egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df50d5e7f8623bf26dbd345471473cafc39e1ba7
PROJECT-CONTORL/backend/app/schemas/auth.py
beabigegg 679b89ae4c feat: implement security, error resilience, and query optimization proposals 
Security Validation (enhance-security-validation):
- JWT secret validation with entropy checking and pattern detection
- CSRF protection middleware with token generation/validation
- Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests
- MIME type validation with magic bytes detection for file uploads

Error Resilience (add-error-resilience):
- React ErrorBoundary component with fallback UI and retry functionality
- ErrorBoundaryWithI18n wrapper for internationalization support
- Page-level and section-level error boundaries in App.tsx

Query Performance (optimize-query-performance):
- Query monitoring utility with threshold warnings
- N+1 query fixes using joinedload/selectinload
- Optimized project members, tasks, and subtasks endpoints

Bug Fixes:
- WebSocket session management (P0): Return primitives instead of ORM objects
- LIKE query injection (P1): Escape special characters in search queries

Tests: 543 backend tests, 56 frontend tests passing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-11 18:41:19 +08:00

43 lines
1.0 KiB
Python
Raw Blame History

from pydantic import BaseModel, Field
from typing import Optional
class LoginRequest(BaseModel):
email: str = Field(..., max_length=255)
password: str = Field(..., min_length=1, max_length=128)
class LoginResponse(BaseModel):
access_token: str
token_type: str = "bearer"
user: "UserInfo"
class UserInfo(BaseModel):
id: str
email: str
name: str
role: Optional[str] = None
department_id: Optional[str] = None
is_system_admin: bool = False
class TokenPayload(BaseModel):
sub: str
email: str
role: Optional[str] = None
department_id: Optional[str] = None
is_system_admin: bool = False
exp: int
iat: int
class CSRFTokenResponse(BaseModel):
"""Response containing a CSRF token for state-changing operations."""
csrf_token: str = Field(..., description="CSRF token to include in X-CSRF-Token header")
expires_in: int = Field(default=3600, description="Token expiry time in seconds")
# Update forward reference
LoginResponse.model_rebuild()
Reference in New Issue View Git Blame Copy Permalink