feat:Added auth service

alembic/versions/e8066533b622_delete_user_verification_cols.py

@@ -0,0 +1,49 @@
+"""delete:user/verification cols
+
+Revision ID: e8066533b622
+Revises: 584a5111e60f
+Create Date: 2025-11-11 10:47:38.171691
+
+"""
+
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision: str = "e8066533b622"
+down_revision: Union[str, Sequence[str], None] = "584a5111e60f"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column("users", "verification_token")
+    op.drop_column("users", "verification_expires_at")
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column(
+        "users",
+        sa.Column(
+            "verification_expires_at",
+            postgresql.TIMESTAMP(),
+            autoincrement=False,
+            nullable=True,
+        ),
+    )
+    op.add_column(
+        "users",
+        sa.Column(
+            "verification_token", sa.VARCHAR(), autoincrement=False, nullable=True
+        ),
+    )
+    # ### end Alembic commands ###

requirements/dev.txt

@@ -3,17 +3,29 @@ annotated-doc==0.0.3
 annotated-types==0.7.0
 anyio==4.11.0
 asyncpg==0.30.0
+bcrypt==3.2.2
+cffi==2.0.0
 click==8.3.0
+cryptography==46.0.3
+dnspython==2.8.0
+ecdsa==0.19.1
+email-validator==2.3.0
 fastapi==0.121.0
 greenlet==3.2.4
 h11==0.16.0
 idna==3.11
 Mako==1.3.10
 MarkupSafe==3.0.3
+passlib==1.7.4
 psycopg2-binary==2.9.11
+pyasn1==0.6.1
+pycparser==2.23
 pydantic==1.10.24
 pydantic_core==2.41.4
 python-dotenv==1.2.1
+python-jose==3.5.0
+rsa==4.9.1
+six==1.17.0
 sniffio==1.3.1
 SQLAlchemy==2.0.44
 sqlmodel==0.0.27

src/auth/config.py

@@ -1,6 +1,17 @@
+import os
 from pydantic import BaseSettings
+from dotenv import load_dotenv
+
 
 class HomeSettings(BaseSettings):
     FEATURE_ENABLED: bool = True
 
-home_settings = HomeSettings()
+
+home_settings = HomeSettings()
+
+
+load_dotenv()
+SECRET_KEY = os.getenv("SECRET_KEY")
+
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 60

src/auth/router.py

@@ -0,0 +1,89 @@
+from src.core.database import get_async_session
+from fastapi import APIRouter, Depends, HTTPException, status
+
+# from src.home.router import get_session
+# from sqlmodel import Session
+# from src.auth.service import login_user
+from jose import jwt, JWTError
+from src.auth.config import SECRET_KEY, ALGORITHM
+from fastapi.security import OAuth2PasswordBearer
+
+# from .schemas import SignUpRequest, VerifyOtpRequest, LoginRequest
+# from .service import create_user_and_send_otp, verify_otp
+
+# router = APIRouter(prefix="/auth", tags=["Auth"])
+
+
+# @router.post("/signup")
+# def signup(payload: SignUpRequest, session: Session = Depends(get_session)):
+#     try:
+#         return create_user_and_send_otp(
+#             session, payload.name, payload.email, payload.password
+#         )
+#     except ValueError as e:
+#         raise HTTPException(status_code=400, detail=str(e))
+
+
+# @router.post("/verify-otp")
+# def verify_otp_route(
+#     payload: VerifyOtpRequest, session: Session = Depends(get_session)
+# ):
+#     try:
+#         return verify_otp(session, payload.email, payload.otp)
+#     except ValueError as e:
+#         raise HTTPException(status_code=400, detail=str(e))
+
+
+# @router.post("/login")
+# def login(payload: LoginRequest, session: Session = Depends(get_session)):
+#     return login_user(session, payload.email, payload.password)
+
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlmodel import Session
+from src.auth.service import (
+    create_user_and_send_verification_email,
+    verify_email,
+    login_user,
+)
+from .schemas import SignUpRequest, LoginRequest
+
+router = APIRouter(prefix="/auth", tags=["Auth"])
+
+
+@router.post("/signup")
+async def signup(payload: SignUpRequest, session: Session = Depends(get_async_session)):
+    try:
+        return await create_user_and_send_verification_email(
+            session, payload.name, payload.email, payload.password
+        )
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+
+@router.get("/verify-email")
+async def verify_email_route(token: str, session: Session = Depends(get_async_session)):
+    return await verify_email(session, token)
+
+
+@router.post("/login")
+async def login(payload: LoginRequest, session: Session = Depends(get_async_session)):
+    return await login_user(session, payload.email, payload.password)
+
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/login")
+
+
+def get_current_user(token: str = Depends(oauth2_scheme)):
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        user_id: str = payload.get("sub")
+        if user_id is None:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
+            )
+        return user_id
+    except JWTError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token"
+        )

src/auth/schemas.py

@@ -0,0 +1,17 @@
+from pydantic import BaseModel
+
+
+class SignUpRequest(BaseModel):
+    name: str
+    email: str
+    password: str
+
+
+class VerifyOtpRequest(BaseModel):
+    email: str
+    otp: str
+
+
+class LoginRequest(BaseModel):
+    email: str
+    password: str

src/auth/service.py

@@ -1,2 +1,199 @@
-from typing import List
-from uuid import UUID
+import uuid
+import random
+
+from datetime import datetime
+from src.auth.utils import (
+    # send_otp_email,
+    verify_password,
+    verify_verification_token,
+    create_access_token,
+    hash_password,
+    send_verification_email,
+    create_verification_token,
+)
+from src.core.models import Users
+from sqlmodel import Session, select
+from fastapi import HTTPException
+
+
+def generate_otp():
+    return str(random.randint(100000, 999999))
+
+
+# def create_user_and_send_otp(session: Session, name: str, email: str, password: str):
+#     # 1. If already verified user exists, block new registration
+#     existing_user = session.exec(select(Users).where(Users.email_id == email)).first()
+#     if existing_user:
+#         raise ValueError("User already exists")
+
+#     otp = generate_otp()
+#     expires_at = datetime.now() + timedelta(minutes=5)
+
+#     existing_otp = session.exec(
+#         select(OtpVerification).where(OtpVerification.email == email)
+#     ).first()
+
+#     if existing_otp:
+#         session.delete(existing_otp)
+#         session.commit()
+
+#     new_otp = OtpVerification(
+#         email=email,
+#         otp=otp,
+#         expires_at=expires_at,
+#         temp_name=name,
+#         temp_password=password,
+#     )
+#     session.add(new_otp)
+#     session.commit()
+#     send_otp_email(email, otp)
+
+#     return {"message": "OTP sent successfully"}
+
+
+# def create_user_and_send_verification_email(
+#     session: Session, name: str, email: str, password: str
+# ):
+#     existing_user = session.exec(select(Users).where(Users.email_id == email)).first()
+#     if existing_user:
+#         raise ValueError("User already exists")
+
+#     # Create secure token
+#     token = generate_opaque_token()
+#     expires_at = datetime.utcnow() + timedelta(hours=24)
+
+#     # Create user
+#     new_user = Users(
+#         user_name=name,
+#         email_id=email,
+#         password=hash_password(password),
+#         is_verified=False,
+#         verification_token=token,
+#         verification_expires_at=expires_at,
+#     )
+#     session.add(new_user)
+#     session.commit()
+
+#     # Send verification email
+#     send_verification_email(email, token)
+
+#     return {"message": "Verification email sent. Please check your inbox."}
+
+
+async def create_user_and_send_verification_email(
+    session: Session, name: str, email: str, password: str
+):
+    user = await session.exec(select(Users).where(Users.email_id == email))
+    existing_user = user.first()
+    if existing_user:
+        raise ValueError("User already exists")
+
+    new_user = Users(
+        user_name=name,
+        email_id=email,
+        password=hash_password(password),
+        is_verified=False,
+    )
+    session.add(new_user)
+    await session.commit()
+
+    # Create encrypted token using Fernet
+    token = create_verification_token(str(new_user.id))
+
+    # Send email
+    send_verification_email(email, token)
+
+    return {"message": "Verification email sent. Please check your inbox."}
+
+
+# def verify_email(session: Session, token: str):
+#     user = session.exec(select(Users).where(Users.verification_token == token)).first()
+
+#     if not user:
+#         raise HTTPException(status_code=400, detail="Invalid or expired token")
+
+#     if user.verification_expires_at < datetime.utcnow():
+#         raise HTTPException(status_code=400, detail="Verification link expired")
+
+#     user.is_verified = True
+#     user.verification_token = None
+#     user.verification_expires_at = None
+#     session.commit()
+
+#     return {"message": "Email verified successfully!"}
+
+
+async def verify_email(session: Session, token: str):
+    try:
+        user_id = await verify_verification_token(token)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+    user = await session.get(Users, uuid.UUID(user_id))
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    if user.is_verified:
+        return {"message": "Email already verified"}
+
+    user.is_verified = True
+    await session.commit()
+
+    return {"message": "Email verified successfully!"}
+
+
+# def verify_otp(session: Session, email: str, otp: str):
+#     record = session.exec(
+#         select(OtpVerification).where(OtpVerification.email == email)
+#     ).first()
+
+#     if not record:
+#         raise ValueError("No OTP record found")
+#     if record.is_verified:
+#         return {"message": "Email already verified"}
+#     if record.expires_at < datetime.now():
+#         raise ValueError("OTP expired")
+#     if record.otp != otp:
+#         raise ValueError("Invalid OTP")
+
+#     new_user = Users(
+#         user_name=record.temp_name,
+#         email_id=email,
+#         password=hash_password(record.temp_password),
+#     )
+#     session.add(new_user)
+
+#     record.is_verified = True
+#     session.commit()
+
+#     return {"message": "Email verified successfully. Account created!"}
+
+
+async def login_user(session: Session, email: str, password: str):
+    users = await session.exec(select(Users).where(Users.email_id == email))
+    user = users.first()
+
+    if not user:
+        raise HTTPException(status_code=400, detail="Invalid email or password")
+
+    if not verify_password(password, user.password):
+        raise HTTPException(status_code=400, detail="Invalid email or password")
+
+    if not user.is_verified:
+        raise HTTPException(
+            status_code=403, detail="Please verify your email before logging in"
+        )
+
+    access_token = create_access_token(
+        data={"sub": str(user.id), "name": user.user_name, "email": user.email_id}
+    )
+
+    return {
+        "access_token": access_token,
+        "token_type": "bearer",
+        "user": {
+            "id": str(user.id),
+            "name": user.user_name,
+            "email": user.email_id,
+        },
+    }

src/auth/utils.py

@@ -0,0 +1,138 @@
+import uuid
+import smtplib
+from email.mime.text import MIMEText
+from passlib.context import CryptContext
+from jose import JWTError, jwt
+from datetime import datetime, timedelta
+from src.auth.config import SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES
+import secrets
+from datetime import datetime, timedelta
+import os
+import json
+from datetime import datetime, timedelta
+from cryptography.fernet import Fernet, InvalidToken
+
+
+SMTP_SERVER = "smtp.gmail.com"
+SMTP_PORT = 587
+SMTP_EMAIL = "[email protected]"
+SMTP_PASSWORD = "jdtc qyaq fmqd xvse"
+
+
+def send_otp_email(to_email: str, otp: str):
+    subject = "Your Yuvabe OTP Code"
+    body = f"Your OTP is {otp}. It will expire in 5 minutes."
+
+    msg = MIMEText(body)
+    msg["Subject"] = subject
+    msg["From"] = SMTP_EMAIL
+    msg["To"] = to_email
+
+    with smtplib.SMTP(SMTP_SERVER, SMTP_PORT) as server:
+        server.starttls()
+        server.login(SMTP_EMAIL, SMTP_PASSWORD)
+        server.send_message(msg)
+
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return pwd_context.verify(plain_password, hashed_password)
+
+
+def create_access_token(data: dict):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+def generate_opaque_token():
+    return secrets.token_urlsafe(32)
+
+
+# def send_verification_email(to_email: str, token: str):
+#     subject = "Verify your Yuvabe Account"
+#     verification_link = (
+#         f"https://68c71e06225c.ngrok-free.app/auth/verify-email?token={token}"
+#     )
+#     body = f"""
+#     Hi,
+
+#     Please click the link below to verify your email address:
+#     {verification_link}
+
+#     This link will expire in 24 hours.
+#     """
+
+#     msg = MIMEText(body)
+#     msg["Subject"] = subject
+#     msg["From"] = SMTP_EMAIL
+#     msg["To"] = to_email
+
+
+#     with smtplib.SMTP(SMTP_SERVER, SMTP_PORT) as server:
+#         server.starttls()
+#         server.login(SMTP_EMAIL, SMTP_PASSWORD)
+#         server.send_message(msg)
+
+
+def send_verification_email(to_email: str, token: str):
+    subject = "Verify your Yuvabe Account"
+    verification_link = (
+        f"https://68c71e06225c.ngrok-free.app/auth/verify-email?token={token}"
+    )
+    body = f"""
+    Hi,
+
+    Please verify your Yuvabe account by clicking the link below:
+    {verification_link}
+
+    This link will expire in 24 hours.
+    """
+
+    msg = MIMEText(body)
+    msg["Subject"] = subject
+    msg["From"] = SMTP_EMAIL
+    msg["To"] = to_email
+
+    with smtplib.SMTP(SMTP_SERVER, SMTP_PORT) as server:
+        server.starttls()
+        server.login(SMTP_EMAIL, SMTP_PASSWORD)
+        server.send_message(msg)
+
+
+FERNET_KEY = os.getenv("FERNET_KEY")
+fernet = Fernet(FERNET_KEY)
+
+
+def create_verification_token(user_id: str, expires_in_hours: int = 24) -> str:
+    """Create an encrypted verification token containing the user_id and expiry time."""
+    payload = {
+        "sub": user_id,
+        "exp": (datetime.utcnow() + timedelta(hours=expires_in_hours)).timestamp(),
+    }
+    token = fernet.encrypt(json.dumps(payload).encode()).decode()
+    return token
+
+
+async def verify_verification_token(token: str) -> str:
+    """Verify and decrypt a verification token, returning the user_id if valid."""
+    try:
+        decrypted = fernet.decrypt(token.encode())
+        data = json.loads(decrypted.decode())
+
+        exp = datetime.fromtimestamp(data["exp"])
+        if datetime.utcnow() > exp:
+            raise ValueError("Verification link expired")
+
+        return data["sub"]
+
+    except InvalidToken:
+        raise ValueError("Invalid verification link")

src/core/models.py

@@ -23,8 +23,6 @@ class Users(SQLModel, table=True):
     is_verified: bool = Field(
         default=False, sa_column_kwargs={"server_default": "false"}
     )
-    verification_token: Optional[str] = None
-    verification_expires_at: Optional[datetime] = None
     dob: Optional[date] = None
     address: Optional[str] = None
     profile_picture: Optional[str] = None

src/main.py

@@ -2,6 +2,7 @@ from fastapi import FastAPI
 
 from src.core.database import init_db
 from src.home.router import router as home_router
+from src.auth.router import router as auth_router
 
 app = FastAPI(title="Yuvabe App API")
 
@@ -9,6 +10,8 @@ app.include_router(home_router, prefix="/home", tags=["Home"])
 
 init_db()
 
+app.include_router(auth_router)
+
 
 @app.get("/")
 def root():