Kyle Pope
fbc452a004
- New User model (username, argon2id password_hash, totp fields, lockout) - New UserSession model (DB-backed revocation, replaces in-memory set) - New services/auth.py: Argon2id hashing, bcrypt→Argon2id upgrade path, URLSafeTimedSerializer session/MFA tokens - New schemas/auth.py: SetupRequest, LoginRequest, ChangePasswordRequest with OWASP password strength validation - Full rewrite of routers/auth.py: setup/login/logout/status/change-password with account lockout (10 failures → 30-min, HTTP 423), IP rate limiting retained as outer layer, get_current_user + get_current_settings dependencies replacing get_current_session - Settings model: drop pin_hash, add user_id FK (nullable for migration) - Schemas/settings.py: remove SettingsCreate, ChangePinRequest, _validate_pin_length - Settings router: rewrite to use get_current_user + get_current_settings, preserve ntfy test endpoint - All 11 consumer routers updated: auth-gate-only routers use get_current_user, routers reading Settings fields use get_current_settings - config.py: add SESSION_MAX_AGE_DAYS, MFA_TOKEN_MAX_AGE_SECONDS, TOTP_ISSUER - main.py: import User and UserSession models for Alembic discovery - requirements.txt: add argon2-cffi>=23.1.0 - Migration 023: create users + user_sessions tables, migrate pin_hash → User row (admin), backfill settings.user_id, drop pin_hash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
UMBRA Backend
A complete FastAPI backend for the UMBRA application with async SQLAlchemy, PostgreSQL, authentication, and comprehensive CRUD operations.
Features
- FastAPI with async/await support
- SQLAlchemy 2.0 with async engine
- PostgreSQL with asyncpg driver
- Alembic for database migrations
- bcrypt for password hashing
- itsdangerous for session management
- PIN-based authentication with secure session cookies
- Full CRUD operations for all entities
- Dashboard with aggregated data
- CORS enabled for frontend integration
Project Structure
backend/
├── alembic/ # Database migrations
│ ├── versions/ # Migration files
│ ├── env.py # Alembic environment
│ └── script.py.mako # Migration template
├── app/
│ ├── models/ # SQLAlchemy models
│ ├── schemas/ # Pydantic schemas
│ ├── routers/ # API route handlers
│ ├── config.py # Configuration
│ ├── database.py # Database setup
│ └── main.py # FastAPI application
├── requirements.txt # Python dependencies
├── Dockerfile # Docker configuration
├── alembic.ini # Alembic configuration
└── start.sh # Startup script
Setup
1. Install Dependencies
cd backend
pip install -r requirements.txt
2. Configure Environment
Create a .env file:
DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/umbra
SECRET_KEY=your-secret-key-change-in-production
3. Create Database
createdb umbra
4. Run Migrations
alembic upgrade head
5. Start Server
# Using the start script
chmod +x start.sh
./start.sh
# Or directly with uvicorn
uvicorn app.main:app --reload
The API will be available at http://localhost:8000
API Documentation
Interactive API documentation is available at:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
API Endpoints
Authentication
POST /api/auth/setup- Initial PIN setupPOST /api/auth/login- Login with PINPOST /api/auth/logout- LogoutGET /api/auth/status- Check auth status
Todos
GET /api/todos- List todos (with filters)POST /api/todos- Create todoGET /api/todos/{id}- Get todoPUT /api/todos/{id}- Update todoDELETE /api/todos/{id}- Delete todoPATCH /api/todos/{id}/toggle- Toggle completion
Calendar Events
GET /api/events- List events (with date range)POST /api/events- Create eventGET /api/events/{id}- Get eventPUT /api/events/{id}- Update eventDELETE /api/events/{id}- Delete event
Reminders
GET /api/reminders- List reminders (with filters)POST /api/reminders- Create reminderGET /api/reminders/{id}- Get reminderPUT /api/reminders/{id}- Update reminderDELETE /api/reminders/{id}- Delete reminderPATCH /api/reminders/{id}/dismiss- Dismiss reminder
Projects
GET /api/projects- List projectsPOST /api/projects- Create projectGET /api/projects/{id}- Get projectPUT /api/projects/{id}- Update projectDELETE /api/projects/{id}- Delete projectGET /api/projects/{id}/tasks- List project tasksPOST /api/projects/{id}/tasks- Create project taskPUT /api/projects/{id}/tasks/{task_id}- Update taskDELETE /api/projects/{id}/tasks/{task_id}- Delete task
People
GET /api/people- List people (with search)POST /api/people- Create personGET /api/people/{id}- Get personPUT /api/people/{id}- Update personDELETE /api/people/{id}- Delete person
Locations
GET /api/locations- List locations (with category filter)POST /api/locations- Create locationGET /api/locations/{id}- Get locationPUT /api/locations/{id}- Update locationDELETE /api/locations/{id}- Delete location
Settings
GET /api/settings- Get settingsPUT /api/settings- Update settingsPUT /api/settings/pin- Change PIN
Dashboard
GET /api/dashboard- Get dashboard dataGET /api/upcoming?days=7- Get upcoming items
Database Schema
The application uses the following tables:
settings- Application settings and PINtodos- Task itemscalendar_events- Calendar eventsreminders- Remindersprojects- Projectsproject_tasks- Tasks within projectspeople- Contacts/peoplelocations- Physical locations
Docker
Build and run with Docker:
docker build -t umbra-backend .
docker run -p 8000:8000 -e DATABASE_URL=... -e SECRET_KEY=... umbra-backend
Development
Create New Migration
alembic revision --autogenerate -m "Description of changes"
Apply Migrations
alembic upgrade head
Rollback Migration
alembic downgrade -1
Security Notes
- Change
SECRET_KEYin production - Use strong PINs (minimum 4 digits recommended)
- Session cookies are httpOnly and last 30 days
- All API endpoints (except auth) require authentication
- PINs are hashed with bcrypt before storage