feat:Added refresh token

src/auth/router.py

@@ -1,3 +1,4 @@
+import uuid
 from src.core.database import get_async_session
 from fastapi import APIRouter, Depends, HTTPException, status
 from jose import jwt, JWTError
@@ -5,11 +6,20 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlmodel import Session
 from sqlmodel.ext.asyncio.session import AsyncSession
 from src.auth.service import (
-    create_user_and_send_verification_email,
+    create_user,
     verify_email,
+    send_verification_link,
     login_user,
 )
-from .schemas import SignUpRequest, LoginRequest, BaseResponse
+from src.auth.utils import get_current_user
+from src.core.models import Users
+from src.core.config import settings
+from fastapi.responses import RedirectResponse
+from .schemas import SignUpRequest, LoginRequest, BaseResponse, SendVerificationRequest
+from fastapi.security import OAuth2PasswordRequestForm
+from src.auth.utils import create_access_token
+from jose import jwt, JWTError
+
 
 router = APIRouter(prefix="/auth", tags=["Auth"])
 
@@ -19,7 +29,7 @@ async def signup(
     payload: SignUpRequest, session: AsyncSession = Depends(get_async_session)
 ):
     try:
-        response = await create_user_and_send_verification_email(
+        response = await create_user(
             session, payload.name, payload.email, payload.password
         )
         return {"code": 200, "data": response}
@@ -27,12 +37,26 @@ async def signup(
         raise HTTPException(status_code=400, detail=str(e))
 
 
+@router.post("/send-verification", response_model=BaseResponse)
+async def send_verification(
+    payload: SendVerificationRequest, session: AsyncSession = Depends(get_async_session)
+):
+    if not payload.email:
+        raise HTTPException(status_code=400, detail="Email is required")
+
+    response = await send_verification_link(session, payload.email)
+    return {"code": 200, "data": response}
+
+
 @router.get("/verify-email", response_model=BaseResponse)
 async def verify_email_route(
     token: str, session: AsyncSession = Depends(get_async_session)
 ):
     response = await verify_email(session, token)
-    return {"code": 200, "data": response}
+    access_token = response["access_token"]
+    redirect_url = f"yuvabe://verified?token={access_token}"
+
+    return {"code": 200, "data": response} , RedirectResponse(url=redirect_url)
 
 
 @router.post("/login", response_model=BaseResponse)
@@ -41,3 +65,59 @@ async def login(
 ):
     response = await login_user(session, payload.email, payload.password)
     return {"code": 200, "data": response}
+
+
+@router.post("/refresh", response_model=BaseResponse)
+async def refresh_token(request: dict):
+    """Generate new access token using refresh token"""
+    refresh_token = request.get("refresh_token")
+    if not refresh_token:
+        raise HTTPException(status_code=400, detail="Refresh token is required")
+
+    try:
+        payload = jwt.decode(
+            refresh_token, settings.SECRET_KEY, algorithms=[settings.JWT_ALGORITHM]
+        )
+        if payload.get("type") != "refresh":
+            raise HTTPException(status_code=400, detail="Invalid refresh token")
+
+        user_data = {
+            "sub": payload["sub"],
+            "name": payload.get("name"),
+            "email": payload.get("email"),
+        }
+        new_access_token = create_access_token(data=user_data)
+        return {"code": 200, "data": {"access_token": new_access_token}}
+
+    except JWTError:
+        raise HTTPException(status_code=401, detail="Invalid or expired refresh token")
+
+
+@router.get("/home", response_model=BaseResponse)
+async def get_home(
+    user_id: str = Depends(get_current_user),
+    session: AsyncSession = Depends(get_async_session),
+):
+    """
+    Protected home endpoint. Requires a valid access token (Bearer).
+    """
+    user = await session.get(Users, uuid.UUID(user_id))
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    # Example payload — replace with your real app data
+    return {
+        "code": 200,
+        "data": {
+            "message": f"Welcome to Home, {user.user_name}!",
+            "user": {
+                "id": str(user.id),
+                "name": user.user_name,
+                "email": user.email_id,
+            },
+            "home_data": {
+                "announcements": ["Welcome!", "New protocol released"],
+                "timestamp": user.created_at.isoformat() if user.created_at else None,
+            },
+        },
+    }

src/auth/schemas.py

@@ -1,4 +1,4 @@
-from pydantic import BaseModel
+from pydantic import BaseModel ,EmailStr
 from typing import Optional, Union, Dict
 
 
@@ -17,6 +17,9 @@ class LoginRequest(BaseModel):
     email: str
     password: str
 
+class SendVerificationRequest(BaseModel):
+    email: EmailStr
+
 
 class UserResponse(BaseModel):
     id: str

src/auth/service.py

@@ -2,6 +2,7 @@ import uuid
 from src.auth.utils import (
     # send_otp_email,
     verify_password,
+    create_refresh_token,
     verify_verification_token,
     create_access_token,
     hash_password,
@@ -11,11 +12,11 @@ from src.auth.utils import (
 from src.core.models import Users
 from sqlmodel import Session, select
 from fastapi import HTTPException
+from sqlmodel.ext.asyncio.session import AsyncSession
 
 
-async def create_user_and_send_verification_email(
-    session: Session, name: str, email: str, password: str
-):
+async def create_user(session: AsyncSession, name: str, email: str, password: str):
+    """Create user without sending email"""
     user = await session.exec(select(Users).where(Users.email_id == email))
     existing_user = user.first()
     if existing_user:
@@ -27,17 +28,61 @@ async def create_user_and_send_verification_email(
         password=hash_password(password),
         is_verified=False,
     )
+
     session.add(new_user)
+    await session.commit()
+    await session.refresh(new_user)
 
-    # Create encrypted token using Fernet
-    token = create_verification_token(str(new_user.id))
-    
+    access_token = create_access_token(
+        data={
+            "sub": str(new_user.id),
+            "name": new_user.user_name,
+            "email": new_user.email_id,
+        }
+    )
 
-    # Send email
-    send_verification_email(email, token)
-    await session.commit()
+    refresh_token = create_refresh_token(
+        data={
+            "sub": str(new_user.id),
+            "name": new_user.user_name,
+            "email": new_user.email_id,
+        }
+    )
+
+    return {
+        "message": "User created successfully",
+        "user_id": str(new_user.id),
+        "access_token": access_token,
+        "refresh_token": refresh_token,
+    }
+
+
+async def send_verification_link(session: Session, email: str):
+    """Send verification email for an existing user."""
+    result = await session.exec(select(Users).where(Users.email_id == email))
+    user = result.first()
+
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    if user.is_verified:
+        raise HTTPException(status_code=400, detail="User is already verified")
+
+    # Create a token using existing user ID (opaque token)
+    token = create_verification_token(str(user.id))
+
+    try:
+        send_verification_email(email, token)
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"Failed to send verification email: {str(e)}"
+        )
 
-    return {"message": "Verification email sent. Please check your inbox."}
+    return {
+        "message": "Verification link sent successfully",
+        "user_id": str(user.id),
+        "email": user.email_id,
+    }
 
 
 async def verify_email(session: Session, token: str):
@@ -50,13 +95,24 @@ async def verify_email(session: Session, token: str):
     if not user:
         raise HTTPException(status_code=404, detail="User not found")
 
-    if user.is_verified:
-        return {"message": "Email already verified"}
+    if not user.is_verified:
+        user.is_verified = True
+        await session.commit()
 
-    user.is_verified = True
-    await session.commit()
+    access_token = create_access_token(
+        data={"sub": str(user.id), "name": user.user_name, "email": user.email_id}
+    )
 
-    return {"message": "Email verified successfully!"}
+    refresh_token = create_refresh_token(
+        data={"sub": str(user.id), "name": user.user_name, "email": user.email_id}
+    )
+
+    return {
+        "message": "Email verified successfully!",
+        "access_token": access_token,
+        "refresh_token": refresh_token,
+        "token_type": "bearer",
+    }
 
 
 async def login_user(session: Session, email: str, password: str):
@@ -70,16 +126,19 @@ async def login_user(session: Session, email: str, password: str):
         raise HTTPException(status_code=400, detail="Invalid email or password")
 
     if not user.is_verified:
-        raise HTTPException(
-            status_code=403, detail="Please verify your email before logging in"
-        )
+        print(f"⚠️ User {user.email_id} logged in but not verified.")
 
     access_token = create_access_token(
         data={"sub": str(user.id), "name": user.user_name, "email": user.email_id}
     )
 
+    refresh_token = create_refresh_token(
+        data={"sub": str(user.id), "name": user.user_name, "email": user.email_id}
+    )
+
     return {
         "access_token": access_token,
+        "refresh_token": refresh_token,
         "token_type": "bearer",
         "user": {
             "id": str(user.id),

src/auth/utils.py

@@ -4,13 +4,15 @@ import os
 import uuid
 from email.mime.text import MIMEText
 from passlib.context import CryptContext
+from src.core.database import get_async_session
+from sqlmodel.ext.asyncio.session import AsyncSession
 from jose import jwt, JWTError
-from fastapi.security import OAuth2PasswordBearer
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from datetime import datetime, timedelta
 from cryptography.fernet import Fernet, InvalidToken
 from fastapi import Depends, HTTPException, status
-from src.core.config import settings 
-
+from src.core.models import Users
+from src.core.config import settings
 
 
 SECRET_KEY = settings.SECRET_KEY
@@ -26,7 +28,6 @@ FERNET_KEY = settings.FERNET_KEY
 VERIFICATION_BASE_URL = settings.VERIFICATION_BASE_URL
 
 
-
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
 
@@ -40,7 +41,6 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
     return pwd_context.verify(plain_password, hashed_password)
 
 
-
 def create_access_token(data: dict):
     """Create JWT token with expiry"""
     to_encode = data.copy()
@@ -50,7 +50,6 @@ def create_access_token(data: dict):
     return encoded_jwt
 
 
-
 def send_verification_email(to_email: str, token: str):
     """Send email with verification link"""
     subject = f"Verify your {settings.APP_NAME} Account"
@@ -69,14 +68,12 @@ def send_verification_email(to_email: str, token: str):
     msg["From"] = SMTP_EMAIL
     msg["To"] = to_email
 
-    
     with smtplib.SMTP(SMTP_SERVER, SMTP_PORT) as server:
         server.starttls()
         server.login(SMTP_EMAIL, SMTP_PASSWORD)
         server.send_message(msg)
 
 
-
 fernet = Fernet(FERNET_KEY.encode())
 
 
@@ -106,21 +103,54 @@ async def verify_verification_token(token: str) -> str:
         raise ValueError("Invalid verification link")
 
 
+bearer_scheme = HTTPBearer()
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/login")
 
-
-def get_current_user(token: str = Depends(oauth2_scheme)):
+def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Depends(bearer_scheme),
+):
     """Decode JWT token and extract current user ID"""
+    token = credentials.credentials
+
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
         user_id: str = payload.get("sub")
+
         if user_id is None:
             raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid token: missing user id",
             )
         return user_id
+
     except JWTError:
         raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or expired token",
+        )
+
+
+async def get_current_active_user(
+    session: AsyncSession = Depends(get_async_session),
+    user_id: str = Depends(get_current_user),
+) -> Users:
+    """Return the full user model for the currently authenticated user."""
+    user = await session.get(Users, uuid.UUID(user_id))
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
+        )
+    if not user.is_verified:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN, detail="User not verified"
         )
+    return user
+
+
+def create_refresh_token(data: dict, expires_days: int = 7):
+    """Create a long-lived JWT refresh token"""
+    to_encode = data.copy()
+    expire = datetime.utcnow() + timedelta(days=expires_days)
+    to_encode.update({"exp": expire, "type": "refresh"})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt