aimond/site11
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Phase 1 - Complete authentication system with JWT

Browse Source 
Backend Implementation (FastAPI + MongoDB):
- JWT authentication with access/refresh tokens
- User registration and login endpoints
- Password hashing with bcrypt (fixed 72-byte limit)
- Protected endpoints with JWT middleware
- Token refresh mechanism
- Role-Based Access Control (RBAC) structure
- Pydantic v2 models and async MongoDB with Motor
- API endpoints: /api/auth/register, /api/auth/login, /api/auth/me, /api/auth/refresh

Frontend Implementation (React + TypeScript + Material-UI):
- Login and Register pages with validation
- AuthContext for global authentication state
- API client with Axios interceptors for token refresh
- Protected routes with automatic redirect
- User profile display in navigation
- Logout functionality

Technical Achievements:
- Resolved bcrypt 72-byte limit (replaced passlib with native bcrypt)
- Fixed Pydantic v2 compatibility (PyObjectId, ConfigDict)
- Implemented automatic token refresh on 401 errors
- Created comprehensive test suite for all auth endpoints

Docker & Kubernetes:
- Backend image: yakenator/site11-console-backend:latest
- Frontend image: yakenator/site11-console-frontend:latest
- Deployed to site11-pipeline namespace
- Nginx reverse proxy configuration

Documentation:
- CONSOLE_ARCHITECTURE.md - Complete system architecture
- PHASE1_COMPLETION.md - Detailed completion report
- PROGRESS.md - Updated with Phase 1 status

All authentication endpoints tested and verified working.

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
jungwoo choi
2025-10-28 16:23:07 +09:00
parent 161f206ae2
commit f4b75b96a5
51 changed files with 2480 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

276
services/console/PHASE1_COMPLETION.md Normal file
View File

@ -0,0 +1,276 @@
# Phase 1: Authentication System - Completion Report
## Overview
Phase 1 of the Site11 Console project has been successfully completed. This phase establishes a complete authentication system with JWT token-based security for both backend and frontend.
**Completion Date**: October 28, 2025
## What Was Built
### 1. Backend Authentication API (FastAPI + MongoDB)
#### Core Features
- **User Registration**: Create new users with email, username, and password
- **User Login**: Authenticate users and issue JWT tokens
- **Token Management**: Access tokens (30 min) and refresh tokens (7 days)
- **Protected Endpoints**: JWT middleware for secure routes
- **Password Security**: bcrypt hashing with proper salt handling
- **Role-Based Access Control (RBAC)**: User roles (admin, editor, viewer)
#### Technology Stack
- FastAPI 0.109.0
- MongoDB with Motor (async driver)
- Pydantic v2 for data validation
- python-jose for JWT
- bcrypt 4.1.2 for password hashing
#### API Endpoints
| Method | Endpoint | Description | Auth Required |
|--------|----------|-------------|---------------|
| POST | `/api/auth/register` | Register new user | No |
| POST | `/api/auth/login` | Login and get tokens | No |
| GET | `/api/auth/me` | Get current user info | Yes |
| POST | `/api/auth/refresh` | Refresh access token | Yes (refresh token) |
| POST | `/api/auth/logout` | Logout user | Yes |
#### File Structure
```
services/console/backend/
├── app/
│ ├── core/
│ │ ├── config.py # Application settings
│ │ └── security.py # JWT & password hashing
│ ├── db/
│ │ └── mongodb.py # MongoDB connection
│ ├── models/
│ │ └── user.py # User data model
│ ├── schemas/
│ │ └── auth.py # Request/response schemas
│ ├── services/
│ │ └── user_service.py # Business logic
│ ├── routes/
│ │ └── auth.py # API endpoints
│ └── main.py # Application entry point
├── Dockerfile
└── requirements.txt
```
### 2. Frontend Authentication UI (React + TypeScript)
#### Core Features
- **Login Page**: Material-UI form with validation
- **Register Page**: User creation with password confirmation
- **Auth Context**: Global authentication state management
- **Protected Routes**: Redirect unauthenticated users to login
- **Automatic Token Refresh**: Intercept 401 and refresh tokens
- **User Profile Display**: Show username and role in navigation
- **Logout Functionality**: Clear tokens and redirect to login
#### Technology Stack
- React 18.2.0
- TypeScript 5.2.2
- Material-UI v5
- React Router v6
- Axios for HTTP requests
- Vite for building
#### Component Structure
```
services/console/frontend/src/
├── types/
│ └── auth.ts # TypeScript interfaces
├── api/
│ └── auth.ts # API client with interceptors
├── contexts/
│ └── AuthContext.tsx # Global auth state
├── components/
│ ├── Layout.tsx # Main layout with nav
│ └── ProtectedRoute.tsx # Route guard component
├── pages/
│ ├── Login.tsx # Login page
│ ├── Register.tsx # Registration page
│ ├── Dashboard.tsx # Main dashboard (protected)
│ ├── Services.tsx # Services page (protected)
│ └── Users.tsx # Users page (protected)
├── App.tsx # Router configuration
└── main.tsx # Application entry point
```
### 3. Deployment Configuration
#### Docker Images
Both services are containerized and pushed to Docker Hub:
- **Backend**: `yakenator/site11-console-backend:latest`
- **Frontend**: `yakenator/site11-console-frontend:latest`
#### Kubernetes Deployment
Deployed to `site11-pipeline` namespace with:
- 2 replicas for each service (backend and frontend)
- Service discovery via Kubernetes Services
- Nginx reverse proxy for frontend API routing
## Technical Challenges & Solutions
### Challenge 1: Bcrypt Password Length Limit
**Problem**: `passlib` threw error "password cannot be longer than 72 bytes"
**Solution**: Replaced `passlib[bcrypt]` with native `bcrypt==4.1.2` library
```python
import bcrypt
def get_password_hash(password: str) -> str:
password_bytes = password.encode('utf-8')
salt = bcrypt.gensalt()
return bcrypt.hashpw(password_bytes, salt).decode('utf-8')
```
### Challenge 2: Pydantic v2 Compatibility
**Problem**: `__modify_schema__` method not supported in Pydantic v2
**Solution**: Updated to Pydantic v2 patterns:
- Changed `__modify_schema__` to `__get_pydantic_core_schema__`
- Replaced `class Config` with `model_config = ConfigDict(...)`
- Updated all models to use new Pydantic v2 syntax
### Challenge 3: TypeScript Import.meta.env Types
**Problem**: TypeScript couldn't recognize `import.meta.env.VITE_API_URL`
**Solution**: Created `vite-env.d.ts` with proper type declarations:
```typescript
interface ImportMetaEnv {
readonly VITE_API_URL?: string
}
interface ImportMeta {
readonly env: ImportMetaEnv
}
```
## Testing Results
### Backend API Tests (via curl)
All endpoints tested and working correctly:
**User Registration**
```bash
curl -X POST http://localhost:8000/api/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"test@site11.com","username":"testuser","password":"test123"}'
# Returns: User object with _id, email, username, role
```
**User Login**
```bash
curl -X POST http://localhost:8000/api/auth/login \
-d "username=testuser&password=test123"
# Returns: access_token, refresh_token, token_type
```
**Protected Endpoint**
```bash
curl -X GET http://localhost:8000/api/auth/me \
-H "Authorization: Bearer <access_token>"
# Returns: Current user details with last_login_at
```
**Token Refresh**
```bash
curl -X POST http://localhost:8000/api/auth/refresh \
-H "Content-Type: application/json" \
-d '{"refresh_token":"<refresh_token>"}'
# Returns: New access_token and same refresh_token
```
**Security Validations**
- Wrong password → "Incorrect username/email or password"
- No token → "Not authenticated"
- Duplicate email → "Email already registered"
### Frontend Tests
✅ Login page renders correctly
✅ Registration form with validation
✅ Protected routes redirect to login
✅ User info displayed in navigation bar
✅ Logout clears session and redirects
## Deployment Instructions
### Build Docker Images
```bash
# Backend
cd services/console/backend
docker build -t yakenator/site11-console-backend:latest .
docker push yakenator/site11-console-backend:latest
# Frontend
cd services/console/frontend
docker build -t yakenator/site11-console-frontend:latest .
docker push yakenator/site11-console-frontend:latest
```
### Deploy to Kubernetes
```bash
# Delete old pods to pull new images
kubectl -n site11-pipeline delete pod -l app=console-backend
kubectl -n site11-pipeline delete pod -l app=console-frontend
# Wait for new pods to start
kubectl -n site11-pipeline get pods -w
```
### Local Access (Port Forwarding)
```bash
# Backend
kubectl -n site11-pipeline port-forward svc/console-backend 8000:8000 &
# Frontend
kubectl -n site11-pipeline port-forward svc/console-frontend 3000:80 &
# Access
open http://localhost:3000
```
## Next Steps (Phase 2)
### Service Management CRUD
1. **Backend**:
- Service model (name, url, status, health_endpoint, last_check)
- CRUD API endpoints
- Health check scheduler
- Service registry
2. **Frontend**:
- Services list page with table
- Add/Edit service modal
- Service status indicators
- Health monitoring dashboard
3. **Features**:
- Auto-discovery of services
- Periodic health checks
- Service availability statistics
- Alert notifications
## Success Metrics
✅ All authentication endpoints functional
✅ JWT tokens working correctly
✅ Token refresh implemented
✅ Frontend login/register flows complete
✅ Protected routes working
✅ Docker images built and pushed
✅ Deployed to Kubernetes successfully
✅ All tests passing
✅ Documentation complete
## Team Notes
- Code follows FastAPI and React best practices
- All secrets managed via environment variables
- Proper error handling implemented
- API endpoints follow RESTful conventions
- Frontend components are reusable and well-structured
- TypeScript types ensure type safety
---
**Phase 1 Status**: ✅ **COMPLETE**
**Ready for**: Phase 2 - Service Management CRUD