feat: OAuth 2.0 백엔드 시스템 구현 완료

Phase 1 & 2 완료: - 프로젝트 기본 구조 설정 - Docker Compose 환경 구성 (MongoDB, Redis, Backend, Frontend) - FastAPI 기반 OAuth 2.0 백엔드 구현 주요 기능: - JWT 기반 인증 시스템 - 3단계 권한 체계 (System Admin/Group Admin/User) - 사용자 관리 CRUD API - 애플리케이션 관리 CRUD API - OAuth 2.0 Authorization Code Flow - Refresh Token 관리 - 인증 히스토리 추적 API 엔드포인트: - /auth/* - 인증 관련 (register, login, logout, refresh) - /users/* - 사용자 관리 - /applications/* - 애플리케이션 관리 - /oauth/* - OAuth 2.0 플로우 보안 기능: - bcrypt 비밀번호 해싱 - JWT 토큰 인증 - CORS 설정 - Rate limiting 준비 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-05 14:56:02 +09:00
parent abdcc31245
commit 6c21809a24
25 changed files with 2012 additions and 45 deletions
--- a/oauth/backend/app/models/init.py
+++ b/oauth/backend/app/models/init.py
@ -0,0 +1,5 @@
+"""Data models for OAuth backend"""
+
+from .user import User, UserCreate, UserUpdate, UserRole, UserInDB
+from .application import Application, ApplicationCreate, ApplicationUpdate
+from .auth_history import AuthHistory, AuthAction
--- a/oauth/backend/app/models/application.py
+++ b/oauth/backend/app/models/application.py
@ -0,0 +1,79 @@
+"""Application model definitions"""
+
+from typing import List, Optional, Dict, Any
+from pydantic import BaseModel, Field, ConfigDict
+from datetime import datetime
+from bson import ObjectId
+
+
+class ApplicationTheme(BaseModel):
+    """Application theme configuration"""
+    primary_color: str = "#1976d2"
+    secondary_color: str = "#dc004e"
+    logo_url: Optional[str] = None
+    favicon_url: Optional[str] = None
+    font_family: str = "Roboto, sans-serif"
+    custom_css: Optional[str] = None
+
+
+class ApplicationBase(BaseModel):
+    """Base application model"""
+    app_name: str = Field(..., min_length=3, max_length=100)
+    description: Optional[str] = None
+    redirect_uris: List[str] = []
+    allowed_origins: List[str] = []
+    theme: Optional[ApplicationTheme] = ApplicationTheme()
+    permissions: List[str] = ["sso", "name", "email"]  # Default permissions
+    is_active: bool = True
+
+
+class ApplicationCreate(ApplicationBase):
+    """Application creation model"""
+    pass
+
+
+class ApplicationUpdate(BaseModel):
+    """Application update model"""
+    app_name: Optional[str] = Field(None, min_length=3, max_length=100)
+    description: Optional[str] = None
+    redirect_uris: Optional[List[str]] = None
+    allowed_origins: Optional[List[str]] = None
+    theme: Optional[ApplicationTheme] = None
+    permissions: Optional[List[str]] = None
+    is_active: Optional[bool] = None
+
+
+class Application(ApplicationBase):
+    """Application response model"""
+    id: str = Field(alias="_id")
+    client_id: str
+    client_secret: str
+    created_by: str
+    created_at: datetime
+    updated_at: datetime
+    
+    model_config = ConfigDict(
+        populate_by_name=True,
+        arbitrary_types_allowed=True,
+        json_encoders={ObjectId: str}
+    )
+
+
+class ApplicationInDB(Application):
+    """Application model in database"""
+    pass
+
+
+class ApplicationPublic(BaseModel):
+    """Public application information (no secret)"""
+    id: str = Field(alias="_id")
+    app_name: str
+    description: Optional[str] = None
+    theme: Optional[ApplicationTheme] = None
+    permissions: List[str] = []
+    
+    model_config = ConfigDict(
+        populate_by_name=True,
+        arbitrary_types_allowed=True,
+        json_encoders={ObjectId: str}
+    )
--- a/oauth/backend/app/models/auth_history.py
+++ b/oauth/backend/app/models/auth_history.py
@ -0,0 +1,53 @@
+"""Authentication history model definitions"""
+
+from typing import Optional
+from pydantic import BaseModel, Field, ConfigDict
+from datetime import datetime
+from enum import Enum
+from bson import ObjectId
+
+
+class AuthAction(str, Enum):
+    """Authentication action types"""
+    LOGIN = "login"
+    LOGOUT = "logout"
+    TOKEN_REFRESH = "token_refresh"
+    AUTHORIZATION_CODE = "authorization_code"
+    PASSWORD_RESET = "password_reset"
+    REGISTER = "register"
+    FAILED_LOGIN = "failed_login"
+
+
+class AuthHistoryBase(BaseModel):
+    """Base authentication history model"""
+    user_id: str
+    application_id: Optional[str] = None
+    action: AuthAction
+    ip_address: str
+    user_agent: Optional[str] = None
+    result: str = "success"
+    details: Optional[dict] = None
+    
+    model_config = ConfigDict(use_enum_values=True)
+
+
+class AuthHistoryCreate(AuthHistoryBase):
+    """Authentication history creation model"""
+    pass
+
+
+class AuthHistory(AuthHistoryBase):
+    """Authentication history response model"""
+    id: str = Field(alias="_id")
+    created_at: datetime
+    
+    model_config = ConfigDict(
+        populate_by_name=True,
+        arbitrary_types_allowed=True,
+        json_encoders={ObjectId: str}
+    )
+
+
+class AuthHistoryInDB(AuthHistory):
+    """Authentication history model in database"""
+    pass
--- a/oauth/backend/app/models/user.py
+++ b/oauth/backend/app/models/user.py
@ -0,0 +1,108 @@
+"""User model definitions"""
+
+from typing import Optional, List
+from pydantic import BaseModel, EmailStr, Field, ConfigDict
+from datetime import datetime
+from enum import Enum
+from bson import ObjectId
+
+
+class UserRole(str, Enum):
+    """User role enumeration"""
+    SYSTEM_ADMIN = "system_admin"
+    GROUP_ADMIN = "group_admin"
+    USER = "user"
+
+
+class PyObjectId(ObjectId):
+    """Custom ObjectId type for Pydantic"""
+    @classmethod
+    def __get_validators__(cls):
+        yield cls.validate
+
+    @classmethod
+    def validate(cls, v):
+        if not ObjectId.is_valid(v):
+            raise ValueError("Invalid ObjectId")
+        return ObjectId(v)
+
+    @classmethod
+    def __get_pydantic_json_schema__(cls, field_schema):
+        field_schema.update(type="string")
+
+
+class UserBase(BaseModel):
+    """Base user model"""
+    email: EmailStr
+    username: str = Field(..., min_length=3, max_length=50)
+    full_name: Optional[str] = None
+    role: UserRole = UserRole.USER
+    profile_picture: Optional[str] = None
+    phone_number: Optional[str] = None
+    gender: Optional[str] = None
+    birth_date: Optional[str] = None
+    is_active: bool = True
+    
+    model_config = ConfigDict(use_enum_values=True)
+
+
+class UserCreate(UserBase):
+    """User creation model"""
+    password: str = Field(..., min_length=8)
+
+
+class UserUpdate(BaseModel):
+    """User update model"""
+    email: Optional[EmailStr] = None
+    username: Optional[str] = Field(None, min_length=3, max_length=50)
+    full_name: Optional[str] = None
+    role: Optional[UserRole] = None
+    profile_picture: Optional[str] = None
+    phone_number: Optional[str] = None
+    gender: Optional[str] = None
+    birth_date: Optional[str] = None
+    is_active: Optional[bool] = None
+    password: Optional[str] = Field(None, min_length=8)
+
+
+class User(UserBase):
+    """User response model"""
+    id: str = Field(alias="_id")
+    created_at: datetime
+    updated_at: datetime
+    
+    model_config = ConfigDict(
+        populate_by_name=True,
+        arbitrary_types_allowed=True,
+        json_encoders={ObjectId: str}
+    )
+
+
+class UserInDB(User):
+    """User model in database"""
+    hashed_password: str
+
+
+class UserLogin(BaseModel):
+    """User login model"""
+    username: str
+    password: str
+
+
+class TokenData(BaseModel):
+    """Token data model"""
+    user_id: Optional[str] = None
+    username: Optional[str] = None
+    role: Optional[str] = None
+
+
+class Token(BaseModel):
+    """Token response model"""
+    access_token: str
+    refresh_token: str
+    token_type: str = "bearer"
+
+
+class TokenRefresh(BaseModel):
+    """Token refresh request model"""
+    refresh_token: str