Skip to content

Token blacklist #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 21, 2023
Merged

Token blacklist #52

merged 5 commits into from
Nov 21, 2023

Conversation

igorbenav
Copy link
Collaborator

Summary

 🚀Features

  • Token blacklist (possibility to log out users)

📝Docs

0. New Token Blacklist Model

diagram
To log users out, a token blacklist was created. Now you can invalidate a token at any moment. To do so, verify_token function (also schemas and CRUD) created.

🚚Migration

0. Update user table definition in create_first_superuser.py

If you change the user model, you must also update the table definition in src/scripts/create_first_superuser.py in order for it to keep working.

Here is the table definition:

# src/scripts/create_first_superuser.py
...
if user is None:
        metadata = MetaData()
        user_table = Table(
            "user", metadata,
            Column("id", Integer, primary_key=True, autoincrement=True, nullable=False),
            Column("name", String(30), nullable=False),
            Column("username", String(20), nullable=False, unique=True, index=True),
            Column("email", String(50), nullable=False, unique=True, index=True),
            Column("hashed_password", String, nullable=False),
            Column("profile_image_url", String, default="https://profileimageurl.com"),
            Column("uuid", UUID(as_uuid=True), primary_key=True, default=uuid.uuid4, unique=True),
            Column("created_at", DateTime, default=datetime.utcnow, nullable=False),
            Column("updated_at", DateTime),
            Column("deleted_at", DateTime),
            Column("is_deleted", Boolean, default=False, index=True),
            Column("is_superuser", Boolean, default=False),
            Column("tier_id", Integer, ForeignKey("tier.id"), index=True)
        )

Let's say you added a column in your user model, age.

...
class User(Base):
    __tablename__ = "user"

    ...
    # --------- here the new `age` column was added ---------
    age: Mapped[Optional[int]] = mapped_column(default=None)
    # -------------------------------------------------------
    ...

I'll now update the table definition in create_first_superuser.py accordingly:

# src/scripts/create_first_superuser.py
...
if user is None:
        metadata = MetaData()
        user_table = Table(
            "user", metadata,
            ...
            Column("age", Integer, nullable=True, default=None),
            ...
        )

1. Token Blacklist

This should work out of the box, all you need to do is run the alembic migration.

While in the src folder:

poetry run alembic revision --autogenerate

And to apply the migration

poetry run alembic upgrade head

 🔎Bug fixes

  • create_first_superuser now working again.

Warning

If you change the user model, now you'll also have to change the definition in create_first_superuser script. That happens because the script wasn't working without the relationship definitions, also getting the user model isn't trivial for async. May be fixed eventually.

@igorbenav igorbenav added the enhancement New feature or request label Nov 21, 2023
@igorbenav igorbenav self-assigned this Nov 21, 2023
@igorbenav igorbenav merged commit d9c978f into main Nov 21, 2023
@igorbenav igorbenav deleted the token-blacklist branch November 21, 2023 01:27
@igorbenav igorbenav mentioned this pull request Nov 21, 2023
Closed
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@igorbenav igorbenav

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@igorbenav