11# AuthLab 🛡️
22
3- AuthLab is a high-performance, secure authentication microservice built with ** FastAPI** and ** Redis** . It provides a robust foundation for managing user sessions, implementing JWT-based authentication, and protecting APIs with advanced security features.
3+ AuthLab is a high-performance, secure authentication microservice built with ** FastAPI** , ** SQLAlchemy** , and ** Redis** . It provides a robust foundation for managing user sessions, implementing JWT-based authentication, and protecting APIs with advanced security features.
4+
5+ [ ![ CI] ( https://github.com/fdehech/AuthLab/actions/workflows/ci.yml/badge.svg )] ( https://github.com/fdehech/AuthLab/actions/workflows/ci.yml )
46
57## 🚀 Features
68
79- ** JWT Authentication** : Secure access token generation using ` python-jose ` .
810- ** Refresh Token Rotation** : Implements single-use refresh tokens for enhanced security against session hijacking.
11+ - ** Multi-Device Session Management** : Track and revoke all active sessions for a user (e.g., after a password change).
912- ** Rate Limiting** : Built-in protection against brute-force attacks on the login endpoint using Redis.
10- - ** Role-Based Access Control (RBAC)** : Flexible middleware to restrict access to specific endpoints based on user roles.
13+ - ** Role-Based Access Control (RBAC)** : Flexible middleware to restrict access to specific endpoints based on user roles (` user ` , ` admin ` ).
14+ - ** Database Persistence** : User data stored securely in SQLite (via SQLAlchemy).
1115- ** Redis Integration** : High-speed session management and rate limiting.
12- - ** Clean Architecture ** : Modular structure for easy maintenance and scalability .
16+ - ** CI/CD Ready ** : Integrated with GitHub Actions for automated testing and linting .
1317
1418## 🛠️ Tech Stack
1519
1620- ** Framework** : [ FastAPI] ( https://fastapi.tiangolo.com/ )
1721- ** ORM** : [ SQLAlchemy] ( https://www.sqlalchemy.org/ )
1822- ** Security** : [ python-jose] ( https://github.com/mpdavis/python-jose ) (JWT), [ Passlib] ( https://passlib.readthedocs.io/ ) (Bcrypt)
1923- ** Data Store** : [ Redis] ( https://redis.io/ ) & SQLite
20- - ** Server ** : [ Uvicorn ] ( https://www.uvicorn .org/ )
21- - ** Validation ** : [ Pydantic ] ( https://docs.pydantic.dev/ )
24+ - ** Testing ** : [ Pytest ] ( https://docs.pytest.org/ ) & [ HTTPX ] ( https:// www.python-httpx .org/)
25+ - ** Linting ** : [ Ruff ] ( https://github.com/astral-sh/ruff ) & [ Black ] ( https://github.com/psf/black )
2226
2327## 📁 Project Structure
2428
2529``` text
2630AuthLab/
2731├── app/
28- │ ├── models/ # Data Models
32+ │ ├── models/ # Data Models (Pydantic & SQLAlchemy)
2933│ │ ├── __init__.py # Exports for easy access
3034│ │ ├── requests.py # Pydantic request/response models
3135│ │ └── sql.py # SQLAlchemy database models
@@ -34,6 +38,8 @@ AuthLab/
3438│ ├── config.py # Configuration & Redis setup
3539│ ├── db.py # Database connection & session
3640│ └── __init__.py
41+ ├── tests/ # Comprehensive test suite
42+ ├── .github/workflows/ # CI/CD pipeline (GitHub Actions)
3743├── main.py # Application entry point
3844├── requirements.txt # Project dependencies
3945└── .env # Environment variables
@@ -43,7 +49,7 @@ AuthLab/
4349
4450### 1. Clone the Repository
4551``` bash
46- git clone https://github.com/yourusername /AuthLab.git
52+ git clone https://github.com/fdehech /AuthLab.git
4753cd AuthLab
4854```
4955
@@ -76,9 +82,16 @@ python main.py
7682```
7783The API will be available at ` http://localhost:8000 ` .
7884
79- ### 6. Run Tests
85+ ### 6. Run Tests & Linting
8086``` bash
87+ # Run all tests
8188python -m pytest
89+
90+ # Run linting checks
91+ ruff check .
92+
93+ # Format code
94+ black .
8295```
8396
8497## 📖 API Documentation
@@ -88,16 +101,20 @@ Once the server is running, you can access the interactive API documentation:
88101- ** ReDoc** : ` http://localhost:8000/redoc `
89102
90103### Key Endpoints:
91- - ` POST /register ` : Create a new user account.
104+ - ` POST /register ` : Create a new user account with a specific role .
92105- ` POST /login ` : Authenticate and receive JWT tokens.
93106- ` POST /refresh ` : Rotate refresh tokens and get a new access token.
94- - ` POST /logout ` : Invalidate a refresh token.
107+ - ` POST /logout ` : Invalidate a specific refresh token.
108+ - ` POST /change-password ` : Update password and revoke all active sessions.
109+ - ` GET /me ` : Get current user profile (Protected).
110+ - ` GET /admin ` : Access admin-only resources (Protected).
95111
96112## 🔒 Security Implementation
97113
98114- ** Token Rotation** : Every time a refresh token is used, it is invalidated and a new one is issued.
115+ - ** Session Revocation** : Changing a password automatically invalidates all active refresh tokens across all devices.
99116- ** Rate Limiting** : Login attempts are tracked by IP address in Redis. If the limit is exceeded, the user is blocked for a configurable window.
100- - ** Password Hashing** : Implemented secure password storage using Bcrypt.
117+ - ** Password Hashing** : Secure password storage using Bcrypt with a high work factor .
101118
102119## 📝 License
103120
0 commit comments