refactor: align backend layout and supabase infra

Consolidate backend modules/tests under the backend package while syncing Supabase compose/env config and related plans.
2026-02-05 15:13:06 +08:00
parent 3cfcb11240
commit ad06fe7de4
111 changed files with 5540 additions and 1362 deletions
@@ -0,0 +1 @@
+from __future__ import annotations
@@ -0,0 +1,7 @@
+from __future__ import annotations
+
+from v1.auth.service import AuthService, SupabaseAuthGateway
+
+
+def get_auth_service() -> AuthService:
+    return AuthService(gateway=SupabaseAuthGateway())
@@ -0,0 +1,35 @@
+from __future__ import annotations
+
+from pydantic import BaseModel, EmailStr, Field
+
+
+class SignupRequest(BaseModel):
+    email: EmailStr
+    password: str = Field(min_length=6)
+    display_name: str | None = None
+
+
+class LoginRequest(BaseModel):
+    email: EmailStr
+    password: str = Field(min_length=6)
+
+
+class RefreshRequest(BaseModel):
+    refresh_token: str = Field(min_length=1)
+
+
+class LogoutRequest(BaseModel):
+    refresh_token: str = Field(min_length=1)
+
+
+class AuthUser(BaseModel):
+    id: str
+    email: EmailStr
+
+
+class AuthTokenResponse(BaseModel):
+    access_token: str
+    refresh_token: str
+    expires_in: int
+    token_type: str
+    user: AuthUser
@@ -0,0 +1,49 @@
+from __future__ import annotations
+
+from fastapi import APIRouter, Depends, Response
+
+from v1.auth.dependencies import get_auth_service
+from v1.auth.models import (
+    AuthTokenResponse,
+    LoginRequest,
+    LogoutRequest,
+    RefreshRequest,
+    SignupRequest,
+)
+from v1.auth.service import AuthService
+
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+
+
+@router.post("/signup", response_model=AuthTokenResponse)
+async def signup(
+    payload: SignupRequest,
+    service: AuthService = Depends(get_auth_service),
+) -> AuthTokenResponse:
+    return await service.signup(payload)
+
+
+@router.post("/login", response_model=AuthTokenResponse)
+async def login(
+    payload: LoginRequest,
+    service: AuthService = Depends(get_auth_service),
+) -> AuthTokenResponse:
+    return await service.login(payload)
+
+
+@router.post("/refresh", response_model=AuthTokenResponse)
+async def refresh(
+    payload: RefreshRequest,
+    service: AuthService = Depends(get_auth_service),
+) -> AuthTokenResponse:
+    return await service.refresh(payload)
+
+
+@router.post("/logout", status_code=204)
+async def logout(
+    payload: LogoutRequest,
+    service: AuthService = Depends(get_auth_service),
+) -> Response:
+    await service.logout(payload.refresh_token)
+    return Response(status_code=204)
@@ -0,0 +1,147 @@
+from __future__ import annotations
+
+import asyncio
+from typing import Any, Protocol, cast
+
+from fastapi import HTTPException
+from supabase import AuthError, create_client
+
+from core.config.settings import SupabaseSettings, config
+from core.logging import get_logger
+from v1.auth.models import (
+    AuthTokenResponse,
+    AuthUser,
+    LoginRequest,
+    RefreshRequest,
+    SignupRequest,
+)
+
+
+logger = get_logger("v1.auth.service")
+
+
+class AuthServiceGateway(Protocol):
+    async def signup(self, request: SignupRequest) -> AuthTokenResponse:
+        raise NotImplementedError
+
+    async def login(self, request: LoginRequest) -> AuthTokenResponse:
+        raise NotImplementedError
+
+    async def refresh(self, request: RefreshRequest) -> AuthTokenResponse:
+        raise NotImplementedError
+
+    async def logout(self, refresh_token: str | None) -> None:
+        raise NotImplementedError
+
+
+class SupabaseAuthGateway(AuthServiceGateway):
+    _client: Any
+
+    def __init__(self) -> None:
+        settings: SupabaseSettings = config.supabase
+        self._client = create_client(settings.url, settings.anon_key)
+
+    async def signup(self, request: SignupRequest) -> AuthTokenResponse:
+        payload: dict[str, Any] = {
+            "email": request.email,
+            "password": request.password,
+        }
+        if request.display_name:
+            payload = {
+                **payload,
+                "data": {"display_name": request.display_name},
+            }
+        try:
+            sign_up = cast(Any, self._client.auth.sign_up)
+            response = await asyncio.to_thread(sign_up, payload)
+            return _map_auth_response(response, "Authentication failed")
+        except AuthError as exc:
+            logger.warning("Signup failed", error=str(exc))
+            raise HTTPException(
+                status_code=401, detail="Authentication failed"
+            ) from exc
+
+    async def login(self, request: LoginRequest) -> AuthTokenResponse:
+        payload: dict[str, Any] = {"email": request.email, "password": request.password}
+        try:
+            sign_in = cast(Any, self._client.auth.sign_in_with_password)
+            response = await asyncio.to_thread(sign_in, payload)
+            return _map_auth_response(response, "Invalid credentials")
+        except AuthError as exc:
+            logger.warning("Login failed", error=str(exc))
+            raise HTTPException(status_code=401, detail="Invalid credentials") from exc
+
+    async def refresh(self, request: RefreshRequest) -> AuthTokenResponse:
+        try:
+            response = await asyncio.to_thread(
+                self._client.auth.refresh_session,
+                request.refresh_token,
+            )
+            return _map_auth_response(response, "Invalid refresh token")
+        except AuthError as exc:
+            logger.warning("Refresh failed", error=str(exc))
+            raise HTTPException(
+                status_code=401, detail="Invalid refresh token"
+            ) from exc
+
+    async def logout(self, refresh_token: str | None) -> None:
+        if not refresh_token:
+            raise HTTPException(status_code=401, detail="Missing refresh token")
+        try:
+            response = await asyncio.to_thread(
+                self._client.auth.refresh_session,
+                refresh_token,
+            )
+            session = getattr(response, "session", None)
+            if session is None:
+                raise HTTPException(status_code=401, detail="Invalid refresh token")
+            await asyncio.to_thread(
+                self._client.auth.set_session,
+                str(session.access_token),
+                str(session.refresh_token),
+            )
+            await asyncio.to_thread(self._client.auth.sign_out)
+        except AuthError as exc:
+            logger.warning("Logout failed", error=str(exc))
+            raise HTTPException(
+                status_code=401, detail="Invalid refresh token"
+            ) from exc
+
+
+class AuthService:
+    _gateway: AuthServiceGateway
+
+    def __init__(self, gateway: AuthServiceGateway) -> None:
+        self._gateway = gateway
+
+    async def signup(self, request: SignupRequest) -> AuthTokenResponse:
+        return await self._gateway.signup(request)
+
+    async def login(self, request: LoginRequest) -> AuthTokenResponse:
+        return await self._gateway.login(request)
+
+    async def refresh(self, request: RefreshRequest) -> AuthTokenResponse:
+        return await self._gateway.refresh(request)
+
+    async def logout(self, refresh_token: str | None) -> None:
+        await self._gateway.logout(refresh_token)
+
+
+def _map_auth_response(response: object, failure_message: str) -> AuthTokenResponse:
+    session = getattr(response, "session", None)
+    user = getattr(response, "user", None)
+    if session is None or user is None:
+        raise HTTPException(status_code=401, detail=failure_message)
+
+    email = getattr(user, "email", None)
+    if not email:
+        raise HTTPException(status_code=401, detail=failure_message)
+
+    auth_user = AuthUser(id=str(user.id), email=str(email))
+    return AuthTokenResponse(
+        access_token=str(session.access_token),
+        refresh_token=str(session.refresh_token),
+        expires_in=int(session.expires_in or 0),
+        token_type=str(session.token_type),
+        user=auth_user,
+    )