Skip to content

feat: implement JWT auth and role-based access control (Issue #373)#396

Open
Somil450 wants to merge 3 commits into
utksh1:mainfrom
Somil450:feature/rbac-auth
Open

feat: implement JWT auth and role-based access control (Issue #373)#396
Somil450 wants to merge 3 commits into
utksh1:mainfrom
Somil450:feature/rbac-auth

Conversation

@Somil450
Copy link
Copy Markdown

@Somil450 Somil450 commented May 28, 2026

Fixes #373.

  • Adds JWT authentication via bcrypt and PyJWT.
  • Introduces Role-Based Access Control using FastAPI dependencies.
  • Creates default admin user credentials upon database initialization.
  • Updates tests to handle user contexts appropriately.

@Somil450
Copy link
Copy Markdown
Author

Somil450 commented May 28, 2026

@utksh1 plz review this PR

@utksh1 utksh1 added level:critical 80 pts difficulty label for critical or high-impact PRs type:feature Feature work category bonus label type:security Security work category bonus label area:backend Backend API, database, or service work area:frontend Frontend React/UI work area:security Security-sensitive implementation or tests labels May 29, 2026
utksh1
utksh1 requested changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@utksh1 utksh1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting changes before this can merge. The PR seeds a default admin/admin account and falls back to a hardcoded JWT secret, which is not acceptable for an auth/RBAC feature. It also wraps the whole API router in authentication without a migration/rollout path, which can break existing local-first workflows and unauthenticated health/tooling calls. Please require an explicit configured secret, avoid default production credentials, provide a documented bootstrap/admin creation flow, keep health/public endpoints intentionally public where needed, and add backend tests for login, forbidden roles, missing/invalid tokens, and protected route behavior.

@utksh1
Copy link
Copy Markdown
Owner

utksh1 commented May 30, 2026

Re-reviewed after the latest push. Still blocked: backend checks are failing, the branch is conflicting, and the auth model still needs to avoid default admin/admin credentials and hardcoded JWT fallback. Please rebase, require an explicit configured secret, provide a safe bootstrap flow, and cover protected route behavior with tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@utksh1 utksh1 utksh1 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

area:backend Backend API, database, or service work area:frontend Frontend React/UI work area:security Security-sensitive implementation or tests level:critical 80 pts difficulty label for critical or high-impact PRs type:feature Feature work category bonus label type:security Security work category bonus label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Implement Authentication and RBAC for Multi-User Deployments

3 participants

@Somil450 @utksh1 @jainsomil714-debug