congsh/rssWorkFlow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ba6e7669e8e166143109555669ffc7bb710fc311
rssWorkFlow/backend/app/schemas/user.py
T
congsh ba6e7669e8 Initial commit: RSS platform phase 1 skeleton with code review fixes 
Features:
- FastAPI + SQLAlchemy 2.0 async + PostgreSQL/pgvector + Redis backend
- Vue 3 + TypeScript + Element Plus frontend
- JWT auth with access/refresh tokens and revocation
- Admin/member RBAC
- RSS feed CRUD and article listing
- Settings management with Fernet encryption for sensitive values
- Redis distributed lock service
- Alembic initial migration
- Docker Compose development environment

Fixes from code review:
- Fix DB session leak in dependency injection
- Restrict registration to admin only
- Add default admin password warning
- Implement JWT refresh tokens and jti blacklist
- Strengthen password policy
- Use func.count for pagination totals
- Replace NullPool with AsyncAdaptedQueuePool
- Remove init_db from lifespan to enforce alembic migrations
- Add request_id middleware and logging filter
- Fix vite.config.ts env loading
- Add frontend token refresh interceptor
- Add Vue error handler

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 17:01:57 +08:00

77 lines
1.7 KiB
Python
Raw Blame History

"""User Pydantic schemas."""
import re
from pydantic import BaseModel, ConfigDict, Field, field_validator
_PASSWORD_RE = re.compile(r"^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d@$!%*?&_.-]{8,128}$")
class UserBase(BaseModel):
"""Base user schema."""
username: str = Field(..., min_length=3, max_length=64)
role: str = "member"
is_active: bool = True
@field_validator("role")
@classmethod
def _validate_role(cls, value: str) -> str:
allowed = {"admin", "member"}
if value not in allowed:
raise ValueError(f"role must be one of {allowed}")
return value
class UserCreate(UserBase):
"""User creation schema."""
password: str = Field(..., min_length=8, max_length=128)
@field_validator("password")
@classmethod
def _validate_password_strength(cls, value: str) -> str:
if not _PASSWORD_RE.match(value):
raise ValueError(
"password must be 8-128 characters and contain at least one letter and one number"
)
return value
class UserOut(UserBase):
"""User output schema."""
model_config = ConfigDict(from_attributes=True)
id: str
class UserLogin(BaseModel):
"""User login schema."""
username: str
password: str
class TokenResponse(BaseModel):
"""Token response schema."""
access_token: str
refresh_token: str
token_type: str = "bearer"
class TokenPayload(BaseModel):
"""JWT token payload."""
sub: str | None = None
role: str | None = None
jti: str | None = None
type: str | None = None
exp: int | None = None
class RefreshTokenRequest(BaseModel):
"""Refresh token request schema."""
refresh_token: str
Reference in New Issue View Git Blame Copy Permalink