Skip to content

rjalexa/isagog-userauth

BranchesTags

Repository files navigation

Isagog user management

FastAPI OAuth2 SQLAlchemy SQLite Python Pytest Docker GitHub Actions

Welcome to our project! This project uses FastAPI for user management, login, and authorization.

It implements OAuth2 using bcrypt peppered hashes and issues access and refresh JWT tokens. These tokens are used to protect your FastAPI application routes via the Dependency mechanism.

It lets you define two classes of users: admin and basic. The latter can only login and refresh its token, while an admin can create, list, update and delete any other user.

Getting Started

To get started with this project, follow these steps:

  1. Copy the .env.example file: Rename the .env.example file to .env.

  2. Fill in the secrets: Open the .env file and replace the placeholders with your actual secrets. Make sure to keep the secrets protected by double quotes.

  3. Generate encryption keys: If needed, you can use the utils/gencrypt.py program to help you with filling the .env variables

Important Notes

  • Both the email and the username must be unique.
  • You can login with either the email or the username.
  • You can view the OpenAPI documentation at host:8000/docs.

API Routes

Current routes and their parameters can be examined via their OpenAPI docs. Here is a simple list:

  • /signup
  • /login
  • /refresh
  • /list
  • /delete
  • /passchange

Usage

The main.py file is a demo of how you can import, initialize, and use the user management, login, and authorization in your own FastAPI app.

To be usable you need to have a .env file in the project root with the following content:

BCRYPT_PEPPER = "yourcomplexpepper"
JWT_SECRET = "yourcomplex JWT secret"
ADMIN_PASSWORD=adminpasswordisverysecretmyfriend
[email protected]
ADMIN_USERNAME=admin
ACCESS_TOKEN_LIFETIME = 15
REFRESH_TOKEN_LIFETIME = 7
USER_DB_URL="sqlite:///./users.db"
USER_TABLE_NAME=users

and of course you will customize at least the first three, and better yet the first five values.

User Classes

  • Registered users belong to either the admin or the basic class.
  • The initial database is seeded with a first admin user as defined in the .env file.
  • Only the admin users can signup, list or delete other users
  • The login and refresh functions are open to anyone.
  • The password change is open to all. Basic users can only change their own password.

Building the Docker image

You can use the Makefile by running make build to build an image with the version number specified in the Makefile. This image is built to be run under a non privileged isagog user. make run if you want to run this image as is.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages