Add ownership to templates and ranges + Implement auth endpoints

Dockerfile.dev

@@ -2,18 +2,41 @@ FROM python:3.12-slim
 
 WORKDIR /code
 
-# For dynamic versioning
-RUN apt-get update && apt-get install -y git \
+RUN apt-get update && apt-get install -y git curl \
+    && curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
+    && apt-get install -y nodejs \
+    && apt-get install -y gnupg software-properties-common \
+    && apt-get install -y wget \
+    && apt-get install -y gnupg2 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+RUN wget -O- https://apt.releases.hashicorp.com/gpg | \
+    gpg --dearmor | \
+    tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null
+
+RUN echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
+    https://apt.releases.hashicorp.com bookworm main" | \
+    tee /etc/apt/sources.list.d/hashicorp.list
+
+RUN apt-get update && apt-get install -y terraform
+
+
 # Install debugpy for debugging
 RUN pip install --no-cache-dir debugpy
 
 # Install python dependencies
 COPY ./requirements.txt /code/requirements.txt
 RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt
 
+# Set up terraform cache
+WORKDIR src/app/core/cdktf
+RUN mkdir -p "/root/.terraform.d/plugin-cache"
+COPY src/app/core/cdktf/.terraformrc /root/.terraformrc
+RUN terraform init
+RUN rm -rf .terraform*
+WORKDIR /code
+
 EXPOSE 80
 
 CMD ["uvicorn", "src.app.main:app", "--host", "0.0.0.0", "--port", "80", "--reload"]

requirements.txt

@@ -6,4 +6,8 @@ setuptools-scm~=8.1
 
 # CDKTF
 cdktf>=0.20
-cdktf-cdktf-provider-aws>=19.52
+cdktf-cdktf-provider-aws>=19.52
+
+# Auth
+pyjwt
+bcrypt

src/app/api/v1/__init__.py

@@ -2,6 +2,7 @@
 
 from fastapi import APIRouter
 
+from .auth import router as auth_router
 from .health import router as health_router
 from .ranges import router as ranges_router
 from .templates import router as templates_router
@@ -10,3 +11,4 @@
 router.include_router(health_router)
 router.include_router(templates_router)
 router.include_router(ranges_router)
+router.include_router(auth_router)

src/app/api/v1/auth.py

@@ -0,0 +1,99 @@
+from datetime import UTC, datetime, timedelta
+from typing import Any
+
+import jwt
+from bcrypt import checkpw
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.ext.asyncio.session import AsyncSession
+
+from ...core.config import settings
+from ...core.db.database import async_get_db
+from ...crud.crud_users import create_user, get_user
+from ...schemas.user_schema import (
+    UserBaseSchema,
+    UserCreateBaseSchema,
+    UserID,
+)
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+
+
+@router.post("/login")
+async def login(
+    openlabs_user: UserBaseSchema,
+    db: AsyncSession = Depends(async_get_db),  # noqa: B008
+) -> dict[str, str]:
+    """Login a user.
+
+    Args:
+    ----
+        openlabs_user (UserBaseSchema): User authentication data.
+        db (AsyncSession): Async database connection.
+
+    Returns:
+    -------
+        dict: token with JWT for the user.
+
+    """
+    user = await get_user(db, openlabs_user.email)
+
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials or user does not exist",
+        )
+
+    user_hash = user.hashed_password
+    user_id = user.id
+
+    if not checkpw(openlabs_user.password.encode(), user_hash.encode()):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials or user does not exist",
+        )
+
+    data_dict: dict[str, Any] = {"user": str(user_id)}
+
+    expire = datetime.now(UTC) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+
+    data_dict.update({"exp": expire})
+
+    return {
+        "token": jwt.encode(
+            data_dict, settings.SECRET_KEY, algorithm=settings.ALGORITHM
+        )
+    }
+
+
+@router.post("/register")
+async def register_new_user(
+    openlabs_user: UserCreateBaseSchema,
+    db: AsyncSession = Depends(async_get_db),  # noqa: B008
+) -> UserID:
+    """Create a new user.
+
+    Args:
+    ----
+        openlabs_user (UserCreateBaseSchema): User creation data.
+        db (AsyncSession): Async database connection.
+
+    Returns:
+    -------
+        UserID: Identity of the created user.
+
+    """
+    existing_user = await get_user(db, openlabs_user.email)
+    if existing_user:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail="User already exists",
+        )
+    created_user = await create_user(db, openlabs_user)
+
+    if not created_user:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail="Unable to create user",
+        )
+
+    return UserID.model_validate(created_user, from_attributes=True)

src/app/api/v1/ranges.py

@@ -4,9 +4,11 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.ext.asyncio.session import AsyncSession
 
+from ...core.auth.auth import get_current_user
 from ...core.config import settings
 from ...core.db.database import async_get_db
-from ...crud.crud_range_templates import get_range_template
+from ...crud.crud_range_templates import get_range_template, is_range_template_owner
+from ...models.user_model import UserModel
 from ...schemas.template_range_schema import TemplateRangeID, TemplateRangeSchema
 
 router = APIRouter(prefix="/ranges", tags=["ranges"])
@@ -16,14 +18,42 @@
 async def deploy_range_from_template(
     range_ids: list[TemplateRangeID],
     db: AsyncSession = Depends(async_get_db),  # noqa: B008
+    current_user: UserModel = Depends(get_current_user),  # noqa: B008
 ) -> dict[str, Any]:
-    """Deploy range templates."""
+    """Deploy range templates.
+
+    Args:
+    ----
+        range_ids (list[TemplateRangeID]): List of range template IDs to deploy.
+        db (AsyncSession): Async database connection.
+        current_user (UserModel): Currently authenticated user.
+
+    Returns:
+    -------
+        dict[str, Any]: Deployment status.
+
+    """
     # Import CDKTF dependencies to avoid long import times
     from ...core.cdktf.aws.aws import create_aws_stack, deploy_infrastructure
 
     ranges: list[TemplateRangeSchema] = []
     for range_id in range_ids:
-        range_model = await get_range_template(db, range_id)
+        # Check if the user owns this template
+        is_owner = await is_range_template_owner(db, range_id, current_user.id)
+        if not is_owner:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=f"You don't have permission to deploy range with ID: {range_id.id}",
+            )
+
+        # Get the template
+        range_model = await get_range_template(db, range_id, user_id=current_user.id)
+        if not range_model:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Range template with ID: {range_id.id} not found or you don't have access to it!",
+            )
+
         ranges.append(
             TemplateRangeSchema.model_validate(range_model, from_attributes=True)
         )