Skip to content

Feat/mobile user crud block auth#29

Merged
wailbentafat merged 29 commits intodevelopfrom
feat/mobile-user-crud-block-auth
Mar 23, 2026
Merged

Feat/mobile user crud block auth#29
wailbentafat merged 29 commits intodevelopfrom
feat/mobile-user-crud-block-auth

Conversation

@Tyjfre-j
Copy link
Collaborator

@Tyjfre-j Tyjfre-j commented Mar 20, 2026
edited
Loading

Summary

  • Add blocked field to users (migration + sqlc).
  • Admin endpoints to create/list/get/update/delete users.
  • Block/unblock user endpoints.
  • Blocked users can’t log in.
  • Access + refresh tokens are blacklisted when user is blocked.

wailbentafat
wailbentafat reviewed Mar 23, 2026
View reviewed changes
Copy link
Collaborator

@wailbentafat wailbentafat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix merge confilict also

app/router/web/users.py Outdated
Comment on lines +16 to +18
def _to_admin_user_schema(user: User) -> AdminUserSchema:
return AdminUserSchema(
id=user.id,
Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove this from logique router

app/service/users.py Outdated
return updated

return user
except HTTPException:
Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we dont have any http request why we check http request excceptions ?

app/service/users.py Outdated

if await is_session_blacklisted(redis, session_id):
raise AppException.unauthorized("Token is blacklisted")

Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when we block user the db is our source of truth we just need one check so just remove this

app/service/users.py Outdated
session_id: str,
) -> bool:
if await is_session_blacklisted(redis, session_id):
return False
Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here make the db ur source of truth mean check the db not redis

app/service/users.py Outdated
if not user:
raise AppException.internal_error("Failed to update user")
return user
except HTTPException:
Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same no http request

app/service/users.py Outdated
logger.error("Failed to update user: %s", exc)
raise DBException.handle(exc)

async def delete_user(self, *, user_id: uuid.UUID) -> User:
Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when delete user if he have session remove it from redis

app/core/token_blacklist.py Outdated
from app.core.constant import RedisKey
from app.infra.redis import RedisClient


Copy link
Collaborator

@wailbentafat wailbentafat Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this behaviour is wrong when we use session our source of truth is the database so when we check the database the user is blocked so when we block user we just remove the session from redis when we remove session from redis the code have to check the db and they found out that tht user is blocked this is the right behaviour

Tyjfre-j added 15 commits March 23, 2026 22:13
@Tyjfre-j
Add blocked column migration and sqlc updates
80e7f0a
@Tyjfre-j
Add token blacklist and blocked checks in auth
dc72df6
@Tyjfre-j
Add admin user CRUD and block/unblock endpoints
b6ab722
@Tyjfre-j
Fix staff login crash on missing user
058e1e4
@Tyjfre-j
Add admin and mobile session defaults to settings
df123d8
@Tyjfre-j
Refactor mobile auth endpoints for consistency
22c5ca4
@Tyjfre-j
Refactor admin users router mappings and defaults
3f46dda
@Tyjfre-j
Use settings and consistent DB error handling in user service
bbccb5c
@Tyjfre-j
Fix mypy exception handling in user service
e534e32
@Tyjfre-j
refactor: move admin user mapping out of router
cd516a1
@Tyjfre-j
feat: add admin user schema mapper
05c8102
@Tyjfre-j
fix: rely on db for session validity in auth service
f4a6853
@Tyjfre-j
chore: deprecate token blacklist helpers
069ec7c
@Tyjfre-j
fix: validate sessions via db in token auth
194e1df
@Tyjfre-j
chore: remove token blacklist helpers
5aa0cb8
@Tyjfre-j Tyjfre-j force-pushed the feat/mobile-user-crud-block-auth branch from 5de2b46 to 5aa0cb8 Compare March 23, 2026 21:16
@Tyjfre-j Tyjfre-j changed the base branch from main to develop March 23, 2026 21:31
@wailbentafat wailbentafat merged commit 735cd62 into develop Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wailbentafat wailbentafat wailbentafat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tyjfre-j @wailbentafat @YounesBensafia