feat: auth

* feat(backend): auth and oauth endpoints

* feat(frontend): login signup forms and routing

* feat: oauth2

* refactor: auth api typing

* refactor: auth forms validation

* refactor: oauth improvements and routes protection

* style

* fix: conditional rendering of nav and dropdown menu

* fix

* feat: routes protected for demo mode

* fix

* fix

* fix

* fix

* style

* fix

* fix

* test: updated tests to use auth client

* test: added basic auth tests

* feat: dynamic oauth buttons rendering

* fix: fixed security violation (redirects based on user-controlled data)

Author: ivanskv2000

.env.example

@@ -3,8 +3,29 @@ ENV=dev # dev | prod | demo
 DATABASE_URL=postgresql+psycopg2://evsy:evsy@db:5432/evsy
 FRONTEND_URL=http://localhost:3000
 
+
 # Frontend
 VITE_ENV=dev # dev | prod | demo
 VITE_API_URL=http://localhost:8000/api/v1
 VITE_LOG_LEVEL=error
-__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS=demo.evsy.dev
+__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS=demo.evsy.dev
+
+
+# Auth
+
+## Secret key for signing JWTs. Use a secure 32+ character string.
+SECRET_KEY=YOUR_32_CHAR_SECRET_KEY
+
+## GitHub OAuth credentials
+## Create your app here: https://github.com/settings/developers
+## Set "Authorization callback URL" to:
+##   http://localhost:8000/api/v1/auth/oauth/callback
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+## Google OAuth credentials
+## Create credentials here: https://console.cloud.google.com/apis/credentials
+## Set "Authorized redirect URI" to:
+##   http://localhost:8000/api/v1/auth/oauth/callback
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=

Makefile

@@ -4,11 +4,11 @@ up:
 down:
 	docker compose down
 
-migrate: # e. g. make revision name="add auth"
+migrate:
 	docker compose exec backend alembic upgrade head
 
-revision:
-	docker compose exec backend alembic revision -m "$(name)"
+revision: # e. g. make revision name="add auth"
+	docker compose exec backend alembic revision --autogenerate -m "$(name)"
 
 dev:
 	docker compose -f docker-compose.dev.yaml up --build -d

backend/.gitignore

@@ -9,9 +9,6 @@ __pycache__/
 env/
 venv/
 
-# Alembic
-migrations/versions/
-
 # Database files
 *.sqlite3
 *.db

backend/app/api/v1/routes/admin.py

@@ -1,10 +1,11 @@
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends
 
 from app.modules.admin.io.router import router as io_router
 from app.modules.admin.reset.router import router as reset_router
 from app.modules.admin.seed.router import router as seed_router
+from app.modules.auth.token import get_current_user
 
-router = APIRouter(prefix="/admin")
+router = APIRouter(prefix="/admin", dependencies=[Depends(get_current_user)])
 
 router.include_router(io_router)
 router.include_router(seed_router)

backend/app/api/v1/routes/auth.py

@@ -0,0 +1,7 @@
+from fastapi import APIRouter
+
+from app.modules.auth.router import router as auth_router
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+
+router.include_router(auth_router)

backend/app/api/v1/routes/events.py

@@ -11,13 +11,16 @@
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
+from app.modules.auth.token import get_current_user
 from app.modules.events import crud as event_crud
 from app.modules.events.schemas import EventCreate, EventOut
 from app.modules.events.service import generate_json_schema_for_event
 from app.modules.fields.crud import get_fields_by_ids
 from app.modules.tags.crud import get_or_create_tags
 
-router = APIRouter(prefix="/events", tags=["events"])
+router = APIRouter(
+    prefix="/events", tags=["events"], dependencies=[Depends(get_current_user)]
+)
 
 
 @router.post(

backend/app/api/v1/routes/fields.py

@@ -2,10 +2,13 @@
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
+from app.modules.auth.token import get_current_user
 from app.modules.fields import crud as field_crud
 from app.modules.fields.schemas import FieldCreate, FieldOut, FieldOutWithEventCount
 
-router = APIRouter(prefix="/fields", tags=["fields"])
+router = APIRouter(
+    prefix="/fields", tags=["fields"], dependencies=[Depends(get_current_user)]
+)
 
 
 @router.post(

backend/app/api/v1/routes/tags.py

@@ -2,10 +2,13 @@
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
+from app.modules.auth.token import get_current_user
 from app.modules.tags import crud as tag_crud
 from app.modules.tags.schemas import TagCreate, TagOut
 
-router = APIRouter(prefix="/tags", tags=["tags"])
+router = APIRouter(
+    prefix="/tags", tags=["tags"], dependencies=[Depends(get_current_user)]
+)
 
 
 @router.post(

backend/app/core/guard.py

@@ -0,0 +1,17 @@
+from fastapi import Depends, HTTPException
+
+from app.settings import get_settings
+
+
+def ensure_not_demo(settings=Depends(get_settings)):
+    if settings.is_demo:
+        raise HTTPException(
+            status_code=403, detail="This action is not allowed in demo mode."
+        )
+
+
+def ensure_dev(settings=Depends(get_settings)):
+    if not settings.is_dev:
+        raise HTTPException(
+            status_code=403, detail="This action is allowed only in development."
+        )