separate service utils, improve role based auth middleware

mmiqball · mmiqball · commit ecce3758cc99 · 2024-11-30T19:54:58.000-05:00
diff --git a/backend/app/middleware/auth.py b/backend/app/middleware/auth.py
@@ -4,7 +4,7 @@
 import firebase_admin.auth
 from ..services.implementations.user_service import UserService
 from ..utilities.db_utils import get_db
-from ..schemas.user import UserRole
+from ..utilities.service_utils import get_user_service
 from functools import wraps
 from typing import Set
 
@@ -56,15 +56,17 @@ async def get_current_user(
 def require_roles(allowed_roles: Set[str]):
     def decorator(func):
         @wraps(func)
-        async def wrapper(*args, current_user=Depends(get_current_user), **kwargs):
+        async def wrapper(
+            *args, 
+            current_user=Depends(get_current_user),
+            user_service: UserService = Depends(get_user_service),
+            **kwargs
+        ):
             try:
-                # Get user role using the token from current_user
-                user_service = UserService(kwargs.get('db'))
                 user_role = user_service.get_user_role_by_auth_id(
                     firebase_admin.auth.verify_id_token(current_user["token"])["uid"]
                 )
                 
-                # Check if user's role is allowed
                 if user_role not in allowed_roles:
                     raise HTTPException(
                         status_code=403,
diff --git a/backend/app/middleware/role_auth.py b/backend/app/middleware/role_auth.py
diff --git a/backend/app/routes/auth.py b/backend/app/routes/auth.py
@@ -4,16 +4,12 @@
 from ..services.implementations.auth_service import AuthService
 from ..services.implementations.user_service import UserService
 from ..utilities.db_utils import get_db
+from ..utilities.service_utils import get_auth_service
 from ..middleware.auth import get_current_user
 import logging
 
 router = APIRouter(prefix="/auth", tags=["auth"])
 
-def get_auth_service(db: Session = Depends(get_db)):
-    logger = logging.getLogger(__name__)
-    return AuthService(logger=logger, user_service=UserService(db))
-
-
 @router.post("/login", response_model=AuthResponse)
 async def login(
     credentials: LoginRequest, 
diff --git a/backend/app/routes/user.py b/backend/app/routes/user.py
@@ -4,6 +4,7 @@
 from app.schemas.user import UserCreateRequest, UserCreateResponse
 from app.services.implementations.user_service import UserService
 from app.utilities.db_utils import get_db
+from app.utilities.service_utils import get_user_service
 
 router = APIRouter(
     prefix="/users",
@@ -15,10 +16,6 @@
 # allow signup methods other than email (like sign up w Google)??
 
 
-def get_user_service(db: Session = Depends(get_db)):
-    return UserService(db)
-
-
 @router.post("/", response_model=UserCreateResponse)
 async def create_user(
     user: UserCreateRequest, user_service: UserService = Depends(get_user_service)
diff --git a/backend/app/utilities/service_utils.py b/backend/app/utilities/service_utils.py
@@ -0,0 +1,13 @@
+from fastapi import Depends
+from sqlalchemy.orm import Session
+from ..services.implementations.user_service import UserService
+from ..services.implementations.auth_service import AuthService
+from .db_utils import get_db
+import logging
+
+def get_user_service(db: Session = Depends(get_db)):
+    return UserService(db)
+
+def get_auth_service(db: Session = Depends(get_db)):
+    logger = logging.getLogger(__name__)
+    return AuthService(logger=logger, user_service=UserService(db))
