Merge branch 'main' into feature/existing-users

Author: matheusgalvao1

LICENSE

@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.

app/main.py

@@ -8,6 +8,7 @@
 from utils.config import load_config, load_initial_todos, load_initial_users
 from utils.auth import setup_auth_config
 from services.auth_service import init_auth_service, add_user
+from flasgger import Swagger
 import secrets
 
 def create_app(auth_config):
@@ -32,7 +33,26 @@ def create_app(auth_config):
     app.config['SECRET_KEY'] = secrets.token_hex(32)  # Generate secure random secret key
     app.config['auth_config'] = auth_config
     app.config['initial_todos'] = load_initial_todos()  # Load initial todos from config file
-
+    
+    # Configure Swagger
+    template = {
+        "swagger": "2.0",
+        "info": {
+            "title": "Todo API",
+            "description": "A RESTful API for managing todos and notes",
+            "version": "1.0.0"
+        }
+    }
+    
+    app.config['SWAGGER'] = {
+        'title': 'Todo API',
+        'uiversion': 3,
+        'specs_route': '/',
+        'url_prefix': '/swagger'
+    }
+    
+    Swagger(app, template=template)
+    
     # Set up authentication
     init_auth_routes(auth_config)
     auth_middleware = AuthMiddleware(auth_config)

app/routes/auth.py

@@ -1,18 +1,31 @@
-from flask import Blueprint, request, jsonify, session
-import jwt
-import datetime
+from flask import Blueprint, request, jsonify
 from config.auth_config import AuthMethod, AuthConfig
-from services.auth_service import generate_jwt_token, is_username_taken, add_user, signup_user, login_user, logout_user, blacklist_token, validate_refresh_token, refresh_tokens
+from services.auth_service import (
+    signup_user,
+    validate_refresh_token,
+    generate_jwt_token,
+    refresh_tokens,
+    login_jwt,
+    login_session,
+    logout_jwt,
+    logout_session
+)
 
-auth_bp = Blueprint("auth", __name__)
-auth_config = None
+# --- Configuration ---
+auth_bp = Blueprint("auth", __name__)  # Flask blueprint for auth routes
+auth_config = None  # Global configuration object set during initialization
 
 def init_auth_routes(config: AuthConfig):
     global auth_config
     auth_config = config
 
+# --- Authentication Routes ---
 @auth_bp.route("/signup", methods=["POST"])
 def signup():
+    """
+    Register a new user
+    Expects JSON: {"username": "user", "password": "pass"}
+    """
     if auth_config.auth_method == AuthMethod.API_KEY:
         return jsonify({"error": "Signup not available with API key authentication"}), 400
 
@@ -21,14 +34,60 @@ def signup():
 
 @auth_bp.route("/login", methods=["POST"])
 def login():
+    """
+    Authenticate user and return tokens (JWT) or create session
+    Expects JSON: {"username": "user", "password": "pass"}
+    """
     if auth_config.auth_method == AuthMethod.API_KEY:
         return jsonify({"error": "Login not available with API key authentication"}), 400
 
     data = request.get_json()
-    return login_user(data)
+    if not data or "username" not in data or "password" not in data:
+        return jsonify({"error": "Username and password are required"}), 400
+    
+    username = data["username"]
+    password = data["password"]
+    
+    if auth_config.auth_method == AuthMethod.JWT:
+        return login_jwt(username, password)
+    
+    return login_session(username, password)
+
+@auth_bp.route("/logout", methods=["POST"])
+def logout():
+    """
+    End user session or invalidate JWT tokens
+    For JWT: Requires Authorization header with Bearer token and refresh_token in JSON body
+    For Session: No additional requirements
+    """
+    if auth_config.auth_method == AuthMethod.API_KEY:
+        return jsonify({"error": "Logout not available with API key authentication"}), 400
+
+    if auth_config.auth_method == AuthMethod.JWT:
+        auth_header = request.headers.get('Authorization')
+        if not auth_header or not auth_header.startswith('Bearer '):
+            return jsonify({"error": "Access token is required in Authorization header"}), 401
+        access_token = auth_header.split(' ')[1]
+        
+        if not request.is_json:
+            return jsonify({"error": "Request must be JSON"}), 415
+        
+        data = request.get_json()
+        refresh_token = data.get("refresh_token")
+        if not refresh_token:
+            return jsonify({"error": "Refresh token is required in request body"}), 400
+        
+        return logout_jwt(access_token, refresh_token)
+    
+    return logout_session()
 
 @auth_bp.route("/refresh", methods=["POST"])
 def refresh_token():
+    """
+    Get new access token using refresh token
+    Expects JSON: {"refresh_token": "token"}
+    Returns: New access token and refresh token pair
+    """
     data = request.get_json()
     refresh_token = data.get("refresh_token")
     username = validate_refresh_token(refresh_token)
@@ -37,36 +96,10 @@ def refresh_token():
 
     access_token, new_refresh_token = generate_jwt_token(username)
 
-    # Remove old refresh token and store new one
     if refresh_token in refresh_tokens:
         del refresh_tokens[refresh_token]
 
     return jsonify({
         "access_token": access_token,
         "refresh_token": new_refresh_token
-    }), 200
-
-@auth_bp.route("/logout", methods=["POST"])
-def logout():
-    if auth_config.auth_method == AuthMethod.API_KEY:
-        return jsonify({"error": "Logout not available with API key authentication"}), 400
-    
-    elif auth_config.auth_method == AuthMethod.JWT:
-        auth_header = request.headers.get('Authorization')
-        if auth_header and auth_header.startswith('Bearer '):
-            token = auth_header.split(' ')[1]
-            blacklist_token(token)
-        
-        # Invalidate refresh token
-        data = request.get_json()
-        refresh_token = data.get("refresh_token")
-        if refresh_token in refresh_tokens:
-            del refresh_tokens[refresh_token]
-        
-        return jsonify({"message": "Logout successful"})
-    
-    elif auth_config.auth_method == AuthMethod.SESSION:
-        session.clear()
-        return jsonify({"message": "Logout successful"})
-    
-    return jsonify({"error": "Invalid authentication method"}), 500 
+    }), 200