mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-05-23 16:35:59 +00:00
greatmengqi
27b66d6753
Introduce an always-on auth layer with auto-created admin on first boot, multi-tenant isolation for threads/stores, and a full setup/login flow. Backend - JWT access tokens with `ver` field for stale-token rejection; bump on password/email change - Password hashing, HttpOnly+Secure cookies (Secure derived from request scheme at runtime) - CSRF middleware covering both REST and LangGraph routes - IP-based login rate limiting (5 attempts / 5-min lockout) with bounded dict growth and X-Forwarded-For bypass fix - Multi-worker-safe admin auto-creation (single DB write, WAL once) - needs_setup + token_version on User model; SQLite schema migration - Thread/store isolation by owner; orphan thread migration on first admin registration - thread_id validated as UUID to prevent log injection - CLI tool to reset admin password - Decorator-based authz module extracted from auth core Frontend - Login and setup pages with SSR guard for needs_setup flow - Account settings page (change password / email) - AuthProvider + route guards; skips redirect when no users registered - i18n (en-US / zh-CN) for auth surfaces - Typed auth API client; parseAuthError unwraps FastAPI detail envelope Infra & tooling - Unified `serve.sh` with gateway mode + auto dep install - Public PyPI uv.toml pin for CI compatibility - Regenerated uv.lock with public index Tests - HTTP vs HTTPS cookie security tests - Auth middleware, rate limiter, CSRF, setup flow coverage
83 lines
1.8 KiB
Python
83 lines
1.8 KiB
Python
"""User repository interface for abstracting database operations."""
|
|
|
|
from abc import ABC, abstractmethod
|
|
|
|
from app.gateway.auth.models import User
|
|
|
|
|
|
class UserRepository(ABC):
|
|
"""Abstract interface for user data storage.
|
|
|
|
Implement this interface to support different storage backends
|
|
(SQLite)
|
|
"""
|
|
|
|
@abstractmethod
|
|
async def create_user(self, user: User) -> User:
|
|
"""Create a new user.
|
|
|
|
Args:
|
|
user: User object to create
|
|
|
|
Returns:
|
|
Created User with ID assigned
|
|
|
|
Raises:
|
|
ValueError: If email already exists
|
|
"""
|
|
...
|
|
|
|
@abstractmethod
|
|
async def get_user_by_id(self, user_id: str) -> User | None:
|
|
"""Get user by ID.
|
|
|
|
Args:
|
|
user_id: User UUID as string
|
|
|
|
Returns:
|
|
User if found, None otherwise
|
|
"""
|
|
...
|
|
|
|
@abstractmethod
|
|
async def get_user_by_email(self, email: str) -> User | None:
|
|
"""Get user by email.
|
|
|
|
Args:
|
|
email: User email address
|
|
|
|
Returns:
|
|
User if found, None otherwise
|
|
"""
|
|
...
|
|
|
|
@abstractmethod
|
|
async def update_user(self, user: User) -> User:
|
|
"""Update an existing user.
|
|
|
|
Args:
|
|
user: User object with updated fields
|
|
|
|
Returns:
|
|
Updated User
|
|
"""
|
|
...
|
|
|
|
@abstractmethod
|
|
async def count_users(self) -> int:
|
|
"""Return total number of registered users."""
|
|
...
|
|
|
|
@abstractmethod
|
|
async def get_user_by_oauth(self, provider: str, oauth_id: str) -> User | None:
|
|
"""Get user by OAuth provider and ID.
|
|
|
|
Args:
|
|
provider: OAuth provider name (e.g. 'github', 'google')
|
|
oauth_id: User ID from the OAuth provider
|
|
|
|
Returns:
|
|
User if found, None otherwise
|
|
"""
|
|
...
|