Phase 1: Foundation — backend auth, frontend shell, Docker setup

Backend (FastAPI): - App factory with async SQLAlchemy 2.0 + PostgreSQL - Alembic migration for users and sessions tables - JWT auth (access + refresh tokens, bcrypt passwords) - Auth endpoints: register, login, refresh, logout, me - Admin seed script, role-based access deps Frontend (React + TypeScript): - Vite + Tailwind CSS + shadcn/ui theme (health-oriented palette) - i18n with English and Russian translations - Zustand auth/UI stores with localStorage persistence - Axios client with automatic token refresh on 401 - Login/register pages, protected routing - App layout: collapsible sidebar, header with theme/language toggles - Dashboard with placeholder stats Infrastructure: - Docker Compose (postgres, backend, frontend, nginx) - Nginx reverse proxy with WebSocket support - Dev override with hot reload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:25:02 +03:00
parent 5bdc296172
commit 7c752cae6b
75 changed files with 7706 additions and 2 deletions
--- a/backend/tests/init.py
+++ b/backend/tests/init.py
--- a/backend/tests/conftest.py
+++ b/backend/tests/conftest.py
@@ -0,0 +1,61 @@
+import asyncio
+import uuid
+from collections.abc import AsyncGenerator
+
+import pytest
+from httpx import ASGITransport, AsyncClient
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
+
+from app.database import Base, get_db
+from app.main import create_app
+
+# Use a unique in-memory-like approach: create a separate test DB schema
+TEST_DATABASE_URL = "postgresql+asyncpg://ai_assistant:changeme@localhost:5432/ai_assistant_test"
+
+
+@pytest.fixture(scope="session")
+def event_loop():
+    loop = asyncio.new_event_loop()
+    yield loop
+    loop.close()
+
+
+@pytest.fixture(scope="session")
+async def test_engine():
+    engine = create_async_engine(TEST_DATABASE_URL)
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.drop_all)
+        await conn.run_sync(Base.metadata.create_all)
+    yield engine
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.drop_all)
+    await engine.dispose()
+
+
+@pytest.fixture
+async def db_session(test_engine) -> AsyncGenerator[AsyncSession, None]:
+    session_factory = async_sessionmaker(test_engine, class_=AsyncSession, expire_on_commit=False)
+    async with session_factory() as session:
+        yield session
+        await session.rollback()
+
+
+@pytest.fixture
+async def client(test_engine) -> AsyncGenerator[AsyncClient, None]:
+    session_factory = async_sessionmaker(test_engine, class_=AsyncSession, expire_on_commit=False)
+
+    async def override_get_db():
+        async with session_factory() as session:
+            try:
+                yield session
+                await session.commit()
+            except Exception:
+                await session.rollback()
+                raise
+
+    app = create_app()
+    app.dependency_overrides[get_db] = override_get_db
+
+    transport = ASGITransport(app=app)
+    async with AsyncClient(transport=transport, base_url="http://test") as ac:
+        yield ac
--- a/backend/tests/test_auth.py
+++ b/backend/tests/test_auth.py
@@ -0,0 +1,135 @@
+import pytest
+from httpx import AsyncClient
+
+
+@pytest.fixture
+async def registered_user(client: AsyncClient):
+    resp = await client.post("/api/v1/auth/register", json={
+        "email": "test@example.com",
+        "username": "testuser",
+        "password": "testpass123",
+        "full_name": "Test User",
+    })
+    assert resp.status_code == 201
+    return resp.json()
+
+
+async def test_health(client: AsyncClient):
+    resp = await client.get("/api/v1/health")
+    assert resp.status_code == 200
+    assert resp.json() == {"status": "ok"}
+
+
+async def test_register_success(client: AsyncClient):
+    resp = await client.post("/api/v1/auth/register", json={
+        "email": "new@example.com",
+        "username": "newuser",
+        "password": "password123",
+    })
+    assert resp.status_code == 201
+    data = resp.json()
+    assert data["user"]["email"] == "new@example.com"
+    assert data["user"]["username"] == "newuser"
+    assert data["user"]["role"] == "user"
+    assert "access_token" in data
+    assert "refresh_token" in data
+
+
+async def test_register_duplicate_email(client: AsyncClient, registered_user):
+    resp = await client.post("/api/v1/auth/register", json={
+        "email": "test@example.com",
+        "username": "different",
+        "password": "password123",
+    })
+    assert resp.status_code == 409
+
+
+async def test_register_short_password(client: AsyncClient):
+    resp = await client.post("/api/v1/auth/register", json={
+        "email": "short@example.com",
+        "username": "shortpw",
+        "password": "short",
+    })
+    assert resp.status_code == 422
+
+
+async def test_login_success(client: AsyncClient, registered_user):
+    resp = await client.post("/api/v1/auth/login", json={
+        "email": "test@example.com",
+        "password": "testpass123",
+    })
+    assert resp.status_code == 200
+    data = resp.json()
+    assert data["user"]["email"] == "test@example.com"
+    assert "access_token" in data
+    assert "refresh_token" in data
+
+
+async def test_login_invalid_credentials(client: AsyncClient, registered_user):
+    resp = await client.post("/api/v1/auth/login", json={
+        "email": "test@example.com",
+        "password": "wrongpassword",
+    })
+    assert resp.status_code == 401
+
+
+async def test_login_nonexistent_user(client: AsyncClient):
+    resp = await client.post("/api/v1/auth/login", json={
+        "email": "nobody@example.com",
+        "password": "password123",
+    })
+    assert resp.status_code == 401
+
+
+async def test_me_authenticated(client: AsyncClient, registered_user):
+    token = registered_user["access_token"]
+    resp = await client.get("/api/v1/auth/me", headers={
+        "Authorization": f"Bearer {token}",
+    })
+    assert resp.status_code == 200
+    assert resp.json()["email"] == "test@example.com"
+
+
+async def test_me_unauthenticated(client: AsyncClient):
+    resp = await client.get("/api/v1/auth/me")
+    assert resp.status_code == 401
+
+
+async def test_me_invalid_token(client: AsyncClient):
+    resp = await client.get("/api/v1/auth/me", headers={
+        "Authorization": "Bearer invalid_token_here",
+    })
+    assert resp.status_code == 401
+
+
+async def test_refresh_token(client: AsyncClient, registered_user):
+    refresh = registered_user["refresh_token"]
+    resp = await client.post("/api/v1/auth/refresh", json={
+        "refresh_token": refresh,
+    })
+    assert resp.status_code == 200
+    data = resp.json()
+    assert "access_token" in data
+    assert "refresh_token" in data
+    assert data["refresh_token"] != refresh  # rotated
+
+
+async def test_refresh_invalid_token(client: AsyncClient):
+    resp = await client.post("/api/v1/auth/refresh", json={
+        "refresh_token": "invalid_token",
+    })
+    assert resp.status_code == 401
+
+
+async def test_logout(client: AsyncClient, registered_user):
+    refresh = registered_user["refresh_token"]
+    resp = await client.post("/api/v1/auth/logout", json={
+        "refresh_token": refresh,
+    })
+    assert resp.status_code == 204
+
+    # Refresh should fail after logout
+    resp = await client.post("/api/v1/auth/refresh", json={
+        "refresh_token": refresh,
+    })
+    assert resp.status_code == 401