refactor: api standardization and auth hardening

[ivanskv2000]

📌 Refactor(api/auth): standardize CRUD patterns and harden OAuth security

✨ What’s Changed?

1. API Standardization (Events, Fields, Tags)

• Schema Refactoring: Standardized Pydantic models to adhere to DRY principles. EventOut now inherits from EventBase, and TagBase includes validation constraints for its ID.
• CRUD/Router Decoupling: Refactored the CRUD layer to raise standard ValueError exceptions instead of FastAPI's HTTPException. Routers now handle these errors and translate them into structured 400 responses.
• Pattern Consistency: Reorganized CRUD function signatures and ordering across modules to ensure a uniform developer experience.

2. Auth Layer Hardening

• Dynamic Redirects: Replaced hardcoded localhost:8000 OAuth redirect URIs with a configurable BACKEND_URL in Settings and .env.example.
• CSRF Mitigation: Implemented secure random nonces in the OAuth state parameter to prevent predictable state values and enhance protection against CSRF/replay attacks.
• Schema Documentation: Improved the OAuthLogin schema with explicit descriptions to clarify that the token field expects the authorization code from the provider.

📂 Scope

• frontend
• backend
• common/shared
• CI/config

📝 Notes (Optional)

• Breaking Configuration Change: Users must now ensure BACKEND_URL is correctly set in their .env files for OAuth callbacks to function in non-local environments. The default is set to http://localhost:8000 for compatibility.

✅ Checklist

• PR title uses Conventional Commit format
• Code is clean and commented where needed
• I’ve manually tested relevant parts
• I’ve updated docs (if needed)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud