-        return True
-
 
 async def get_current_user(
     req: Request,
@@ -205,86 +157,3 @@ async def get_optional_user(
         return None
     
     return user
-
-
-# =============================================================================
-# LEGACY CREDIT VERIFICATION - DEPRECATED
-# =============================================================================
-# These functions are NO LONGER USED.
-# Credit operations are now handled automatically by CreditMiddleware.
-# Keeping these commented for reference during migration.
-# =============================================================================
-
-# async def verify_credits(
-#     user: User = Depends(get_current_user),
-#     db: AsyncSession = Depends(get_db)
-# ) -> User:
-#     """
-#     DEPRECATED: Credit verification is now handled by CreditMiddleware.
-#     This function manually deducted credits, which bypassed the transaction system.
-#     """
-#     if user.credits <= 0:
-#         raise HTTPException(
-#             status_code=status.HTTP_402_PAYMENT_REQUIRED,
-#             detail="Insufficient credits. Please purchase more credits."
-#         )
-#     
-#     user.credits -= 1
-#     user.last_used_at = datetime.utcnow()
-#     await db.commit()
-#     
-#     logger.debug(f"Deducted 1 credit from user {user.user_id}. Remaining: {user.credits}")
-#     return user
-
-
-# async def verify_video_credits(
-#     user: User = Depends(get_current_user),
-#     db: AsyncSession = Depends(get_db)
-# ) -> User:
-#     """
-#     DEPRECATED: Video credit verification is now handled by CreditMiddleware.
-#     This function manually deducted credits, which bypassed the transaction system.
-#     """
-#     cost = 10
-#     if user.credits < cost:
-#         raise HTTPException(
-#             status_code=status.HTTP_402_PAYMENT_REQUIRED,
-#             detail=f"Insufficient credits. Video generation requires {cost} credits."
-#         )
-#     
-#     user.credits -= cost
-#     user.last_used_at = datetime.utcnow()
-#     await db.commit()
-#     
-#     logger.debug(f"Deducted {cost} credits from user {user.user_id} for video generation. Remaining: {user.credits}")
-#     return user
-
-
-async def get_geolocation(ip_address: str) -> Tuple[Optional[str], Optional[str]]:
-    """
-    Get country and region for an IP address using ip-api.com.
-    
-    Args:
-        ip_address: IPv4 or IPv6 address
-        
-    Returns:
-        Tuple of (country, region) or (None, None) if lookup fails
-    """
-    if not ip_address:
-        return None, None
-    
-    # Skip geolocation for localhost/private IPs
-    if ip_address in ("127.0.0.1", "::1", "localhost") or ip_address.startswith(("192.168.", "10.", "172.")):
-        return None, None
-    
-    try:
-        async with httpx.AsyncClient(timeout=GEOLOCATION_TIMEOUT) as client:
-            response = await client.get(GEOLOCATION_API_URL.format(ip=ip_address))
-            if response.status_code == 200:
-                data = response.json()
-                if data.get("status") == "success":
-                    return data.get("country"), data.get("regionName")
-    except Exception as e:
-        logger.warning(f"Geolocation lookup failed for {ip_address}: {e}")
-    
-    return None, None

core/dependencies/rate_limit.py

@@ -0,0 +1,60 @@
+"""
+Rate Limiting Dependencies
+
+Functions for checking and enforcing rate limits on API endpoints.
+"""
+import logging
+from datetime import datetime, timedelta
+from sqlalchemy import select, and_
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from core.models import RateLimit
+
+logger = logging.getLogger(__name__)
+
+
+async def check_rate_limit(
+    db: AsyncSession,
+    identifier: str,
+    endpoint: str,
+    limit: int,
+    window_minutes: int
+) -> bool:
+    """
+    Check if request is within rate limits.
+    Returns True if allowed, False if limit exceeded.
+    """
+    now = datetime.utcnow()
+    window_start = now - timedelta(minutes=window_minutes)
+    
+    # Check existing limit (get most recent if multiple exist)
+    query = select(RateLimit).where(
+        and_(
+            RateLimit.identifier == identifier,
+            RateLimit.endpoint == endpoint,
+            RateLimit.window_start >= window_start
+        )
+    ).order_by(RateLimit.window_start.desc())
+    result = await db.execute(query)
+    rate_limit = result.scalars().first()
+    
+    if rate_limit:
+        if rate_limit.attempts >= limit:
+            return False
+        
+        # Increment attempts
+        rate_limit.attempts += 1
+        await db.commit()
+        return True
+    else:
+        # Create new rate limit record
+        new_limit = RateLimit(
+            identifier=identifier,
+            endpoint=endpoint,
+            attempts=1,
+            window_start=now,
+            expires_at=now + timedelta(minutes=window_minutes)
+        )
+        db.add(new_limit)
+        await db.commit()
+        return True

core/utils/__init__.py

@@ -0,0 +1,8 @@
+"""
+Core Utilities
+
+Utility functions for the application.
+"""
+from .geolocation import get_geolocation
+
+__all__ = ["get_geolocation"]

core/utils/geolocation.py

@@ -0,0 +1,44 @@
+"""
+Geolocation Utilities
+
+Utilities for IP address geolocation lookup.
+"""
+import logging
+from typing import Tuple, Optional
+import httpx
+
+logger = logging.getLogger(__name__)
+
+# Geolocation API settings
+GEOLOCATION_API_URL = "http://ip-api.com/json/{ip}?fields=status,country,regionName"
+GEOLOCATION_TIMEOUT = 2.0  # seconds
+
+
+async def get_geolocation(ip_address: str) -> Tuple[Optional[str], Optional[str]]:
+    """
+    Get country and region for an IP address using ip-api.com.
+    
+    Args:
+        ip_address: IPv4 or IPv6 address
+        
+    Returns:
+        Tuple of (country, region) or (None, None) if lookup fails
+    """
+    if not ip_address:
+        return None, None
+    
+    # Skip geolocation for localhost/private IPs
+    if ip_address in ("127.0.0.1", "::1", "localhost") or ip_address.startswith(("192.168.", "10.", "172.")):
+        return None, None
+    
+    try:
+        async with httpx.AsyncClient(timeout=GEOLOCATION_TIMEOUT) as client:
+            response = await client.get(GEOLOCATION_API_URL.format(ip=ip_address))
+            if response.status_code == 200:
+                data = response.json()
+                if data.get("status") == "success":
+                    return data.get("country"), data.get("regionName")
+    except Exception as e:
+        logger.warning(f"Geolocation lookup failed for {ip_address}: {e}")
+    
+    return None, None

routers/auth.py

@@ -36,7 +36,7 @@ from services.auth_service.jwt_provider import (
     get_jwt_service,
     InvalidTokenError as JWTInvalidTokenError,
 )
-from dependencies import check_rate_limit, get_current_user
+from core.dependencies import check_rate_limit, get_current_user
 from services.drive_service import DriveService
 from services.audit_service import AuditService
 

routers/blink.py

@@ -11,7 +11,7 @@ import logging
 from core.database import get_db
 from core.models import User, GeminiJob, Contact, ClientUser
 from services.encryption_service import decrypt_multiple_blocks
-from dependencies import get_geolocation
+from core.utils import get_geolocation
 
 logger = logging.getLogger(__name__)
 

tests/test_auth_router.py

@@ -401,7 +401,7 @@ class TestGetCurrentUserInfo:
         """GET /me returns authenticated user info."""
         from routers.auth import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.models import User
         
         app = FastAPI()
@@ -655,7 +655,7 @@ class TestLogout:
         """Logout increments user's token version."""
         from routers.auth import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         from core.models import User
         
@@ -688,7 +688,7 @@ class TestLogout:
         """Logout deletes refresh token cookie."""
         from routers.auth import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         from core.models import User
         

tests/test_dependencies.py

@@ -24,7 +24,7 @@ class TestGetCurrentUser:
     @pytest.mark.asyncio
     async def test_valid_token_returns_user(self, db_session):
         """Valid JWT token returns authenticated user."""
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.models import User
         
         # Create user
@@ -51,7 +51,7 @@ class TestGetCurrentUser:
     @pytest.mark.asyncio
     async def test_missing_auth_header_raises_401(self, db_session):
         """Missing Authorization header raises 401."""
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         
         mock_request = MagicMock(spec=Request)
         mock_request.headers.get.return_value = None
@@ -64,7 +64,7 @@ class TestGetCurrentUser:
     @pytest.mark.asyncio
     async def test_invalid_header_format_raises_401(self, db_session):
         """Invalid Authorization header format raises 401."""
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         
         mock_request = MagicMock(spec=Request)
         mock_request.headers.get.return_value = "InvalidFormat token123"
@@ -77,7 +77,7 @@ class TestGetCurrentUser:
     @pytest.mark.asyncio
     async def test_expired_token_raises_401(self, db_session):
         """Expired JWT token raises 401."""
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from services.auth_service.jwt_provider import TokenExpiredError
         
         mock_request = MagicMock(spec=Request)
@@ -94,7 +94,7 @@ class TestGetCurrentUser:
     @pytest.mark.asyncio
     async def test_invalid_token_raises_401(self, db_session):
         """Invalid JWT token raises 401."""
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from services.auth_service.jwt_provider import InvalidTokenError
         
         mock_request = MagicMock(spec=Request)
@@ -111,7 +111,7 @@ class TestGetCurrentUser:
     @pytest.mark.asyncio
     async def test_token_version_mismatch_raises_401(self, db_session):
         """Mismatched token version (after logout) raises 401."""
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.models import User
         
         # User has token_version=2 (logged out)
@@ -147,7 +147,7 @@ class TestRateLimitDependency:
     @pytest.mark.asyncio
     async def test_rate_limit_function_exists(self, db_session):
         """check_rate_limit function is accessible."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         result = await check_rate_limit(
             db=db_session,
@@ -171,7 +171,7 @@ class TestGeolocation:
     @pytest.mark.asyncio
     async def test_geolocation_with_valid_ip(self):
         """Get geolocation for valid IP address."""
-        from dependencies import get_geolocation
+        from core.utils import get_geolocation
         
         with patch('dependencies.httpx.AsyncClient') as mock_client:
             # Mock API response
@@ -193,7 +193,7 @@ class TestGeolocation:
     @pytest.mark.asyncio
     async def test_geolocation_with_invalid_ip(self):
         """Handle invalid IP gracefully."""
-        from dependencies import get_geolocation
+        from core.utils import get_geolocation
         
         country, region = await get_geolocation("invalid_ip")
         
@@ -204,7 +204,7 @@ class TestGeolocation:
     @pytest.mark.asyncio
     async def test_geolocation_with_none_ip(self):
         """Handle None IP gracefully."""
-        from dependencies import get_geolocation
+        from core.utils import get_geolocation
         
         country, region = await get_geolocation(None)
         
@@ -214,7 +214,7 @@ class TestGeolocation:
     @pytest.mark.asyncio
     async def test_geolocation_api_failure(self):
         """Handle API failure gracefully."""
-        from dependencies import get_geolocation
+        from core.utils import get_geolocation
         
         with patch('dependencies.httpx.AsyncClient') as mock_client:
             # Mock API failure

tests/test_gemini_router.py

@@ -218,7 +218,7 @@ class TestJobStatusEndpoint:
         """Return 404 for non-existent job."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -248,7 +248,7 @@ class TestJobStatusEndpoint:
         """Return queued status with position."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -291,7 +291,7 @@ class TestJobStatusEndpoint:
         """Return completed status with output."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -331,7 +331,7 @@ class TestJobStatusEndpoint:
         """Return failed status with error."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -392,7 +392,7 @@ class TestDownloadEndpoint:
         """Return 404 for non-existent job."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -420,7 +420,7 @@ class TestDownloadEndpoint:
         """Return 400 if video not ready."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -476,7 +476,7 @@ class TestCancelEndpoint:
         """Return 404 for non-existent job."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -504,7 +504,7 @@ class TestCancelEndpoint:
         """Only queued jobs can be cancelled."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -537,7 +537,7 @@ class TestCancelEndpoint:
         """Successfully cancel a queued job."""
         from routers.gemini import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()

tests/test_payments_router.py

@@ -163,7 +163,7 @@ class TestCreateOrder:
         """Reject invalid package_id."""
         from routers.payments import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         
         app = FastAPI()
         
@@ -189,7 +189,7 @@ class TestCreateOrder:
         """Return 503 if Razorpay not configured."""
         from routers.payments import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         
         app = FastAPI()
         
@@ -241,7 +241,7 @@ class TestVerifyPayment:
         """Return 404 for unknown transaction."""
         from routers.payments import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -395,7 +395,7 @@ class TestPaymentHistory:
         """History returns empty list for user with no transactions."""
         from routers.payments import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()
@@ -433,7 +433,7 @@ class TestPaymentHistory:
         """History respects pagination parameters."""
         from routers.payments import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         
         app = FastAPI()

tests/test_rate_limiting.py

@@ -26,7 +26,7 @@ class TestRateLimitBasics:
     @pytest.mark.asyncio
     async def test_first_request_allowed(self, db_session):
         """First request within limit is allowed."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         result = await check_rate_limit(
             db=db_session,
@@ -41,7 +41,7 @@ class TestRateLimitBasics:
     @pytest.mark.asyncio
     async def test_within_limit_allowed(self, db_session):
         """Requests within limit are allowed."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         # Make 3 requests (limit is 5)
         for i in range(3):
@@ -57,7 +57,7 @@ class TestRateLimitBasics:
     @pytest.mark.asyncio
     async def test_exceed_limit_blocked(self, db_session):
         """Requests exceeding limit are blocked."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         # Make exactly limit requests
         for i in range(5):
@@ -91,7 +91,7 @@ class TestWindowBasedLimiting:
     @pytest.mark.asyncio
     async def test_rate_limit_creates_window(self, db_session):
         """Rate limit creates time window entry."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         from core.models import RateLimit
         
         await check_rate_limit(
@@ -115,7 +115,7 @@ class TestWindowBasedLimiting:
     @pytest.mark.asyncio
     async def test_attempts_increment_in_window(self, db_session):
         """Attempts increment within same window."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         from core.models import RateLimit
         
         identifier = "10.10.10.10"
@@ -153,7 +153,7 @@ class TestPerIPAndEndpoint:
     @pytest.mark.asyncio
     async def test_different_ips_separate_limits(self, db_session):
         """Different IPs have separate rate limits."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         # IP 1 makes 5 requests
         for i in range(5):
@@ -188,7 +188,7 @@ class TestPerIPAndEndpoint:
     @pytest.mark.asyncio
     async def test_different_endpoints_separate_limits(self, db_session):
         """Same IP has separate limits for different endpoints."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         ip = "203.0.113.50"
         
@@ -233,7 +233,7 @@ class TestRateLimitExpiry:
     @pytest.mark.asyncio
     async def test_rate_limit_has_expiry(self, db_session):
         """Rate limit entry has expiry time."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         from core.models import RateLimit
         
         await check_rate_limit(
@@ -266,7 +266,7 @@ class TestRateLimitEdgeCases:
     @pytest.mark.asyncio
     async def test_zero_limit_blocks_all(self, db_session):
         """Limit of 0 blocks all requests."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         # First request with limit=0 should be blocked
         result = await check_rate_limit(
@@ -296,7 +296,7 @@ class TestRateLimitEdgeCases:
     @pytest.mark.asyncio
     async def test_limit_of_one(self, db_session):
         """Limit of 1 allows only first request."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         result1 = await check_rate_limit(
             db=db_session,
@@ -319,7 +319,7 @@ class TestRateLimitEdgeCases:
     @pytest.mark.asyncio
     async def test_very_short_window(self, db_session):
         """Very short time window works correctly."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         # 1 minute window
         result = await check_rate_limit(
@@ -335,7 +335,7 @@ class TestRateLimitEdgeCases:
     @pytest.mark.asyncio
     async def test_long_window(self, db_session):
         """Long time window works correctly."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         
         # 24 hour window
         result = await check_rate_limit(
@@ -359,7 +359,7 @@ class TestRateLimitPersistence:
     @pytest.mark.asyncio
     async def test_rate_limit_persists(self, db_session):
         """Rate limit data persists across checks."""
-        from dependencies import check_rate_limit
+        from core.dependencies import check_rate_limit
         from core.models import RateLimit
         
         identifier = "192.168.1.99"

tests/test_token_expiry_integration.py

@@ -197,7 +197,7 @@ class TestTokenVersioning:
         """Logout increments version, invalidating all existing tokens."""
         from routers.auth import router
         from fastapi import FastAPI
-        from dependencies import get_current_user
+        from core.dependencies import get_current_user
         from core.database import get_db
         from core.models import User
         from services.auth_service.jwt_provider import create_access_token, create_refresh_token