nit

Author: abhimanyusaxena

backend/app/api/deps.py

@@ -32,7 +32,7 @@ def get_db() -> Generator[Session, None, None]:
 def get_current_user(session: SessionDep, token: TokenDep) -> User:
     try:
         payload = jwt.decode(
-            token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
+            token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]
         )
         token_data = TokenPayload(**payload)
     except (InvalidTokenError, ValidationError):
@@ -51,8 +51,15 @@ def get_current_user(session: SessionDep, token: TokenDep) -> User:
 CurrentUser = Annotated[User, Depends(get_current_user)]
 
 
+def get_current_active_user(current_user: CurrentUser) -> User:
+    """Get current active user (already checked by get_current_user)."""
+    return current_user
+
+
 def get_current_active_superuser(current_user: CurrentUser) -> User:
-    if not current_user.is_superuser:
+    """Get current user if they are a superuser."""
+    from app.models.user import UserRole
+    if current_user.role not in [UserRole.ADMIN, UserRole.SUPERUSER]:
         raise HTTPException(
             status_code=403, detail="The user doesn't have enough privileges"
         )

backend/app/api/routes/login.py

@@ -36,9 +36,13 @@ def login_access_token(
     elif not user.is_active:
         raise HTTPException(status_code=400, detail="Inactive user")
     access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    refresh_token_expires = timedelta(days=7)  # 7 days for refresh token
     return Token(
         access_token=security.create_access_token(
             user.id, expires_delta=access_token_expires
+        ),
+        refresh_token=security.create_refresh_token(
+            user.id, expires_delta=refresh_token_expires
         )
     )
 

backend/app/core/config.py

@@ -378,10 +378,6 @@ def _enforce_non_default_secrets(self) -> Self:
     "version": 1,
     "disable_existing_loggers": False,
     "formatters": {
-        "json": {
-            "()": "pythonjsonlogger.jsonlogger.JsonFormatter",
-            "format": "%(asctime)s %(levelname)s %(name)s %(message)s",
-        },
         "console": {
             "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
         },

backend/app/core/security.py

@@ -26,7 +26,7 @@
 from app.core.config import settings
 from app.core.logging import logger
 from app.db import get_db, get_async_db
-from app.models import TokenPayload, User, UserRole
+from app.models import TokenPayload, User
 
 # Configure logging
 logger = logging.getLogger(__name__)
@@ -625,3 +625,7 @@ async def get_current_user_optional(
 
     except (jose_jwt.JWTError, ValidationError):
         return None
+
+
+# Alias for compatibility
+decode_token = verify_token

backend/app/models/__init__.py

@@ -46,6 +46,14 @@
     MCPServerStatus,
 )
 
+from app.models.oauth import (
+    OAuthState,
+    OAuthStateBase,
+    OAuthStateCreate,
+    OAuthStateUpdate,
+    OAuthStatePublic,
+)
+
 # This ensures that SQLModel knows about all models for migrations
 __all__ = [
     'BaseDBModel',
@@ -85,4 +93,9 @@
     'MCPServerPublic',
     'MCPTransportType',
     'MCPServerStatus',
+    'OAuthState',
+    'OAuthStateBase',
+    'OAuthStateCreate',
+    'OAuthStateUpdate',
+    'OAuthStatePublic',
 ]

backend/app/models/base.py

@@ -11,32 +11,27 @@ class BaseDBModel(SQLModel):
 
     id: UUID = Field(
         default_factory=uuid4,
-        sa_column=Column(
-            PG_UUID(as_uuid=True),
-            primary_key=True,
-            server_default=text("gen_random_uuid()"),
-            
-            index=True,
-        ),
+        sa_column_kwargs={
+            "primary_key": True,
+            "server_default": text("gen_random_uuid()"),
+            "index": True,
+        },
+        sa_type=PG_UUID(as_uuid=True),
     )
     created_at: datetime = Field(
         default_factory=datetime.utcnow,
-        
-        sa_column=Column(
-            DateTime(timezone=True),
-            server_default=func.now(),
-            
-        ),
+        sa_column_kwargs={
+            "server_default": func.now(),
+        },
+        sa_type=DateTime(timezone=True),
     )
     updated_at: datetime = Field(
         default_factory=datetime.utcnow,
-        
-        sa_column=Column(
-            DateTime(timezone=True),
-            server_default=func.now(),
-            onupdate=func.now(),
-            
-        ),
+        sa_column_kwargs={
+            "server_default": func.now(),
+            "onupdate": func.now(),
+        },
+        sa_type=DateTime(timezone=True),
     )
 
     class Config:
@@ -60,20 +55,16 @@ class TimestampMixin(SQLModel):
     """
     created_at: datetime = Field(
         default_factory=datetime.utcnow,
-        
-        sa_column=Column(
-            DateTime(timezone=True),
-            server_default=func.now(),
-            
-        ),
+        sa_column_kwargs={
+            "server_default": func.now(),
+        },
+        sa_type=DateTime(timezone=True),
     )
     updated_at: datetime = Field(
         default_factory=datetime.utcnow,
-        
-        sa_column=Column(
-            DateTime(timezone=True),
-            server_default=func.now(),
-            onupdate=func.now(),
-            
-        ),
+        sa_column_kwargs={
+            "server_default": func.now(),
+            "onupdate": func.now(),
+        },
+        sa_type=DateTime(timezone=True),
     )

backend/app/models/item.py

@@ -4,6 +4,7 @@
 from uuid import UUID, uuid4
 
 from pydantic import BaseModel, Field
+from sqlalchemy import text
 from sqlmodel import SQLModel, Field as SQLModelField
 
 from app.models.base import BaseDBModel
@@ -34,17 +35,10 @@ class ItemUpdate(SQLModel):
 
 class Item(ItemBase, BaseDBModel, table=True):
     """Database model for items."""
-    __tablename__ = "items"
+    __tablename__ = "item"
 
-    id: UUID = SQLModelField(
-        default_factory=uuid4,
-        primary_key=True,
-        index=True,
-        nullable=False,
-        sa_column_kwargs={"server_default": "gen_random_uuid()"},
-    )
     owner_id: UUID = SQLModelField(
-        ..., foreign_key="users.id", description="ID of the user who owns this item"
+        ..., foreign_key="user.id", description="ID of the user who owns this item"
     )
 
 

backend/app/models/oauth.py

@@ -0,0 +1,38 @@
+"""OAuth state model for CSRF protection."""
+from datetime import datetime
+from uuid import UUID
+
+from sqlmodel import Field, SQLModel
+
+from app.models.base import BaseDBModel
+
+
+class OAuthStateBase(SQLModel):
+    """Base OAuth state model."""
+    state_token: str = Field(unique=True, index=True)
+    provider: str = Field(max_length=50)
+    redirect_uri: str = Field(max_length=500)
+    expires_at: datetime
+    used: bool = Field(default=False)
+
+
+class OAuthState(OAuthStateBase, BaseDBModel, table=True):
+    """OAuth state for CSRF protection stored in database."""
+    __tablename__ = "oauth_state"
+
+
+class OAuthStateCreate(OAuthStateBase):
+    """Schema for creating OAuth state."""
+    pass
+
+
+class OAuthStateUpdate(SQLModel):
+    """Schema for updating OAuth state."""
+    used: bool = True
+
+
+class OAuthStatePublic(OAuthStateBase):
+    """Public schema for OAuth state."""
+    id: UUID
+    created_at: datetime
+    updated_at: datetime

backend/app/models/user.py

@@ -119,7 +119,7 @@ class Config:
 
 class UserInDB(UserBase, BaseDBModel, table=True):
     """User model for database representation."""
-    __tablename__ = "users"
+    __tablename__ = "user"
 
     # Relationships
     refresh_tokens: List["RefreshToken"] = Relationship(back_populates="user")
@@ -211,7 +211,7 @@ class RefreshToken(RefreshTokenBase, BaseDBModel, table=True):
     __tablename__ = "refresh_tokens"
 
     user_id: UUID = SQLModelField(
-        foreign_key="users.id",
+        foreign_key="user.id",
         index=True,
     )
     user: UserInDB = Relationship(back_populates="refresh_tokens")

backend/pyproject.toml

@@ -22,6 +22,9 @@ dependencies = [
     "sentry-sdk[fastapi]<2.0.0,>=1.40.6",
     "pyjwt<3.0.0,>=2.8.0",
     "aiohttp<4.0.0,>=3.9.0",
+    "loguru>=0.7.3",
+    "asyncpg>=0.30.0",
+    "python-jose[cryptography]>=3.5.0",
 ]
 
 [tool.uv]