This is a first example of using fastapi-auth. Test instructions are in the users router

aliasaria · aliasaria · commit e072a12b0a24 · 2025-11-13T14:45:46.000-05:00
diff --git a/api.py b/api.py
@@ -81,6 +81,17 @@
 
 from dotenv import load_dotenv
 
+from transformerlab.models.users import (
+    fastapi_users,
+    auth_backend,
+    current_active_user,
+    UserRead,
+    UserCreate,
+    UserUpdate,
+)
+from transformerlab.routers.test_users import router as users_router
+from transformerlab.shared.models.user_model import create_db_and_tables, User
+
 load_dotenv()
 
 # The following environment variable can be used by other scripts
@@ -109,6 +120,7 @@ async def lifespan(app: FastAPI):
     galleries.update_gallery_cache()
     spawn_fastchat_controller_subprocess()
     await db.init()
+    await create_db_and_tables()
     print("✅ SEED DATA")
     # Initialize experiments and cancel any running jobs
     seed_default_experiments()
@@ -230,6 +242,25 @@ async def validation_exception_handler(request, exc):
 app.include_router(remote.router)
 app.include_router(fastchat_openai_api.router)
 
+# Include Auth and Registration Routers
+app.include_router(
+    fastapi_users.get_auth_router(auth_backend),
+    prefix="/auth/jwt",
+    tags=["auth"],
+)
+app.include_router(
+    fastapi_users.get_register_router(UserRead, UserCreate),
+    prefix="/auth",
+    tags=["auth"],
+)
+# Include User Management Router (allows authenticated users to view/update their profile)
+app.include_router(
+    fastapi_users.get_users_router(UserRead, UserUpdate),
+    prefix="/users",
+    tags=["users"],
+)
+app.include_router(users_router)
+
 # Authentication and session management routes
 if os.getenv("TFL_MULTITENANT") == "true":
     from transformerlab.routers import auth  # noqa: E402
diff --git a/transformerlab/models/users.py b/transformerlab/models/users.py
@@ -0,0 +1,70 @@
+# users.py
+import uuid
+from typing import Optional, AsyncGenerator
+from fastapi import Depends, Request
+from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin, schemas
+from fastapi_users.authentication import AuthenticationBackend, BearerTransport, JWTStrategy
+from fastapi_users.db import SQLAlchemyUserDatabase
+from transformerlab.shared.models.user_model import User, get_async_session
+from sqlalchemy.ext.asyncio import AsyncSession
+
+
+# --- Pydantic Schemas for API interactions ---
+class UserRead(schemas.BaseUser[uuid.UUID]):
+    # Add your custom fields here if you added them to the User model
+    pass
+
+
+class UserCreate(schemas.BaseUserCreate):
+    pass
+
+
+class UserUpdate(schemas.BaseUserUpdate):
+    pass
+
+
+# --- User Manager (Handles registration, password reset, etc.) ---
+SECRET = "YOUR_STRONG_SECRET"  # !! CHANGE THIS IN PRODUCTION !!
+
+
+class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
+    reset_password_token_secret = SECRET
+    verification_token_secret = SECRET
+
+    # Optional: Define custom logic after registration
+    async def on_after_register(self, user: User, request: Optional[Request] = None):
+        print(f"User {user.id} has registered.")
+
+
+async def get_user_db(session: AsyncSession = Depends(get_async_session)):
+    yield SQLAlchemyUserDatabase(session, User)
+
+
+async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
+    yield UserManager(user_db)
+
+
+# --- Authentication Backend (JWT/Bearer Token) ---
+bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
+
+
+def get_jwt_strategy() -> JWTStrategy:
+    # Token lasts for 3600 seconds (1 hour)
+    return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
+
+
+auth_backend = AuthenticationBackend(
+    name="jwt",
+    transport=bearer_transport,
+    get_strategy=get_jwt_strategy,
+)
+
+# --- FastAPIUsers Instance (The main utility) ---
+fastapi_users = FastAPIUsers[User, uuid.UUID](
+    get_user_manager,
+    [auth_backend],  # Add more backends (like Google OAuth) here
+)
+
+# --- Dependency for Protected Routes ---
+# This is what you'll use in your route decorators
+current_active_user = fastapi_users.current_user(active=True)
diff --git a/transformerlab/routers/test_users.py b/transformerlab/routers/test_users.py
@@ -0,0 +1,31 @@
+from fastapi import APIRouter, Depends
+from transformerlab.shared.models.user_model import User
+from transformerlab.models.users import (
+    current_active_user,
+)
+
+
+router = APIRouter(prefix="/test_users", tags=["users"])
+
+
+@router.get("/authenticated-route")
+async def authenticated_route(user: User = Depends(current_active_user)):
+    return {"message": f"Hello, {user.email}! You are authenticated."}
+
+
+# To test this, register a new user via /auth/register
+# curl -X POST 'http://127.0.0.1:8338/auth/register' \
+#  -H 'Content-Type: application/json' \
+#  -d '{
+#    "email": "test@example.com",
+#    "password": "password123"
+# }'
+
+# Then
+# curl -X POST 'http://127.0.0.1:8338/auth/jwt/login' \
+#  -H 'Content-Type: application/x-www-form-urlencoded' \
+#  -d 'username=test@example.com&password=password123'
+
+# This will return a token, which you can use to access the authenticated route:
+# curl -X GET 'http://127.0.0.1:8338/authenticated-route' \
+#  -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>'
diff --git a/transformerlab/shared/models/user_model.py b/transformerlab/shared/models/user_model.py
@@ -0,0 +1,33 @@
+# database.py
+from typing import AsyncGenerator
+from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
+from sqlalchemy.ext.declarative import DeclarativeMeta, declarative_base
+from sqlalchemy.orm import sessionmaker
+from fastapi_users.db import SQLAlchemyBaseUserTableUUID
+
+# Replace with your actual database URL (e.g., PostgreSQL, SQLite)
+from transformerlab.db.constants import DATABASE_FILE_NAME, DATABASE_URL
+
+Base: DeclarativeMeta = declarative_base()
+
+
+# 1. Define your User Model (inherits from a FastAPI Users base class)
+class User(SQLAlchemyBaseUserTableUUID, Base):
+    pass  # You can add custom fields here later, like 'first_name: str'
+
+
+# 2. Setup the Async Engine and Session
+engine = create_async_engine(DATABASE_URL)
+AsyncSessionLocal = sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
+
+
+# 3. Utility to create tables (run this on app startup)
+async def create_db_and_tables():
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)
+
+
+# 4. Database session dependency
+async def get_async_session() -> AsyncGenerator[AsyncSession, None]:
+    async with AsyncSessionLocal() as session:
+        yield session
