🔖 0.6.2

🐛 Fix model-free apps and middleware installer
🚑️ Remove roles claim
2025-11-05 21:37:34 +01:00 · 2025-11-05 21:29:25 +01:00 · 2025-10-28 14:45:18 +01:00 · 2025-10-28 14:40:29 +01:00 · 2025-10-28 14:39:42 +01:00 · 2025-10-27 11:13:02 +01:00
7 changed files with 43 additions and 61 deletions
--- a/docs/apps.md
+++ b/docs/apps.md
@ -1,7 +1,7 @@
 # Apps

 Apps are a way to group database models and API routes that contextually belong together.
-For example, OhMyAPI comes bundled with an `auth` app that carries a `User` and `Group` model and provides API endpoints for JWT authentication.
+For example, OhMyAPI comes bundled with an `auth` app that carries a `User` model and provides API endpoints for JWT authentication.

 Apps help organizing projects by isolating individual components (or "features") from one another.

--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,6 +1,6 @@
 [project]
 name = "ohmyapi"
-version = "0.5.5"
+version = "0.6.2"
 description = "Django-flavored scaffolding and management layer around FastAPI, Pydantic, TortoiseORM and Aerich migrations"
 license = "MIT"
 keywords = ["fastapi", "tortoise", "orm", "pydantic", "async", "web-framework"]
--- a/src/ohmyapi/init.py
+++ b/src/ohmyapi/init.py
@ -1 +1 @@
-__VERSION__ = "0.5.5"
+__VERSION__ = "0.6.2"
--- a/src/ohmyapi/builtin/auth/models.py
+++ b/src/ohmyapi/builtin/auth/models.py
@ -1,27 +1,16 @@
-from functools import wraps
-from secrets import token_bytes
-from typing import List, Optional
-from uuid import UUID
-
-from passlib.context import CryptContext
-from tortoise.contrib.pydantic import pydantic_queryset_creator
-
 from ohmyapi.db import Model, field, Q
 from ohmyapi.router import HTTPException

 from .utils import hmac_hash

+from datetime import datetime
+from passlib.context import CryptContext
+from typing import Optional
+from uuid import UUID
+
 pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")


-class Group(Model):
-    id: UUID = field.data.UUIDField(pk=True)
-    name: str = field.CharField(max_length=42, index=True)
-
-    def __str__(self):
-        return self.name if self.name else ""
-
-
 class User(Model):
    id: UUID = field.data.UUIDField(pk=True)
    username: str = field.CharField(max_length=150, unique=True)
@ -29,20 +18,22 @@ class User(Model):
    password_hash: str = field.CharField(max_length=128)
    is_admin: bool = field.BooleanField(default=False)
    is_staff: bool = field.BooleanField(default=False)
-    groups: field.ManyToManyRelation[Group] = field.ManyToManyField(
-        "ohmyapi_auth.Group",
-        related_name="users",
-        through="ohmyapi_auth.UserGroups",
-        forward_key="user_id",
-        backward_key="group_id",
-    )
+    created_at: datetime = field.DatetimeField(auto_now_add=True)
+    updated_at: datetime = field.DatetimeField(auto_now=True)

    class Schema:
-        exclude = ["password_hash", "email_hash"]
+        include = {
+            "id",
+            "username",
+            "is_admin",
+            "is_staff"
+            "created_at",
+            "updated_at",
+        }

    def __str__(self):
        fields = {
-            'username': self.username if self.username else "-",
+            'username': self.username,
            'is_admin': 'y' if self.is_admin else 'n',
            'is_staff': 'y' if self.is_staff else 'n',
        }
@ -67,20 +58,3 @@ class User(Model):
        if user and user.verify_password(password):
            return user
        return None
-
-
-class UserGroups(Model):
-    user: field.ForeignKeyRelation[User] = field.ForeignKeyField(
-        "ohmyapi_auth.User",
-        related_name="user_groups",
-        index=True,
-    )
-    group: field.ForeignKeyRelation[Group] = field.ForeignKeyField(
-        "ohmyapi_auth.Group",
-        related_name="group_users",
-        index=True,
-    )
-
-    class Meta:
-        table = "ohmyapi_auth_user_groups"
-        constraints = [("UNIQUE", ("user_id", "group_id"))]
--- a/src/ohmyapi/builtin/auth/routes.py
+++ b/src/ohmyapi/builtin/auth/routes.py
@ -6,8 +6,9 @@ from fastapi import APIRouter, Body, Depends, Header, HTTPException, Request, st
 from fastapi.security import OAuth2, OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from fastapi.security.utils import get_authorization_scheme_param
 from pydantic import BaseModel
+from tortoise.exceptions import DoesNotExist

-from ohmyapi.builtin.auth.models import Group, User
+from ohmyapi.builtin.auth.models import User

 import jwt
 import settings
@ -52,7 +53,6 @@ class Claims(BaseModel):
    type: str
    sub: str
    user: ClaimsUser
-    roles: List[str]
    exp: str


@ -79,7 +79,7 @@ class TokenType(str, Enum):
    refresh = "refresh"


-def claims(token_type: TokenType, user: User, groups: List[Group] = []) -> Claims:
+def claims(token_type: TokenType, user: User = []) -> Claims:
    return Claims(
        type=token_type,
        sub=str(user.id),
@ -88,7 +88,6 @@ def claims(token_type: TokenType, user: User, groups: List[Group] = []) -> Claim
            is_admin=user.is_admin,
            is_staff=user.is_staff,
        ),
-        roles=[g.name for g in groups],
        exp="",
    )

@ -214,7 +213,11 @@ async def refresh_token(refresh_token: TokenRefresh = Body(...)):
        )

    user_id = payload.get("sub")
-    user = await User.get(id=user_id)
+    try:
+        user = await User.get(id=user_id)
+    except DoesNotExist:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
+
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found"
--- a/src/ohmyapi/core/runtime.py
+++ b/src/ohmyapi/core/runtime.py
@ -342,9 +342,9 @@ class App:
        except ModuleNotFoundError:
            return

-        getter = getattr(mod, "get", None)
-        if getter is not None:
-            for middleware in getter():
+        installer = getattr(mod, "install", None)
+        if installer is not None:
+            for middleware in installer():
                self._middlewares.append(middleware)

    def __serialize_route(self, route):
@ -404,10 +404,15 @@ class App:
        """
        Convenience method for serializing the runtime data.
        """
+        # An app may come without any models
+        models = []
+        if f"{self.name}.models" in self._models:
+            models = [
+                f"{self.name}.{m.__name__}"
+                for m in self._models[f"{self.name}.models"]
+            ]
        return {
-            "models": [
-                f"{self.name}.{m.__name__}" for m in self._models[f"{self.name}.models"]
-            ],
+            "models": models,
            "middlewares": self.__serialize_middleware(),
            "routes": self.__serialize_router(),
        }
--- a/src/ohmyapi/middleware/cors.py
+++ b/src/ohmyapi/middleware/cors.py
@ -15,12 +15,12 @@ CORS_CONFIG: Dict[str, Any] = getattr(settings, "MIDDLEWARE_CORS", {})
 if not isinstance(CORS_CONFIG, dict):
    raise ValueError("MIDDLEWARE_CORS must be of type dict")

-middleware = [
-    (CORSMiddleware, {
+middleware = (
+    CORSMiddleware,
+    {
        "allow_origins": CORS_CONFIG.get("ALLOW_ORIGINS", DEFAULT_ORIGINS),
        "allow_credentials": CORS_CONFIG.get("ALLOW_CREDENTIALS", DEFAULT_CREDENTIALS),
        "allow_methods": CORS_CONFIG.get("ALLOW_METHODS", DEFAULT_METHODS),
        "allow_headers": CORS_CONFIG.get("ALLOW_HEADERS", DEFAULT_HEADERS),
-    }),
-]
-
+    }
+)
Author	SHA1	Message	Date
Brian Wiborg	b5691f3133	🔖 0.6.2	2025-11-05 21:37:34 +01:00
Brian Wiborg	5f80a7a86f	🐛 Fix model-free apps and middleware installer	2025-11-05 21:29:25 +01:00
Brian Wiborg	b588ebcf8a	🚑️ Remove roles claim	2025-10-28 14:45:18 +01:00
Brian Wiborg	a9b88d87d6	🔖 0.6.0	2025-10-28 14:40:29 +01:00
Brian Wiborg	7163fe778e	♻️ Refactor ohmyapi_auth - remove Group and UserGroups (should be handled by dedicated app, if even) - enforce User.Schema() include-fields	2025-10-28 14:39:42 +01:00
Brian Wiborg	458ffc6b2c	🔖 0.5.6	2025-10-27 11:13:02 +01:00
Brian Wiborg	22ca522615	🐛 Catch invalid user refresh	2025-10-27 11:03:12 +01:00