Conversation
| MONGODB_URI= No newline at end of file | ||
| MONGODB_URI= | ||
| DEBUG_DIR=./debug_dir | ||
| ADMIN_PASSWORD= |
There was a problem hiding this comment.
We probably don't want to set this in the env file. We can have a default one which we put in the docs, and then prompt to change on first start.
There was a problem hiding this comment.
Hm, that's a good point. Lets land this and add a todo for that.
| logger = logging.getLogger(__name__) | ||
|
|
||
| # Configuration from environment variables | ||
| SECRET_KEY = os.getenv("AUTH_SECRET_KEY", "CHANGE_ME_IN_PRODUCTION") |
There was a problem hiding this comment.
Don't set a default for a password. If a default is needed, place it in the .env.template, not in the code. This reduces chances that it will be forgotten to change
| # User dependencies for protecting endpoints | ||
| current_active_user = fastapi_users.current_user(active=True) | ||
| current_superuser = fastapi_users.current_user(active=True, superuser=True) | ||
| optional_current_user = fastapi_users.current_user(optional=True) |
There was a problem hiding this comment.
What is the optional_current_user?
| optional_current_user = fastapi_users.current_user(optional=True) | ||
|
|
||
|
|
||
| def can_access_all_data(user: User) -> bool: |
There was a problem hiding this comment.
Don't think this method is needed as you can do User.is_supervisor
| Returns None for superusers (can access all), or [user.id] for regular users. | ||
| """ | ||
| if user.is_superuser: | ||
| return None # Can access all data |
There was a problem hiding this comment.
returning none when you can access all is a little unorthodox. Also unclear as to the purpose, as one assumes you can only access your data unless you're the admin,.
|
|
||
| async def create_admin_user_if_needed(): | ||
| """Create admin user during startup if it doesn't exist and credentials are provided.""" | ||
| if not ADMIN_PASSWORD: |
There was a problem hiding this comment.
Move this down, as if you already have an admin account, this doens't need to be set
| @@ -0,0 +1,51 @@ | |||
| """User models for fastapi-users integration with Beanie and MongoDB.""" | |||
|
|
|||
There was a problem hiding this comment.
rename file models/user.py
| profile_picture: Optional[str] = None | ||
|
|
||
|
|
||
| class UserCreate(BaseUserCreate): |
There was a problem hiding this comment.
Do we need seperate classes for different operations?
thestumonkey
left a comment
thestumonkey
left a comment
There was a problem hiding this comment.
Left some comments, generally looks fine, although i am not an expert with auth
* updated auth to remove custom user-id * stale data protection * udpate
|
The PR work is continued #27 |
2 participants
Solving #16 via fastapi-users[oauth,beanie]