File size: 9,429 Bytes
894fa47 2c988f5 894fa47 2c988f5 894fa47 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 | """
Authentication API endpoints using Supabase.
Handles user signup, login, and session management.
"""
from fastapi import APIRouter, HTTPException, status, Depends
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from pydantic import BaseModel
from app.database.supabase_client import get_supabase_client
from app.database.database import get_db
from sqlalchemy.orm import Session
import logging
logger = logging.getLogger(__name__)
# Import schemas if they exist
try:
from app.schemas.user import UserCreate, UserLogin, UserResponse
except ImportError:
# Fallback models if schemas don't exist
class UserCreate(BaseModel):
full_name: str
email: str
password: str
class UserLogin(BaseModel):
email: str
password: str
class UserResponse(BaseModel):
id: str
email: str
full_name: Optional[str] = None
created_at: Optional[str] = None
last_sign_in_at: Optional[str] = None
class Config:
from_attributes = True
from typing import Optional
router = APIRouter(prefix="/auth", tags=["Authentication"])
security = HTTPBearer()
class TokenResponse(BaseModel):
"""Authentication response with token."""
access_token: str
token_type: str = "bearer"
refresh_token: str
user: dict # Simplified to dict for flexibility
expires_in: int = 3600
@router.post("/signup", response_model=TokenResponse, status_code=status.HTTP_201_CREATED)
async def signup(
user_data: UserCreate,
db: Session = Depends(get_db)
):
"""
Register a new user with Supabase Auth.
Process:
1. Create user in Supabase Auth (handles password hashing automatically)
2. Return access token and user info
Args:
user_data: User signup data (full_name, email, password)
db: Database session
Returns:
TokenResponse with access token and user info
Raises:
HTTPException 400: If email already registered
HTTPException 500: If signup fails
"""
supabase = get_supabase_client()
try:
# Normalize email to lowercase
email = user_data.email.strip().lower()
password = user_data.password.strip()
full_name = user_data.full_name.strip()
logger.info(f"[SIGNUP] Attempting to register: {email}")
# Sign up user with Supabase Auth
auth_response = supabase.auth.sign_up({
"email": email,
"password": password,
"options": {
"data": {
"full_name": full_name
}
}
})
if not auth_response.user:
logger.error(f"[SIGNUP] User creation failed for {email}")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="User registration failed. Email may already be registered."
)
user = auth_response.user
session = auth_response.session
# Check if email confirmation is required
if not session:
logger.warning(f"[SIGNUP] Email confirmation required for {email}")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Signup successful! Please check your email to confirm your account."
)
# Prepare user response
user_response = {
"id": user.id,
"email": user.email,
"full_name": user.user_metadata.get("full_name") if user.user_metadata else full_name,
"created_at": str(user.created_at) if user.created_at else None,
"last_sign_in_at": str(user.last_sign_in_at) if user.last_sign_in_at else None
}
logger.info(f"[SIGNUP] User registered: {email}")
return TokenResponse(
access_token=session.access_token,
token_type="bearer",
refresh_token=session.refresh_token,
user=user_response,
expires_in=session.expires_in
)
except HTTPException:
raise
except Exception as e:
error_str = str(e).lower()
logger.error(f"[SIGNUP] Error: {e}")
# Check for duplicate email error
if "already registered" in error_str or "duplicate" in error_str or "user already exists" in error_str:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered"
)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Signup failed: {str(e)}"
)
@router.post("/login", response_model=TokenResponse)
async def login(
credentials: UserLogin,
db: Session = Depends(get_db)
):
"""
Authenticate user and return session token.
Process:
1. Authenticate with Supabase Auth
2. Supabase verifies password automatically
3. Return access token and user info
Args:
credentials: Login credentials (email, password)
db: Database session
Returns:
TokenResponse with access token and user info
Raises:
HTTPException 401: If credentials are invalid
"""
supabase = get_supabase_client()
try:
# Normalize email to lowercase
email = credentials.email.strip().lower()
password = credentials.password.strip()
logger.info(f"[LOGIN] Attempting login for: {email}")
# Sign in with Supabase Auth
auth_response = supabase.auth.sign_in_with_password({
"email": email,
"password": password
})
if not auth_response.user or not auth_response.session:
logger.error(f"[LOGIN] Failed login attempt for: {email}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid email or password"
)
user = auth_response.user
session = auth_response.session
# Prepare user response
user_response = {
"id": user.id,
"email": user.email,
"full_name": user.user_metadata.get("full_name") if user.user_metadata else None,
"created_at": str(user.created_at) if user.created_at else None,
"last_sign_in_at": str(user.last_sign_in_at) if user.last_sign_in_at else None
}
logger.info(f"[LOGIN] Successful login for: {email}")
return TokenResponse(
access_token=session.access_token,
token_type="bearer",
refresh_token=session.refresh_token,
user=user_response,
expires_in=session.expires_in
)
except HTTPException:
raise
except Exception as e:
logger.error(f"[LOGIN] Error: {e}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid email or password"
)
@router.post("/logout")
async def logout(
credentials: HTTPAuthorizationCredentials = Depends(security)
):
"""
Log out current user.
Note: JWT tokens are stateless, so logout is client-side by removing token.
This endpoint is for server-side invalidation if needed.
Returns:
Success message
"""
supabase = get_supabase_client()
try:
token = credentials.credentials
logger.info("[LOGOUT] User logging out")
supabase.auth.sign_out(token)
return {"message": "Logged out successfully"}
except Exception as e:
logger.warning(f"[LOGOUT] Error (continuing): {e}")
# Return success even if sign_out fails
return {"message": "Logged out successfully"}
@router.get("/me", response_model=dict)
async def get_current_user(
credentials: HTTPAuthorizationCredentials = Depends(security)
):
"""
Get current user information from token.
Args:
credentials: Bearer token from Authorization header
Returns:
User info
Raises:
HTTPException 401: If token is invalid
"""
supabase = get_supabase_client()
try:
token = credentials.credentials
logger.info("[GET_USER] Fetching current user")
# Get user from token
user_response = supabase.auth.get_user(token)
if not user_response or not user_response.user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired token"
)
user = user_response.user
return {
"id": user.id,
"email": user.email,
"full_name": user.user_metadata.get("full_name") if user.user_metadata else None,
"created_at": str(user.created_at) if user.created_at else None,
"last_sign_in_at": str(user.last_sign_in_at) if user.last_sign_in_at else None
}
except HTTPException:
raise
except Exception as e:
logger.error(f"[GET_USER] Error: {e}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired token"
) |