5b55eedd2b
This commit includes: - User registration and authentication API with JWT - Password reset functionality - Role-based access control system - Database models and migrations with SQLAlchemy and Alembic - API documentation in README generated with BackendIM... (backend.im)
User Authentication and Authorization Service
A FastAPI service providing user authentication and authorization features including:
- User registration and management
- JWT authentication
- Password reset functionality
- Role-based access control
Features
-
User Management:
- User registration
- User profile management
- Email verification (implementation ready)
-
Authentication:
- JWT-based authentication with access and refresh tokens
- Secure password hashing with bcrypt
- Password reset functionality
-
Authorization:
- Role-based access control
- Admin functionality for user management
- Fine-grained permission control
Installation
- Clone the repository
- Install dependencies:
pip install -r requirements.txt - Set up environment variables (or create a
.envfile) - Run database migrations:
alembic upgrade head - Start the server:
uvicorn main:app --reload
API Documentation
Authentication Endpoints
Register a new user
POST /users
Request body:
{
"email": "user@example.com",
"password": "StrongPassword123",
"first_name": "John",
"last_name": "Doe"
}
Login
POST /auth/login
Request body:
{
"email": "user@example.com",
"password": "StrongPassword123"
}
Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}
Refresh token
POST /auth/refresh-token
Request body:
{
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Request password reset
POST /auth/password-reset
Request body:
{
"email": "user@example.com"
}
Reset password
POST /auth/password-reset/confirm
Request body:
{
"token": "reset_token_here",
"password": "NewStrongPassword123",
"password_confirm": "NewStrongPassword123"
}
Change password
POST /auth/password-change
Request body:
{
"current_password": "StrongPassword123",
"new_password": "NewStrongPassword123"
}
User Management Endpoints
Get current user
GET /users/me
Update current user
PUT /users/me
Request body:
{
"first_name": "John",
"last_name": "Smith"
}
Get all users (admin only)
GET /users
Get user by ID (admin only)
GET /users/{user_id}
Update user (admin only)
PUT /users/{user_id}
Delete user (admin only)
DELETE /users/{user_id}
Verify user (admin only)
POST /users/{user_id}/verify
Role Management Endpoints
Get user roles (admin only)
GET /users/{user_id}/roles
Add role to user (admin only)
POST /users/{user_id}/roles/{role_id}
Remove role from user (admin only)
DELETE /users/{user_id}/roles/{role_id}
Security Considerations
- Passwords are hashed using bcrypt
- JWT tokens with appropriate expiration times
- Role-based authorization for sensitive operations
- Input validation using Pydantic models
Health Check
The service provides a health check endpoint:
GET /health
Development
The project follows standard FastAPI practices and uses:
- SQLAlchemy ORM for database operations
- Alembic for database migrations
- Pydantic for data validation
- JWT for authentication tokens