Push the app

.env

@@ -0,0 +1,7 @@
+DATABASE_URL=postgresql+asyncpg://neondb_owner:npg_PrJpZot1wWj7@ep-weathered-unit-ad0z27gz-pooler.c-2.us-east-1.aws.neon.tech/neondb?sslmode=require
+DB_ECHO=true
+BETTER_AUTH_SECRET=abfe95adc6a3d85f1d8533a0fbf151b18240d817b471dda39a925555d886549c32c667dbeb184b9e9c73da3227c0dae5f83a
+JWT_ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=30
+DEBUG=true
+GEMINI_API_KEY=AIzaSyCIBHuTxHwQQyUtJ_Zbokuu-Qv0mykCUUc

.gitattributes

@@ -1,35 +0,0 @@
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.arrow filter=lfs diff=lfs merge=lfs -text
-*.bin filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.ckpt filter=lfs diff=lfs merge=lfs -text
-*.ftz filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.h5 filter=lfs diff=lfs merge=lfs -text
-*.joblib filter=lfs diff=lfs merge=lfs -text
-*.lfs.* filter=lfs diff=lfs merge=lfs -text
-*.mlmodel filter=lfs diff=lfs merge=lfs -text
-*.model filter=lfs diff=lfs merge=lfs -text
-*.msgpack filter=lfs diff=lfs merge=lfs -text
-*.npy filter=lfs diff=lfs merge=lfs -text
-*.npz filter=lfs diff=lfs merge=lfs -text
-*.onnx filter=lfs diff=lfs merge=lfs -text
-*.ot filter=lfs diff=lfs merge=lfs -text
-*.parquet filter=lfs diff=lfs merge=lfs -text
-*.pb filter=lfs diff=lfs merge=lfs -text
-*.pickle filter=lfs diff=lfs merge=lfs -text
-*.pkl filter=lfs diff=lfs merge=lfs -text
-*.pt filter=lfs diff=lfs merge=lfs -text
-*.pth filter=lfs diff=lfs merge=lfs -text
-*.rar filter=lfs diff=lfs merge=lfs -text
-*.safetensors filter=lfs diff=lfs merge=lfs -text
-saved_model/**/* filter=lfs diff=lfs merge=lfs -text
-*.tar.* filter=lfs diff=lfs merge=lfs -text
-*.tar filter=lfs diff=lfs merge=lfs -text
-*.tflite filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.wasm filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text
-*tfevents* filter=lfs diff=lfs merge=lfs -text

.python-version

@@ -0,0 +1 @@
+3.12

Dockerfile

@@ -0,0 +1,20 @@
+FROM python:3.10
+
+RUN apt-get update && apt-get install -y libgl1 libglib2.0-0
+
+# Create user but stay root during install
+RUN useradd -m -u 1000 user
+
+WORKDIR /
+
+# Install dependencies as root
+COPY requirements.txt .
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
+# Copy app AFTER installing dependencies
+COPY . /
+
+# Switch to non-root user for safety
+USER user
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]

README.md

@@ -1,11 +0,0 @@
----
-title: Todo App
-emoji: ⚡
-colorFrom: blue
-colorTo: yellow
-sdk: docker
-pinned: false
-license: mit
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

api/v1/routes/auth.py

@@ -0,0 +1,235 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlmodel.ext.asyncio.session import AsyncSession
+from pydantic import BaseModel
+
+from database.session import get_session_dep
+from models.user import UserCreate, User
+from services.user_service import UserService
+from auth.jwt_handler import create_access_token, create_refresh_token, verify_token
+from utils.logging import get_logger
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+import logging
+
+router = APIRouter()
+logger = get_logger(__name__)
+
+# Models for auth endpoints
+class UserLogin(BaseModel):
+    email: str
+    password: str  # In a real app, this would be hashed, but for this demo we'll keep it simple
+
+class UserRegister(BaseModel):
+    email: str
+    password: str  # In a real app, this would be hashed
+    name: str
+
+class AuthResponse(BaseModel):
+    user: dict
+    token: str
+    refresh_token: str = None
+
+# Initialize security for token verification (for logout)
+security = HTTPBearer()
+
+@router.post("/auth/register", response_model=AuthResponse, status_code=status.HTTP_201_CREATED)
+async def register_user(
+    user_data: UserRegister,
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Register a new user and return JWT token.
+
+    Args:
+        user_data: User registration data (email, password, name)
+        session: Database session
+
+    Returns:
+        AuthResponse with user data and JWT token
+    """
+    try:
+        # Create user data object for the service
+        user_create_data = UserCreate(
+            email=user_data.email,
+            name=user_data.name
+        )
+
+        # Create user in database
+        created_user = await UserService.create_user(session, user_create_data)
+
+        # Create JWT tokens
+        token_data = {"sub": str(created_user.id), "email": created_user.email}
+        token = create_access_token(data=token_data)
+        refresh_token = create_refresh_token(data=token_data)
+
+        logger.info(f"Successfully registered user {created_user.id} with email {created_user.email}")
+
+        return AuthResponse(
+            user=created_user.model_dump(),
+            token=token,
+            refresh_token=refresh_token
+        )
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 400 for duplicate email)
+        raise
+    except Exception as e:
+        logger.error(f"Error registering user with email {user_data.email}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error registering user"
+        )
+
+
+@router.post("/auth/login", response_model=AuthResponse)
+async def login_user(
+    user_data: UserLogin,
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Login a user and return JWT token.
+
+    Args:
+        user_data: User login data (email, password)
+        session: Database session
+
+    Returns:
+        AuthResponse with user data and JWT token
+    """
+    try:
+        # Find user by email
+        user = await UserService.get_user_by_email(session, user_data.email)
+
+        if not user:
+            logger.warning(f"Login attempt with non-existent email: {user_data.email}")
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid email or password"
+            )
+
+        # In a real app, we would verify the password here.
+        # For this implementation, we'll just proceed with login.
+
+        # Create JWT tokens
+        token_data = {"sub": str(user.id), "email": user.email}
+        token = create_access_token(data=token_data)
+        refresh_token = create_refresh_token(data=token_data)
+
+        logger.info(f"Successfully logged in user {user.id} with email {user.email}")
+
+        # Convert user to dict for response
+        user_dict = {
+            "id": user.id,
+            "email": user.email,
+            "name": user.name,
+            "created_at": user.created_at
+        }
+
+        return AuthResponse(
+            user=user_dict,
+            token=token,
+            refresh_token=refresh_token
+        )
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401 for invalid credentials)
+        raise
+    except Exception as e:
+        logger.error(f"Error logging in user with email {user_data.email}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error during login"
+        )
+
+
+@router.post("/auth/logout")
+async def logout_user(
+    token: HTTPAuthorizationCredentials = Depends(security)
+):
+    """
+    Logout endpoint.
+    In a real application, this would add the token to a blacklist/jti store.
+    For this implementation, we'll just return a success message.
+    """
+    try:
+        # In a real app, you would add the token to a blacklist or token revocation store
+        # For this demo, we'll just return a success message
+        logger.info(f"User logged out successfully")
+        return {"message": "Successfully logged out"}
+    except Exception as e:
+        logger.error(f"Error during logout: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error during logout"
+        )
+
+
+class RefreshTokenRequest(BaseModel):
+    refresh_token: str
+
+
+@router.post("/auth/refresh", response_model=AuthResponse)
+async def refresh_token(
+    refresh_request: RefreshTokenRequest
+):
+    """
+    Refresh access token using a valid refresh token.
+
+    Args:
+        refresh_request: Contains the refresh token to use for generating a new access token
+
+    Returns:
+        AuthResponse with new access token and refresh token
+    """
+    try:
+        # Verify the refresh token
+        payload = verify_token(refresh_request.refresh_token)
+
+        # Check if this is a refresh token (not an access token)
+        token_type = payload.get("type")
+        if token_type != "refresh":
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid token type for refresh",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+
+        # Extract user data from the refresh token
+        user_id = payload.get("sub")
+        user_email = payload.get("email")
+
+        if not user_id or not user_email:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid refresh token",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+
+        # Create new access and refresh tokens
+        token_data = {"sub": user_id, "email": user_email}
+        new_access_token = create_access_token(data=token_data)
+        new_refresh_token = create_refresh_token(data=token_data)
+
+        logger.info(f"Successfully refreshed token for user {user_id}")
+
+        # Return new tokens with minimal user data (we don't have full user details here)
+        user_dict = {
+            "id": user_id,
+            "email": user_email
+        }
+
+        return AuthResponse(
+            user=user_dict,
+            token=new_access_token,
+            refresh_token=new_refresh_token
+        )
+
+    except HTTPException:
+        # Re-raise HTTP exceptions
+        raise
+    except Exception as e:
+        logger.error(f"Error refreshing token: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not refresh token",
+            headers={"WWW-Authenticate": "Bearer"},
+        )

api/v1/routes/tasks.py

@@ -0,0 +1,328 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Request
+from sqlmodel.ext.asyncio.session import AsyncSession
+from typing import List
+from database.session import get_session_dep
+from models.task import TaskRead, TaskCreate, TaskUpdate, TaskComplete
+from services.task_service import TaskService
+from middleware.auth_middleware import validate_user_id_from_token
+from auth.jwt_handler import get_user_id_from_token
+from utils.logging import get_logger
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+import logging
+
+router = APIRouter()
+logger = get_logger(__name__)
+
+# Initialize security for token extraction
+security = HTTPBearer()
+
+
+@router.get("/tasks", response_model=List[TaskRead])
+async def get_tasks(
+    request: Request,
+    user_id: int,
+    token: HTTPAuthorizationCredentials = Depends(security),
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Retrieve all tasks for the specified user.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user whose tasks to retrieve
+        token: JWT token for authentication
+        session: Database session
+
+    Returns:
+        List of TaskRead objects
+
+    Raises:
+        HTTPException: If authentication fails or user_id validation fails
+    """
+    try:
+        # Extract and validate token
+        token_user_id = get_user_id_from_token(token.credentials)
+
+        # Validate that token user_id matches URL user_id
+        validate_user_id_from_token(
+            request=request,
+            token_user_id=token_user_id,
+            url_user_id=user_id
+        )
+
+        # Get tasks for the user
+        tasks = await TaskService.get_tasks_by_user_id(session, user_id)
+
+        logger.info(f"Successfully retrieved {len(tasks)} tasks for user {user_id}")
+        return tasks
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401, 403, 404)
+        raise
+    except Exception as e:
+        logger.error(f"Error retrieving tasks for user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error retrieving tasks"
+        )
+
+
+@router.post("/tasks", response_model=TaskRead, status_code=status.HTTP_201_CREATED)
+async def create_task(
+    request: Request,
+    user_id: int,
+    task_data: TaskCreate,
+    token: HTTPAuthorizationCredentials = Depends(security),
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Create a new task for the specified user.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user creating the task
+        task_data: Task creation data
+        token: JWT token for authentication
+        session: Database session
+
+    Returns:
+        Created TaskRead object
+
+    Raises:
+        HTTPException: If authentication fails, user_id validation fails, or task creation fails
+    """
+    try:
+        # Extract and validate token
+        token_user_id = get_user_id_from_token(token.credentials)
+
+        # Validate that token user_id matches URL user_id
+        validate_user_id_from_token(
+            request=request,
+            token_user_id=token_user_id,
+            url_user_id=user_id
+        )
+
+        # Create the task
+        created_task = await TaskService.create_task(session, user_id, task_data)
+
+        logger.info(f"Successfully created task {created_task.id} for user {user_id}")
+        return created_task
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401, 403, 400)
+        raise
+    except Exception as e:
+        logger.error(f"Error creating task for user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error creating task"
+        )
+
+
+@router.get("/tasks/{task_id}", response_model=TaskRead)
+async def get_task(
+    request: Request,
+    user_id: int,
+    task_id: int,
+    token: HTTPAuthorizationCredentials = Depends(security),
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Retrieve a specific task by ID for the specified user.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user
+        task_id: The ID of the task to retrieve
+        token: JWT token for authentication
+        session: Database session
+
+    Returns:
+        TaskRead object
+
+    Raises:
+        HTTPException: If authentication fails, user_id validation fails, or task not found
+    """
+    try:
+        # Extract and validate token
+        token_user_id = get_user_id_from_token(token.credentials)
+
+        # Validate that token user_id matches URL user_id
+        validate_user_id_from_token(
+            request=request,
+            token_user_id=token_user_id,
+            url_user_id=user_id
+        )
+
+        # Get the specific task
+        task = await TaskService.get_task_by_id(session, user_id, task_id)
+
+        logger.info(f"Successfully retrieved task {task_id} for user {user_id}")
+        return task
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401, 403, 404)
+        raise
+    except Exception as e:
+        logger.error(f"Error retrieving task {task_id} for user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error retrieving task"
+        )
+
+
+@router.put("/tasks/{task_id}", response_model=TaskRead)
+async def update_task(
+    request: Request,
+    user_id: int,
+    task_id: int,
+    task_data: TaskUpdate,
+    token: HTTPAuthorizationCredentials = Depends(security),
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Update a specific task for the specified user.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user
+        task_id: The ID of the task to update
+        task_data: Task update data
+        token: JWT token for authentication
+        session: Database session
+
+    Returns:
+        Updated TaskRead object
+
+    Raises:
+        HTTPException: If authentication fails, user_id validation fails, or task not found
+    """
+    try:
+        # Extract and validate token
+        token_user_id = get_user_id_from_token(token.credentials)
+
+        # Validate that token user_id matches URL user_id
+        validate_user_id_from_token(
+            request=request,
+            token_user_id=token_user_id,
+            url_user_id=user_id
+        )
+
+        # Update the task
+        updated_task = await TaskService.update_task(session, user_id, task_id, task_data)
+
+        logger.info(f"Successfully updated task {task_id} for user {user_id}")
+        return updated_task
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401, 403, 404)
+        raise
+    except Exception as e:
+        logger.error(f"Error updating task {task_id} for user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error updating task"
+        )
+
+
+@router.delete("/tasks/{task_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_task(
+    request: Request,
+    user_id: int,
+    task_id: int,
+    token: HTTPAuthorizationCredentials = Depends(security),
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Delete a specific task for the specified user.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user
+        task_id: The ID of the task to delete
+        token: JWT token for authentication
+        session: Database session
+
+    Raises:
+        HTTPException: If authentication fails, user_id validation fails, or task not found
+    """
+    try:
+        # Extract and validate token
+        token_user_id = get_user_id_from_token(token.credentials)
+
+        # Validate that token user_id matches URL user_id
+        validate_user_id_from_token(
+            request=request,
+            token_user_id=token_user_id,
+            url_user_id=user_id
+        )
+
+        # Delete the task
+        await TaskService.delete_task(session, user_id, task_id)
+
+        logger.info(f"Successfully deleted task {task_id} for user {user_id}")
+        return
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401, 403, 404)
+        raise
+    except Exception as e:
+        logger.error(f"Error deleting task {task_id} for user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error deleting task"
+        )
+
+
+@router.patch("/tasks/{task_id}/complete", response_model=TaskRead)
+async def update_task_completion(
+    request: Request,
+    user_id: int,
+    task_id: int,
+    completion_data: TaskComplete,
+    token: HTTPAuthorizationCredentials = Depends(security),
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Update the completion status of a specific task for the specified user.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user
+        task_id: The ID of the task to update
+        completion_data: Task completion data
+        token: JWT token for authentication
+        session: Database session
+
+    Returns:
+        Updated TaskRead object
+
+    Raises:
+        HTTPException: If authentication fails, user_id validation fails, or task not found
+    """
+    try:
+        # Extract and validate token
+        token_user_id = get_user_id_from_token(token.credentials)
+
+        # Validate that token user_id matches URL user_id
+        validate_user_id_from_token(
+            request=request,
+            token_user_id=token_user_id,
+            url_user_id=user_id
+        )
+
+        # Update task completion status
+        updated_task = await TaskService.update_task_completion(session, user_id, task_id, completion_data)
+
+        logger.info(f"Successfully updated completion status for task {task_id} for user {user_id}")
+        return updated_task
+
+    except HTTPException:
+        # Re-raise HTTP exceptions (like 401, 403, 404)
+        raise
+    except Exception as e:
+        logger.error(f"Error updating completion status for task {task_id} for user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error updating task completion status"
+        )

api/v1/routes/users.py

@@ -0,0 +1,89 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Request
+from sqlmodel.ext.asyncio.session import AsyncSession
+from ...database.session import get_session_dep
+from ...schemas.user import UserRead, UserCreate
+from ...services.user_service import UserService
+from ...utils.logging import get_logger
+
+router = APIRouter()
+logger = get_logger(__name__)
+
+@router.get("/users/{user_id}", response_model=UserRead)
+async def get_user(
+    request: Request,
+    user_id: int,
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Retrieve a specific user by ID.
+
+    Args:
+        request: FastAPI request object
+        user_id: The ID of the user to retrieve
+        session: Database session
+
+    Returns:
+        UserRead object
+
+    Raises:
+        HTTPException: If user not found
+    """
+    try:
+        user = await UserService.get_user_by_id(session, user_id)
+
+        if not user:
+            logger.warning(f"User {user_id} not found")
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="User not found"
+            )
+
+        logger.info(f"Successfully retrieved user {user_id}")
+        return user
+
+    except HTTPException:
+        # Re-raise HTTP exceptions
+        raise
+    except Exception as e:
+        logger.error(f"Error retrieving user {user_id}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error retrieving user"
+        )
+
+
+@router.post("/users", response_model=UserRead, status_code=status.HTTP_201_CREATED)
+async def create_user(
+    request: Request,
+    user_data: UserCreate,
+    session: AsyncSession = Depends(get_session_dep)
+):
+    """
+    Create a new user.
+
+    Args:
+        request: FastAPI request object
+        user_data: User creation data
+        session: Database session
+
+    Returns:
+        Created UserRead object
+
+    Raises:
+        HTTPException: If user creation fails
+    """
+    try:
+        created_user = await UserService.create_user(session, user_data)
+
+        logger.info(f"Successfully created user {created_user.id}")
+        return created_user
+
+    except HTTPException:
+        # Re-raise HTTP exceptions
+        raise
+    except Exception as e:
+        logger.error(f"Error creating user: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error creating user"
+        )

auth/jwt_handler.py

@@ -0,0 +1,150 @@
+import jwt
+from datetime import datetime, timedelta
+from typing import Optional, Dict, Any
+from fastapi import HTTPException, status
+from config.settings import settings
+from models.user import UserRead
+
+def create_access_token(data: Dict[str, Any], expires_delta: Optional[timedelta] = None) -> str:
+    """
+    Create a new access token with the provided data.
+
+    Args:
+        data: Dictionary containing the data to encode in the token
+        expires_delta: Optional timedelta for token expiration (defaults to settings value)
+
+    Returns:
+        Encoded JWT token as string
+    """
+    to_encode = data.copy()
+
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=settings.access_token_expire_minutes)
+
+    to_encode.update({"exp": expire, "iat": datetime.utcnow(), "type": "access"})
+
+    encoded_jwt = jwt.encode(
+        to_encode,
+        settings.jwt_secret,
+        algorithm=settings.jwt_algorithm
+    )
+
+    return encoded_jwt
+
+
+def create_refresh_token(data: Dict[str, Any], expires_delta: Optional[timedelta] = None) -> str:
+    """
+    Create a new refresh token with the provided data.
+
+    Args:
+        data: Dictionary containing the data to encode in the token
+        expires_delta: Optional timedelta for token expiration (defaults to settings value)
+
+    Returns:
+        Encoded JWT token as string
+    """
+    to_encode = data.copy()
+
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        # Default refresh token expiration to 7 days
+        expire = datetime.utcnow() + timedelta(days=settings.refresh_token_expire_days)
+
+    to_encode.update({"exp": expire, "iat": datetime.utcnow(), "type": "refresh"})
+
+    encoded_jwt = jwt.encode(
+        to_encode,
+        settings.jwt_secret,
+        algorithm=settings.jwt_algorithm
+    )
+
+    return encoded_jwt
+
+def verify_token(token: str) -> Dict[str, Any]:
+    """
+    Verify and decode a JWT token.
+
+    Args:
+        token: JWT token string to verify
+
+    Returns:
+        Decoded token payload as dictionary
+
+    Raises:
+        HTTPException: If token is invalid, expired, or cannot be decoded
+    """
+    try:
+        payload = jwt.decode(
+            token,
+            settings.jwt_secret,
+            algorithms=[settings.jwt_algorithm]
+        )
+
+        # Check if token is expired
+        if "exp" in payload:
+            exp_timestamp = payload["exp"]
+            if datetime.fromtimestamp(exp_timestamp) < datetime.utcnow():
+                raise HTTPException(
+                    status_code=status.HTTP_401_UNAUTHORIZED,
+                    detail="Token has expired",
+                    headers={"WWW-Authenticate": "Bearer"},
+                )
+
+        return payload
+
+    except jwt.ExpiredSignatureError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Token has expired",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    except jwt.InvalidTokenError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    except Exception:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+def get_user_id_from_token(token: str) -> int:
+    """
+    Extract user ID from JWT token.
+
+    Args:
+        token: JWT token string
+
+    Returns:
+        User ID as integer
+
+    Raises:
+        HTTPException: If token is invalid or user_id is not in token
+    """
+    payload = verify_token(token)
+
+    user_id = payload.get("sub")
+    if user_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    # Ensure user_id is an integer
+    try:
+        user_id = int(user_id)
+    except (ValueError, TypeError):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid user ID in token",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    return user_id

config/settings.py

@@ -0,0 +1,35 @@
+from pydantic_settings import BaseSettings
+from typing import Optional
+import os
+from dotenv import load_dotenv
+
+# Load environment variables from .env file
+load_dotenv()
+
+class Settings(BaseSettings):
+    """
+    Application settings loaded from environment variables.
+    """
+    # Database settings
+    database_url: str = os.getenv("DATABASE_URL", "postgresql+asyncpg://username:password@localhost:5432/todo_app")
+    db_echo: bool = os.getenv("DB_ECHO", "False").lower() == "true"
+
+    # JWT settings
+    jwt_secret: str = os.getenv("BETTER_AUTH_SECRET", "your-super-secret-jwt-signing-key-here")
+    jwt_algorithm: str = os.getenv("JWT_ALGORITHM", "HS256")
+    access_token_expire_minutes: int = int(os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "30"))
+    refresh_token_expire_days: int = int(os.getenv("REFRESH_TOKEN_EXPIRE_DAYS", "7"))
+
+    # Application settings
+    app_name: str = "Todo List API"
+    app_version: str = "1.0.0"
+    debug: bool = os.getenv("DEBUG", "False").lower() == "true"
+
+    model_config = {
+        "env_file": ".env",
+        "case_sensitive": True,
+        "extra": "allow"
+    }
+
+# Create a settings instance
+settings = Settings()

database/session.py

@@ -0,0 +1,65 @@
+from sqlmodel.ext.asyncio.session import AsyncSession
+from sqlalchemy.ext.asyncio import create_async_engine
+from typing import AsyncGenerator
+from contextlib import asynccontextmanager
+import os
+from config.settings import settings
+
+# Create the async database engine
+db_url = settings.database_url
+
+if db_url.startswith("postgresql://"):
+    # Convert to asyncpg format
+    db_url = db_url.replace("postgresql://", "postgresql+asyncpg://", 1)
+elif db_url.startswith("postgresql+asyncpg://"):
+    # Already in correct format
+    db_url = db_url
+elif db_url.startswith("sqlite://") and not db_url.startswith("sqlite+aiosqlite"):
+    # Convert to aiosqlite format
+    db_url = db_url.replace("sqlite://", "sqlite+aiosqlite://", 1)
+elif db_url.startswith("sqlite+aiosqlite"):
+    # Already in correct format
+    db_url = db_url
+
+# For Neon PostgreSQL with asyncpg, SSL is handled automatically
+# The issue is with URL parameters that asyncpg doesn't expect
+if "postgresql+asyncpg" in db_url and "?sslmode=" in db_url:
+    # Extract the base URL without query parameters
+    base_url = db_url.split('?')[0]
+    # For Neon, we often just need the base URL as asyncpg handles SSL automatically
+    db_url = base_url
+
+# Set appropriate engine options based on database type
+if "postgresql" in db_url:
+    # For PostgreSQL, use asyncpg with proper SSL handling
+    async_engine = create_async_engine(
+        db_url,
+        echo=settings.db_echo,  # Set to True for SQL query logging during development
+        pool_pre_ping=True,  # Verify connections before use
+        pool_recycle=300,  # Recycle connections every 5 minutes
+        # SSL is handled automatically by asyncpg for Neon
+    )
+else:  # SQLite
+    async_engine = create_async_engine(
+        db_url,
+        echo=settings.db_echo,  # Set to True for SQL query logging during development
+    )
+
+@asynccontextmanager
+async def get_async_session() -> AsyncGenerator[AsyncSession, None]:
+    """
+    Async context manager for database sessions.
+    Ensures the session is properly closed after use.
+    """
+    async with AsyncSession(async_engine) as session:
+        try:
+            yield session
+        finally:
+            await session.close()
+
+async def get_session_dep():
+    """
+    Dependency function for FastAPI to provide async database sessions.
+    """
+    async with AsyncSession(async_engine) as session:
+        yield session

main.py

@@ -0,0 +1,58 @@
+from fastapi import FastAPI
+from fastapi.exceptions import RequestValidationError
+from starlette.exceptions import HTTPException as StarletteHTTPException
+from starlette.middleware.cors import CORSMiddleware
+from api.v1.routes import tasks
+from api.v1.routes import auth
+from database.session import async_engine
+from models import task, user  # Import models to register them with SQLModel
+from utils.exception_handlers import (
+    http_exception_handler,
+    validation_exception_handler,
+    general_exception_handler
+)
+import sqlmodel
+
+app = FastAPI(title="Todo List API", version="1.0.0")
+
+# Add CORS middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],  # In production, replace with specific origins
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Register exception handlers
+app.add_exception_handler(StarletteHTTPException, http_exception_handler)
+app.add_exception_handler(RequestValidationError, validation_exception_handler)
+app.add_exception_handler(Exception, general_exception_handler)
+
+@app.on_event("startup")
+async def startup():
+    """Create database tables on startup"""
+    async with async_engine.begin() as conn:
+        await conn.run_sync(sqlmodel.SQLModel.metadata.create_all)
+
+# Include API routes
+app.include_router(tasks.router, prefix="/api/{user_id}", tags=["tasks"])
+app.include_router(auth.router, prefix="/api", tags=["auth"])
+
+@app.get("/")
+def read_root():
+    return {"message": "Todo List API - Phase II Backend"}
+
+@app.get("/health")
+def health_check():
+    return {"status": "healthy"}
+
+if __name__ == "__main__":
+    import uvicorn
+
+    uvicorn.run(
+        "main:app",
+        host="127.0.0.1",
+        port=8000,
+        reload=True,
+    )

middleware/auth_middleware.py

@@ -0,0 +1,69 @@
+from fastapi import Request, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from auth.jwt_handler import verify_token, get_user_id_from_token
+from typing import Optional, Dict, Any
+import logging
+
+# Set up logger
+logger = logging.getLogger(__name__)
+
+class JWTBearer(HTTPBearer):
+    """
+    Custom JWT Bearer authentication scheme.
+    This class handles extracting and validating JWT tokens from request headers.
+    """
+    def __init__(self, auto_error: bool = True):
+        super(JWTBearer, self).__init__(auto_error=auto_error)
+
+    async def __call__(self, request: Request) -> Optional[Dict[str, Any]]:
+        """
+        Extract and validate JWT token from request.
+
+        Args:
+            request: FastAPI request object
+
+        Returns:
+            Token payload if valid, None if auto_error is False and no token
+
+        Raises:
+            HTTPException: If token is invalid or missing (when auto_error=True)
+        """
+        credentials: HTTPAuthorizationCredentials = await super(JWTBearer, self).__call__(request)
+
+        if credentials:
+            if not credentials.scheme == "Bearer":
+                raise HTTPException(
+                    status_code=status.HTTP_401_UNAUTHORIZED,
+                    detail="Invalid authentication scheme",
+                )
+
+            token = credentials.credentials
+            return verify_token(token)
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid authorization code",
+            )
+
+def validate_user_id_from_token(request: Request, token_user_id: int, url_user_id: int) -> bool:
+    """
+    Validate that the user_id in the JWT token matches the user_id in the URL.
+
+    Args:
+        request: FastAPI request object (for logging)
+        token_user_id: User ID extracted from JWT token
+        url_user_id: User ID from the URL path parameter
+
+    Returns:
+        True if user IDs match, raises HTTPException if they don't match
+    """
+    if token_user_id != url_user_id:
+        logger.warning(
+            f"User ID mismatch - Token: {token_user_id}, URL: {url_user_id}, Path: {request.url.path}"
+        )
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="User ID in token does not match user ID in URL",
+        )
+
+    return True

models/task.py

@@ -0,0 +1,59 @@
+from sqlmodel import SQLModel, Field, Relationship
+from typing import Optional
+from enum import Enum
+from datetime import datetime
+from .user import User
+
+class PriorityEnum(str, Enum):
+    high = "high"
+    medium = "medium"
+    low = "low"
+
+class TaskBase(SQLModel):
+    title: str = Field(nullable=False, max_length=255)
+    description: Optional[str] = Field(default=None, max_length=1000)
+    completed: Optional[bool] = Field(default=False)  # Made optional to match frontend
+    priority: Optional[PriorityEnum] = Field(default=None)  # Changed default to None to match frontend
+    due_date: Optional[str] = Field(default=None, max_length=50)  # Changed from datetime to string to match frontend, added max_length for DB
+
+class Task(TaskBase, table=True):
+    """
+    Represents a user's todo item with properties for content, status, and ownership.
+    """
+    id: Optional[int] = Field(default=None, primary_key=True)
+    user_id: int = Field(foreign_key="users.id", nullable=False)  # Updated to match new table name
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+    updated_at: datetime = Field(default_factory=datetime.utcnow)
+
+    # Relationship to User
+    user: Optional[User] = Relationship(back_populates="tasks")
+
+class TaskCreate(TaskBase):
+    """Schema for creating a new task."""
+    # Explicitly define fields to ensure they're properly inherited
+    title: str
+    description: Optional[str] = None
+    completed: Optional[bool] = False
+    priority: Optional[PriorityEnum] = None
+    due_date: Optional[str] = Field(default=None, max_length=50)
+
+class TaskRead(TaskBase):
+    """Schema for reading task data."""
+    id: int
+    user_id: int
+    created_at: datetime
+    updated_at: datetime
+    priority: Optional[PriorityEnum] = None  # Explicitly include new field
+    due_date: Optional[str] = Field(default=None, max_length=50)  # Changed from datetime to string to match frontend
+
+class TaskUpdate(SQLModel):
+    """Schema for updating a task."""
+    title: Optional[str] = None
+    description: Optional[str] = None
+    completed: Optional[bool] = None
+    priority: Optional[PriorityEnum] = None
+    due_date: Optional[str] = Field(default=None, max_length=50)  # Changed from datetime to string to match frontend
+
+class TaskComplete(SQLModel):
+    """Schema for updating task completion status."""
+    completed: bool

models/user.py

@@ -0,0 +1,28 @@
+from sqlmodel import SQLModel, Field, Relationship
+from typing import Optional, List
+from datetime import datetime
+
+class UserBase(SQLModel):
+    email: str = Field(unique=True, nullable=False, max_length=255)
+    name: str = Field(nullable=False, max_length=255)
+
+class User(UserBase, table=True):
+    """
+    Represents a registered user in the system with authentication information.
+    """
+    __tablename__ = "users"  # Use 'users' instead of 'user' to avoid PostgreSQL reserved keyword
+
+    id: Optional[int] = Field(default=None, primary_key=True)
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+
+    # Relationship to tasks
+    tasks: List["Task"] = Relationship(back_populates="user")
+
+class UserCreate(UserBase):
+    """Schema for creating a new user."""
+    pass
+
+class UserRead(UserBase):
+    """Schema for reading user data."""
+    id: int
+    created_at: datetime

pyproject.toml

@@ -0,0 +1,20 @@
+[project]
+name = "backend"
+version = "0.1.0"
+description = "Todo List API Backend - Phase II"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "fastapi>=0.115.0",
+    "sqlmodel>=0.0.22",
+    "pydantic>=2.9.2",
+    "pydantic-settings>=2.6.1",
+    "pyjwt>=2.9.0",
+    "python-multipart>=0.0.12",
+    "uvicorn[standard]>=0.32.0",
+    "asyncpg>=0.30.0",
+    "python-dotenv>=1.0.1",
+    "pytest>=8.3.3",
+    "pytest-asyncio>=0.23.7",
+    "httpx>=0.27.2",
+]

requirements.txt

@@ -0,0 +1,12 @@
+fastapi==0.115.0
+sqlmodel==0.0.22
+pydantic==2.9.2
+pydantic-settings==2.6.1
+pyjwt==2.9.0
+python-multipart==0.0.12
+uvicorn[standard]==0.32.0
+asyncpg==0.30.0
+python-dotenv==1.0.1
+pytest==8.3.3
+pytest-asyncio==0.23.7
+httpx==0.27.2

reset_database.py

@@ -0,0 +1,28 @@
+"""
+Simple script to recreate database tables
+"""
+
+import asyncio
+from sqlmodel import SQLModel
+from database.session import async_engine
+from models.user import User
+from models.task import Task
+
+async def reset_database():
+    print("Dropping and recreating database tables...")
+
+    # Drop all tables first
+    async with async_engine.begin() as conn:
+        await conn.run_sync(SQLModel.metadata.drop_all)
+
+    print("Tables dropped.")
+
+    # Create all tables
+    async with async_engine.begin() as conn:
+        await conn.run_sync(SQLModel.metadata.create_all)
+
+    print("Tables recreated successfully!")
+    print("Database reset complete.")
+
+if __name__ == "__main__":
+    asyncio.run(reset_database())

s.py

@@ -0,0 +1,2 @@
+import secrets
+print(secrets.token_hex(50))

schemas/task.py

@@ -0,0 +1,32 @@
+from pydantic import BaseModel
+from typing import Optional
+from datetime import datetime
+
+class TaskBase(BaseModel):
+    title: str
+    description: Optional[str] = None
+    completed: bool = False
+
+class TaskCreate(TaskBase):
+    """Schema for creating a new task."""
+    pass
+
+class TaskRead(TaskBase):
+    """Schema for reading task data."""
+    id: int
+    user_id: int
+    created_at: datetime
+    updated_at: datetime
+
+    class Config:
+        from_attributes = True
+
+class TaskUpdate(BaseModel):
+    """Schema for updating a task."""
+    title: Optional[str] = None
+    description: Optional[str] = None
+    completed: Optional[bool] = None
+
+class TaskComplete(BaseModel):
+    """Schema for updating task completion status."""
+    completed: bool

schemas/user.py

@@ -0,0 +1,24 @@
+from pydantic import BaseModel
+from typing import Optional
+from datetime import datetime
+
+class UserBase(BaseModel):
+    email: str
+    name: str
+
+class UserCreate(UserBase):
+    """Schema for creating a new user."""
+    pass
+
+class UserRead(UserBase):
+    """Schema for reading user data."""
+    id: int
+    created_at: datetime
+
+    class Config:
+        from_attributes = True
+
+class UserUpdate(BaseModel):
+    """Schema for updating user data."""
+    email: Optional[str] = None
+    name: Optional[str] = None