Create `register` and `login` endpoints

[GabrielEValenzuela]

Description

Develop register and login endpoints within the FastAPI library. The register endpoint will allow new users to create an account, and the login endpoint will validate credentials. Upon successful login, the endpoint should return an API key, which the user will use for authenticating future requests to protected endpoints (e.g., /service). The task includes secure storage of user credentials and token generation.

User Stories

• As a User, I want to register with my credentials so I can create an account to access the service.
• As a User, I want to log in and receive a token so I can authenticate myself for using the service.
• As a Developer, I want secure token-based authentication to manage user access to protected endpoints.

---

Details

• Objective: Implement two endpoints (/register and /login) with authentication token generation. The token should be used for authorizing access to the predict-similarity endpoint.
• Requirements:
  • Endpoint 1: POST /register
  • Accepts a JSON payload with username and password.
  • Hashes and stores the password securely (e.g., using bcrypt).
  • Returns a success message on successful registration.
  • Endpoint 2: POST /login
  • Accepts a JSON payload with username and password.
  • Verifies credentials against the stored hash.
  • If valid, returns a token (either API key or JWT) to be used for authenticating future requests.

---

Example Usage and Responses

• Register Request:

  {
  "username": "testuser",
  "password": "securepassword"
  }

• Register Success Response:

  {
  "message": "User registered successfully."
  }

• Login Request:

  {
  "username": "testuser",
  "password": "securepassword"
  }

• Login Success Response (API Key):

  {
  "api_key": "A1B2C3D4E5..."
  }

• Error Responses:

  • 400 Bad Request for missing or invalid input.
  • 401 Unauthorized for incorrect credentials.

---

Implementation Steps

1. Create User Database Model:

   • Define a user model in the database (e.g., SQLite) with fields username, hashed_password, and token (if using API keys).
   • Store hashed passwords using a secure hashing function like bcrypt.

2. Develop Registration Endpoint (/register):

   • Validate the JSON payload for required fields (username and password).
   • Check if the username already exists in the database. If it does, return an error.
   • Hash the password and store the new user record in the database.
   • Return a success message.

3. Develop Login Endpoint (/login):

   • Validate the JSON payload for required fields (username and password).
   • Retrieve the user from the database by username.
   • Verify the password against the stored hash.
   • If valid:
     • Generate a unique API key and store it in the database for the user.
   • Return the token (API key) in the response.

4. Secure Endpoint Integration:

   • Modify /service and any future protected endpoints to require authentication by checking the provided token.
   • Verify the key against the stored tokens in the database.

---

Code Mockup

Here’s an example using JWT for token generation.

from fastapi import APIRouter, HTTPException, Depends
from pydantic import BaseModel
from src.app.utils.auth import authenticate_user, create_access_token, hash_password
from src.app.db.database import get_user, create_user

router = APIRouter()

# Models for request bodies
class RegisterRequest(BaseModel):
    username: str
    password: str

class LoginRequest(BaseModel):
    username: str
    password: str

# Register endpoint
@router.post("/register")
async def register(request: RegisterRequest):
    if get_user(request.username):
        raise HTTPException(status_code=400, detail="Username already exists")

    hashed_password = hash_password(request.password)
    create_user(request.username, hashed_password)

    return {"message": "User registered successfully."}

# Login endpoint
@router.post("/login")
async def login(request: LoginRequest):
    user = authenticate_user(request.username, request.password)
    if not user:
        raise HTTPException(status_code=401, detail="Invalid credentials")

    token = create_access_token(data={"sub": user.username})
    return {"token": token}

---

Edge Cases

• Duplicate Usernames: Ensure registration fails if a username is already in use.
• Invalid Credentials: Return 401 Unauthorized if login credentials are incorrect.

---