greatmengqi
ceeccabc98
Move the users table into the shared persistence engine so auth matches the pattern of threads_meta, runs, run_events, and feedback — one engine, one session factory, one schema init codepath. New files --------- - persistence/user/__init__.py, persistence/user/model.py: UserRow ORM class with partial unique index on (oauth_provider, oauth_id) - Registered in persistence/models/__init__.py so Base.metadata.create_all() picks it up Modified -------- - auth/repositories/sqlite.py: rewritten as async SQLAlchemy, identical constructor pattern to the other four repositories (def __init__(self, session_factory) + self._sf = session_factory) - auth/config.py: drop users_db_path field — storage is configured through config.database like every other table - deps.py/get_local_provider: construct SQLiteUserRepository with the shared session factory, fail fast if engine is not initialised - tests/test_auth.py: rewrite test_sqlite_round_trip_new_fields to use the shared engine (init_engine + close_engine in a tempdir) - tests/test_auth_type_system.py: add per-test autouse fixture that spins up a scratch engine and resets deps._cached_* singletons
60 lines
2.1 KiB
Python
60 lines
2.1 KiB
Python
"""ORM model for the users table.
|
|
|
|
Lives in the harness persistence package so it is picked up by
|
|
``Base.metadata.create_all()`` alongside ``threads_meta``, ``runs``,
|
|
``run_events``, and ``feedback``. Using the shared engine means:
|
|
|
|
- One SQLite/Postgres database, one connection pool
|
|
- One schema initialisation codepath
|
|
- Consistent async sessions across auth and persistence reads
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from datetime import UTC, datetime
|
|
|
|
from sqlalchemy import Boolean, DateTime, Index, String, text
|
|
from sqlalchemy.orm import Mapped, mapped_column
|
|
|
|
from deerflow.persistence.base import Base
|
|
|
|
|
|
class UserRow(Base):
|
|
__tablename__ = "users"
|
|
|
|
# UUIDs are stored as 36-char strings for cross-backend portability.
|
|
id: Mapped[str] = mapped_column(String(36), primary_key=True)
|
|
|
|
email: Mapped[str] = mapped_column(String(320), unique=True, nullable=False, index=True)
|
|
password_hash: Mapped[str | None] = mapped_column(String(128), nullable=True)
|
|
|
|
# "admin" | "user" — kept as plain string to avoid ALTER TABLE pain
|
|
# when new roles are introduced.
|
|
system_role: Mapped[str] = mapped_column(String(16), nullable=False, default="user")
|
|
|
|
created_at: Mapped[datetime] = mapped_column(
|
|
DateTime(timezone=True),
|
|
nullable=False,
|
|
default=lambda: datetime.now(UTC),
|
|
)
|
|
|
|
# OAuth linkage (optional). A partial unique index enforces one
|
|
# account per (provider, oauth_id) pair, leaving NULL/NULL rows
|
|
# unconstrained so plain password accounts can coexist.
|
|
oauth_provider: Mapped[str | None] = mapped_column(String(32), nullable=True)
|
|
oauth_id: Mapped[str | None] = mapped_column(String(128), nullable=True)
|
|
|
|
# Auth lifecycle flags
|
|
needs_setup: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
|
|
token_version: Mapped[int] = mapped_column(nullable=False, default=0)
|
|
|
|
__table_args__ = (
|
|
Index(
|
|
"idx_users_oauth_identity",
|
|
"oauth_provider",
|
|
"oauth_id",
|
|
unique=True,
|
|
sqlite_where=text("oauth_provider IS NOT NULL AND oauth_id IS NOT NULL"),
|
|
),
|
|
)
|