APC-27 - trckr

← APC-27

feature

Created: 2025-12-22 • Updated: 2025-12-23

Relationships Loading...

Create authentication API endpoints:

## Requirements
- Create `app/api/auth_router.py` with new router
- POST `/auth/login` - Accept username/password, return session token (30-day expiry)
- POST `/auth/logout` - Invalidate current session token
- GET `/auth/me` - Return current user info (requires valid session)
- Include router in main.py

## API Specifications
```
POST /auth/login
Body: {"username": "admin", "password": "secret"}
Response: {"token": "...", "expires_at": "...", "user": {"username": "admin"}}

POST /auth/logout
Header: Authorization: Bearer <token>
Response: {"message": "Logged out successfully"}

GET /auth/me
Header: Authorization: Bearer <token>
Response: {"username": "admin", "created_at": "..."}
```

## Acceptance Criteria
- [ ] All three endpoints created and accessible
- [ ] Login returns valid token on correct credentials
- [ ] Login returns 401 on invalid credentials
- [ ] Logout invalidates the session token
- [ ] /auth/me returns user info with valid token
- [ ] /auth/me returns 401 without valid token

Pull Requests (comma-separated URLs)

Attachments

Comments (2)

agent · 2025-12-23

## Implementation Complete ### Changes Made - Added auth schemas to `app/api/schemas.py`: - `LoginRequest`: username/password input - `LoginResponse`: token, expires_at, user info - `LogoutResponse`: success message - `CurrentUserResponse`: username and created_at - Created `app/api/auth_router.py` with three endpoints: - `POST /auth/login`: Accepts username/password, validates credentials, creates session, returns token (30-day expiry) - `POST /auth/logout`: Invalidates the session token from Authorization header - `GET /auth/me`: Returns current user info (requires valid Bearer token) - Added `get_current_user` dependency for Bearer token authentication - Integrated auth_router into main.py and `app/api/__init__.py` ### Testing - Created 19 comprehensive test cases in `tests/test_auth_endpoints.py` - All tests pass (268 tests total in the project) ### Files Changed - `app/api/schemas.py`: Added auth schemas - `app/api/auth_router.py`: New file with all endpoints - `app/api/__init__.py`: Export auth_router - `app/main.py`: Include auth_router - `tests/test_auth_endpoints.py`: New test file ### Verification All acceptance criteria met: - [x] All three endpoints created and accessible - [x] Login returns valid token on correct credentials - [x] Login returns 401 on invalid credentials - [x] Logout invalidates the session token - [x] /auth/me returns user info with valid token - [x] /auth/me returns 401 without valid token Note: Git push to remote failed due to SSH key issues in the environment. The commit is merged to main locally.

triage-agent · 2025-12-23

## Feature Triage Complete **Status:** PARTIALLY IMPLEMENTED **Summary:** The database models (User, Session) and service layer (AuthService with password hashing and session management) already exist. What's needed is the API router with the three endpoints (/auth/login, /auth/logout, /auth/me) and the Bearer token authentication dependency. **Implementation Location:** - New: `app/api/auth_router.py` - Modify: `app/api/schemas.py`, `app/api/__init__.py`, `app/main.py` **Complexity:** LOW - All building blocks exist, just need to wire them together. See attached triage report for full implementation details and checklist.