128 lines
3.3 KiB
Python
128 lines
3.3 KiB
Python
# [DEF:backend.src.schemas.auth:Module]
|
|
#
|
|
# @TIER: STANDARD
|
|
# @SEMANTICS: auth, schemas, pydantic, user, token
|
|
# @PURPOSE: Pydantic schemas for authentication requests and responses.
|
|
# @LAYER: API
|
|
# @RELATION: DEPENDS_ON -> pydantic
|
|
#
|
|
# @INVARIANT: Sensitive fields like password must not be included in response schemas.
|
|
|
|
# [SECTION: IMPORTS]
|
|
from typing import List, Optional
|
|
from pydantic import BaseModel, EmailStr
|
|
from datetime import datetime
|
|
# [/SECTION]
|
|
|
|
# [DEF:Token:Class]
|
|
# @TIER: TRIVIAL
|
|
# @PURPOSE: Represents a JWT access token response.
|
|
class Token(BaseModel):
|
|
access_token: str
|
|
token_type: str
|
|
# [/DEF:Token:Class]
|
|
|
|
# [DEF:TokenData:Class]
|
|
# @TIER: TRIVIAL
|
|
# @PURPOSE: Represents the data encoded in a JWT token.
|
|
class TokenData(BaseModel):
|
|
username: Optional[str] = None
|
|
scopes: List[str] = []
|
|
# [/DEF:TokenData:Class]
|
|
|
|
# [DEF:PermissionSchema:Class]
|
|
# @TIER: TRIVIAL
|
|
# @PURPOSE: Represents a permission in API responses.
|
|
class PermissionSchema(BaseModel):
|
|
id: Optional[str] = None
|
|
resource: str
|
|
action: str
|
|
|
|
class Config:
|
|
from_attributes = True
|
|
# [/DEF:PermissionSchema:Class]
|
|
|
|
# [DEF:RoleSchema:Class]
|
|
# @PURPOSE: Represents a role in API responses.
|
|
class RoleSchema(BaseModel):
|
|
id: str
|
|
name: str
|
|
description: Optional[str] = None
|
|
permissions: List[PermissionSchema] = []
|
|
|
|
class Config:
|
|
from_attributes = True
|
|
# [/DEF:RoleSchema:Class]
|
|
|
|
# [DEF:RoleCreate:Class]
|
|
# @PURPOSE: Schema for creating a new role.
|
|
class RoleCreate(BaseModel):
|
|
name: str
|
|
description: Optional[str] = None
|
|
permissions: List[str] = [] # List of permission IDs or "resource:action" strings
|
|
# [/DEF:RoleCreate:Class]
|
|
|
|
# [DEF:RoleUpdate:Class]
|
|
# @PURPOSE: Schema for updating an existing role.
|
|
class RoleUpdate(BaseModel):
|
|
name: Optional[str] = None
|
|
description: Optional[str] = None
|
|
permissions: Optional[List[str]] = None
|
|
# [/DEF:RoleUpdate:Class]
|
|
|
|
# [DEF:ADGroupMappingSchema:Class]
|
|
# @PURPOSE: Represents an AD Group to Role mapping in API responses.
|
|
class ADGroupMappingSchema(BaseModel):
|
|
id: str
|
|
ad_group: str
|
|
role_id: str
|
|
|
|
class Config:
|
|
from_attributes = True
|
|
# [/DEF:ADGroupMappingSchema:Class]
|
|
|
|
# [DEF:ADGroupMappingCreate:Class]
|
|
# @PURPOSE: Schema for creating an AD Group mapping.
|
|
class ADGroupMappingCreate(BaseModel):
|
|
ad_group: str
|
|
role_id: str
|
|
# [/DEF:ADGroupMappingCreate:Class]
|
|
|
|
# [DEF:UserBase:Class]
|
|
# @PURPOSE: Base schema for user data.
|
|
class UserBase(BaseModel):
|
|
username: str
|
|
email: Optional[EmailStr] = None
|
|
is_active: bool = True
|
|
# [/DEF:UserBase:Class]
|
|
|
|
# [DEF:UserCreate:Class]
|
|
# @PURPOSE: Schema for creating a new user.
|
|
class UserCreate(UserBase):
|
|
password: str
|
|
roles: List[str] = []
|
|
# [/DEF:UserCreate:Class]
|
|
|
|
# [DEF:UserUpdate:Class]
|
|
# @PURPOSE: Schema for updating an existing user.
|
|
class UserUpdate(BaseModel):
|
|
email: Optional[EmailStr] = None
|
|
password: Optional[str] = None
|
|
is_active: Optional[bool] = None
|
|
roles: Optional[List[str]] = None
|
|
# [/DEF:UserUpdate:Class]
|
|
|
|
# [DEF:User:Class]
|
|
# @PURPOSE: Schema for user data in API responses.
|
|
class User(UserBase):
|
|
id: str
|
|
auth_source: str
|
|
created_at: datetime
|
|
last_login: Optional[datetime] = None
|
|
roles: List[RoleSchema] = []
|
|
|
|
class Config:
|
|
from_attributes = True
|
|
# [/DEF:User:Class]
|
|
|
|
# [/DEF:backend.src.schemas.auth:Module] |