00bfe8bfca
Pluggable AuthProvider interface with a local (email+password) implementation, and a Mailer interface (ConsoleMailer for dev, SMTPMailer for operators). The auth service owns registration, login, opaque session issuance, email verification, and password reset (which revokes prior sessions). Endpoints under /api/v1/auth; sessions are returned as a Bearer token and set as an HttpOnly cookie. Replaces the temporary X-User-Id shim: get_current_user now resolves a real session (Bearer or cookie). The open user-bootstrap endpoint is gone (registration replaces it). App logging is configured so the ConsoleMailer's verification/reset links are visible to self-hosters. Verified end-to-end on the deploy target, including the email-verification flow. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Paul <justin@jpaul.me>
36 lines
596 B
Python
36 lines
596 B
Python
from datetime import datetime
|
|
|
|
from pydantic import BaseModel, Field
|
|
|
|
from app.schemas.user import UserRead
|
|
|
|
|
|
class RegisterRequest(BaseModel):
|
|
email: str
|
|
password: str = Field(min_length=8)
|
|
display_name: str | None = None
|
|
|
|
|
|
class LoginRequest(BaseModel):
|
|
email: str
|
|
password: str
|
|
|
|
|
|
class TokenRequest(BaseModel):
|
|
token: str
|
|
|
|
|
|
class PasswordResetRequest(BaseModel):
|
|
email: str
|
|
|
|
|
|
class PasswordResetConfirm(BaseModel):
|
|
token: str
|
|
new_password: str = Field(min_length=8)
|
|
|
|
|
|
class SessionRead(BaseModel):
|
|
user: UserRead
|
|
token: str
|
|
expires_at: datetime
|