Issue #89: Integrate the datastore into the backend

[snakedye]

Related to #89 Closes #104 Closes #122

[snakedye]

Since the connection is instantiated in the function, I don't know if I can rollback the changes. Otherwise if the test pass on the datastore it should mostly be fine here.

[Endlessflow]

@snakedye @k-allagbe I have been working a bit on automating PR reviews for Cedille, my student club. We are starting to see somewhat decent results ... ish.

I tried to run this PR through the pipeline to see what we would get.

Let me know your first impressions tomorrow, which parts of the review are useful which parts are completely useless, etc.

---

PR Automated Review

Title: Enhancements to User Authentication and Form Management in Fertiscan Backend

Context:

• This PR aims to enhance the Fertiscan backend by introducing user authentication endpoints (/login, /signup) and comprehensive form management capabilities (/forms endpoints for CRUD operations). It also includes improvements to logging, configuration management via environment variables, and updates to the Swagger documentation.

Key Changes:

• Added /login and /signup endpoints for user authentication.
• Added endpoints for creating, updating, deleting, and searching forms.
• Improved logging configuration and management.
• Introduced new environment variables for configuration management.
• Updated Swagger documentation for the new endpoints and functionalities.
• Enhanced error handling and added detailed logging.
• Refactored code for better maintainability and readability.
• Updated dependencies in requirements.txt.
• Added new tests for authentication and form management functionalities.

Specific Comments:

1. Environment Variables:

   +FERTISCAN_STORAGE_URL=
   +FERTISCAN_SCHEMA=
   +FERTISCAN_DB_URL=

   Comment: Consider adding default values or comments to explain the purpose of these environment variables for better clarity and maintainability. This helps new developers understand the required configurations. Suggestion:

   +FERTISCAN_STORAGE_URL=  # URL for the storage service
   +FERTISCAN_SCHEMA=fertiscan_0.0.8  # Default schema version
   +FERTISCAN_DB_URL=  # Database connection URL

2. Error Handling in create_form Endpoint:

   +        return jsonify(error="Internal server error!"), HTTPStatus.INTERNAL_SERVER_ERROR

   Comment: It's essential to avoid exposing internal error messages directly to the client. Consider logging the error and providing a generic error message to the client. Suggestion:

   +        logger.error(f"Error occurred: {err}")
   +        logger.error("Traceback: " + traceback.format_exc())
   +        return jsonify(error="An unexpected error occurred. Please try again later."), HTTPStatus.INTERNAL_SERVER_ERROR

3. Password Management in signup Endpoint:

   +    _ = request.form.get("password")

   Comment: Ensure that passwords are hashed and stored securely. This line should include password hashing before storing it in the database. Suggestion:

   +    password = request.form.get("password")
   +    hashed_password = hash_password(password)  # Implement a secure hashing function
   +    # Store the hashed password in the database

4. Asynchronous Database Operations:

   +                user = asyncio.run(new_user(cursor, username, FERTISCAN_STORAGE_URL))

   Comment: Using asyncio.run is appropriate, but ensure that the database driver supports asynchronous operations to avoid potential issues. Suggestion: Verify and document the compatibility of the database driver with asynchronous operations.

5. Logging Configuration:

   +logging.basicConfig(
   +    filename=log_file_path,
   +    level=logging.INFO,
   +    force=True,
   +    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
   +)

   Comment: Consider setting different logging levels for development and production environments to avoid excessive logging in production. Suggestion:

   +log_level = os.getenv("LOG_LEVEL", "INFO")
   +logging.basicConfig(
   +    filename=log_file_path,
   +    level=getattr(logging, log_level.upper(), logging.INFO),
   +    force=True,
   +    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
   +)

6. Swagger Documentation:

   +  500:
   +    description: Internal Server Error
   +    schema:
   +      type: object
   +      properties:
   +        error:
   +          type: string
   +          example: "Internal server error"

   Comment: Ensure that the Swagger documentation reflects all possible responses, including edge cases and specific error messages. Suggestion: Review and update the Swagger documentation to include detailed descriptions of all potential error responses for each endpoint.

General Cautions:

• Backward Compatibility: Ensure that the new changes do not break existing functionalities or data. Consider testing with existing data and users to verify compatibility.
• Security Best Practices: Implement rate limiting on authentication endpoints to prevent brute-force attacks. Regularly update dependencies to patch known vulnerabilities.
• Comprehensive Testing: Ensure that all new features and edge cases are covered by tests. Continuously integrate and run tests to validate changes.

Approval Recommendation:

• [ ] Request Changes: Significant issues need to be addressed, particularly in error handling, password management, and logging configurations.
• [x] Approve with Comments: Minor changes or clarifications are recommended.
• [ ] Approve: The PR is ready for merge.