Description:
Currently, the application relies on a mock authentication system where the user simply selects their role from a sidebar dropdown (render_sidebar_auth). For a production banking module, we need a secure, token-based authentication system to protect sensitive loan data and restrict model training capabilities.
Tasks & Implementation Details:
- Backend:
- Create a new
User SQLAlchemy model with fields: id, username, hashed_password, role (Customer, Loan Officer, Administrator).
- Implement password hashing using
passlib and bcrypt.
- Create an OAuth2 login endpoint (
/api/token) that verifies credentials and returns a JSON Web Token (JWT) using the PyJWT library.
- Create a
get_current_user dependency in FastAPI to secure sensitive endpoints (e.g., only Administrators can hit /api/models/reload).
- Frontend:
- Build a Streamlit Login/Registration page that prompts for a username and password.
- Store the retrieved JWT in Streamlit's
st.session_state.
- Update all
requests.get() and requests.post() calls in the dashboard to include {"Authorization": f"Bearer {token}"} in the headers.
Acceptance Criteria:
- Users must log in to access the dashboard.
- The backend rejects unauthorized API requests with a
401 Unauthorized.
- Roles are strictly enforced (e.g. Customers cannot view the Model Training page).
Assignee : @Rishabh02-rgb
Description:
Currently, the application relies on a mock authentication system where the user simply selects their role from a sidebar dropdown (
render_sidebar_auth). For a production banking module, we need a secure, token-based authentication system to protect sensitive loan data and restrict model training capabilities.Tasks & Implementation Details:
UserSQLAlchemy model with fields:id,username,hashed_password,role(Customer, Loan Officer, Administrator).passlibandbcrypt./api/token) that verifies credentials and returns a JSON Web Token (JWT) using thePyJWTlibrary.get_current_userdependency in FastAPI to secure sensitive endpoints (e.g., only Administrators can hit/api/models/reload).st.session_state.requests.get()andrequests.post()calls in the dashboard to include{"Authorization": f"Bearer {token}"}in the headers.Acceptance Criteria:
401 Unauthorized.Assignee : @Rishabh02-rgb