refactor(db): extract AuthMixin

Moves the 7 user CRUD methods into sqlmodel_repo/auth.py. _ensure_admin_user stays in __init__.py so DECNET_ADMIN_PASSWORD remains addressable at the module path tests already monkeypatch.
2026-04-28 14:43:49 -04:00
parent 99adbebe75
commit eebf9e4c97
2 changed files with 76 additions and 57 deletions
--- a/decnet/web/db/sqlmodel_repo/init.py
+++ b/decnet/web/db/sqlmodel_repo/init.py
@@ -66,11 +66,13 @@ from decnet.web.db.sqlmodel_repo._helpers import (  # noqa: F401  (re-exported f
    _cleanup_tasks,
 )
 from decnet.web.db.sqlmodel_repo.attacker_intel import AttackerIntelMixin
+from decnet.web.db.sqlmodel_repo.auth import AuthMixin
 from decnet.web.db.sqlmodel_repo.swarm import SwarmMixin


 class SQLModelRepository(
    AttackerIntelMixin,
+    AuthMixin,
    SwarmMixin,
    BaseRepository,
 ):
@@ -337,63 +339,6 @@ class SQLModelRepository(

    # --------------------------------------------------------------- users

-    async def get_user_by_username(self, username: str) -> Optional[dict]:
-        async with self._session() as session:
-            result = await session.execute(
-                select(User).where(User.username == username)
-            )
-            user = result.scalar_one_or_none()
-            return user.model_dump() if user else None
-
-    async def get_user_by_uuid(self, uuid: str) -> Optional[dict]:
-        async with self._session() as session:
-            result = await session.execute(
-                select(User).where(User.uuid == uuid)
-            )
-            user = result.scalar_one_or_none()
-            return user.model_dump() if user else None
-
-    async def create_user(self, user_data: dict[str, Any]) -> None:
-        async with self._session() as session:
-            session.add(User(**user_data))
-            await session.commit()
-
-    async def update_user_password(
-        self, uuid: str, password_hash: str, must_change_password: bool = False
-    ) -> None:
-        async with self._session() as session:
-            await session.execute(
-                update(User)
-                .where(User.uuid == uuid)
-                .values(
-                    password_hash=password_hash,
-                    must_change_password=must_change_password,
-                )
-            )
-            await session.commit()
-
-    async def list_users(self) -> list[dict]:
-        async with self._session() as session:
-            result = await session.execute(select(User))
-            return [u.model_dump() for u in result.scalars().all()]
-
-    async def delete_user(self, uuid: str) -> bool:
-        async with self._session() as session:
-            result = await session.execute(select(User).where(User.uuid == uuid))
-            user = result.scalar_one_or_none()
-            if not user:
-                return False
-            await session.delete(user)
-            await session.commit()
-            return True
-
-    async def update_user_role(self, uuid: str, role: str) -> None:
-        async with self._session() as session:
-            await session.execute(
-                update(User).where(User.uuid == uuid).values(role=role)
-            )
-            await session.commit()
-
    async def purge_logs_and_bounties(self) -> dict[str, int]:
        async with self._session() as session:
            logs_deleted = (await session.execute(text("DELETE FROM logs"))).rowcount
--- a/decnet/web/db/sqlmodel_repo/auth.py
+++ b/decnet/web/db/sqlmodel_repo/auth.py
@@ -0,0 +1,74 @@
+"""User CRUD."""
+from __future__ import annotations
+
+from typing import Any, Optional
+
+from sqlalchemy import select, update
+
+from decnet.web.db.models import User
+
+
+class AuthMixin:
+    """Mixin: composed onto ``SQLModelRepository``. Expects ``self._session()``.
+
+    ``_ensure_admin_user`` stays in the package ``__init__`` so the
+    ``DECNET_ADMIN_PASSWORD`` it reads remains addressable at the
+    ``decnet.web.db.sqlmodel_repo`` module path (test monkeypatch surface).
+    """
+
+    async def get_user_by_username(self, username: str) -> Optional[dict]:
+        async with self._session() as session:
+            result = await session.execute(
+                select(User).where(User.username == username)
+            )
+            user = result.scalar_one_or_none()
+            return user.model_dump() if user else None
+
+    async def get_user_by_uuid(self, uuid: str) -> Optional[dict]:
+        async with self._session() as session:
+            result = await session.execute(
+                select(User).where(User.uuid == uuid)
+            )
+            user = result.scalar_one_or_none()
+            return user.model_dump() if user else None
+
+    async def create_user(self, user_data: dict[str, Any]) -> None:
+        async with self._session() as session:
+            session.add(User(**user_data))
+            await session.commit()
+
+    async def update_user_password(
+        self, uuid: str, password_hash: str, must_change_password: bool = False
+    ) -> None:
+        async with self._session() as session:
+            await session.execute(
+                update(User)
+                .where(User.uuid == uuid)
+                .values(
+                    password_hash=password_hash,
+                    must_change_password=must_change_password,
+                )
+            )
+            await session.commit()
+
+    async def list_users(self) -> list[dict]:
+        async with self._session() as session:
+            result = await session.execute(select(User))
+            return [u.model_dump() for u in result.scalars().all()]
+
+    async def delete_user(self, uuid: str) -> bool:
+        async with self._session() as session:
+            result = await session.execute(select(User).where(User.uuid == uuid))
+            user = result.scalar_one_or_none()
+            if not user:
+                return False
+            await session.delete(user)
+            await session.commit()
+            return True
+
+    async def update_user_role(self, uuid: str, role: str) -> None:
+        async with self._session() as session:
+            await session.execute(
+                update(User).where(User.uuid == uuid).values(role=role)
+            )
+            await session.commit()