Automatyczna zmiana: 1753736103

This reverts commit a9775f4fa5.

.woodpecker/build.yaml

@@ -0,0 +1,71 @@
+when:
+  - event: [push, manual]
+    branch: woodpecker
+
+steps:
+  - name: code-tests
+    image: python:3.11.7-alpine
+    commands:
+      - cd api
+      - python3 -m venv env
+      - source env/bin/activate
+      - pip install -r requirements.txt pytest
+      - python3 -m pytest --junit-xml=pytest_junit.xml
+
+  - name: build-and-push
+    image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
+    environment:
+      ACR_NAME: marcin00
+      CLIENT_ID: c302726f-fafb-4143-94c1-67a70975574a
+    commands:
+      - dockerd &
+      - export DOCKER_IMAGE=marcin00.azurecr.io/user-microservice:${CI_COMMIT_SHA}
+      - docker build -t $DOCKER_IMAGE --build-arg APP_VERSION=${CI_COMMIT_SHA} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") .
+      - az login --identity --client-id $CLIENT_ID
+      - az acr login --name $ACR_NAME
+      - docker push $DOCKER_IMAGE
+    backend_options:
+      kubernetes:
+        annotations:
+          io.kubernetes.cri-o.userns-mode: "auto:size=65536"
+        runtimeClassName: sysbox-runc
+
+  - name: gitops-commit
+    image: alpine/git
+    environment:
+      DEPLOY_REPO_URL: ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git
+      DEPLOY_REPO_BRANCH: woodpecker-fluxcd-deploy
+      GITEA_DEPLOY_KEY:
+        from_secret: gitea-deploy-key
+      GITEA_KNOWN_HOST:
+        from_secret: gitea-known-host
+    commands:
+      - mkdir -p ~/.ssh
+
+      - echo "$GITEA_KNOWN_HOST" >> ~/.ssh/known_hosts
+      - chmod 644 ~/.ssh/known_hosts
+
+      - echo "$GITEA_DEPLOY_KEY" > ~/.ssh/id_rsa
+      - chmod 600 ~/.ssh/id_rsa
+
+      - git config --global user.name "woodpecker[bot]"
+      - git config --global user.email "woodpecker@marcin00.pl"
+
+      - git clone $DEPLOY_REPO_URL --branch $DEPLOY_REPO_BRANCH
+      - cd user-microservice-deploy/apps/user-microservice
+      
+      - |
+        awk -v commit="$CI_COMMIT_SHA" '
+        $0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next }
+        in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ {
+            sub(/:[^:[:space:]]+$/, ":" commit)
+            in_api_container = 0
+            print
+            next
+        }
+        { print }
+        ' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml
+      
+      - git add deploy.yaml
+      - 'git diff-index --quiet HEAD || git commit -m "WOODPECKER: Changed deployed version to $CI_COMMIT_SHA"'
+      - git push origin $DEPLOY_REPO_BRANCH

Dockerfile

@@ -1,5 +1,18 @@
-FROM python:3.11.7-slim-bookworm
+FROM python:3.11.7-alpine
+
+# Wersja i data builda jako build-arg
+ARG APP_VERSION=unknown
+ARG BUILD_DATE=unknown
+
+# Ustawiamy zmienne w ENV, by były dostępne w kontenerze
+ENV APP_VERSION=$APP_VERSION
+ENV BUILD_DATE=$BUILD_DATE
+
 WORKDIR /app
+
 COPY api .
+
+RUN apk add --no-cache curl
 RUN pip install -r requirements.txt
+
 CMD python3 app.py

api/app.py

@@ -1,22 +1,70 @@
 from dotenv import load_dotenv
-from flask import Flask
+from flask import Flask, jsonify
 from flask_jwt_extended import JWTManager
-from models import db
+from jwt import ExpiredSignatureError
+from models import db, RevokedToken
 import os
-from task_views import task_bp
-from user_views import user_bp, init_db
+from tech_views import tech_bp
+from utils import init_db, wait_for_db
+from views import user_bp
+from werkzeug.exceptions import HTTPException
 
-if __name__ == "__main__":
+def create_app(config_name="default"):
+    """Creates and returns a new instance of Flask app."""
     load_dotenv()
     app = Flask(__name__)
-    app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('SQLALCHEMY_DATABASE_URI')
-    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
-    app.config['JWT_SECRET_KEY'] = 'changeme'
+    
+    # Database settings
+    if config_name == "testing":
+        app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"  # Database in memory
+        app.config["TESTING"] = True
+    else:
+        app.config["SQLALCHEMY_DATABASE_URI"] = os.getenv("SQLALCHEMY_DATABASE_URI")
+    app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
+
+    # JWT settings
+    app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY", "changeme")
+
+    # Blueprints registration
     app.register_blueprint(user_bp)
-    app.register_blueprint(task_bp)
+    app.register_blueprint(tech_bp)
+
+    # Database and JWT initialization
     db.init_app(app)
     jwt = JWTManager(app)
+
+    # Function to check if JWT token is revoked
+    @jwt.token_in_blocklist_loader
+    def check_if_token_revoked(jwt_header, jwt_payload):
+        token = db.session.get(RevokedToken, jwt_payload["jti"])
+        return token is not None
+
+    # Global error handler
+    @app.errorhandler(Exception)
+    def global_error_handler(error):
+        if isinstance(error, HTTPException):
+            response = jsonify({"error": error.description})
+            response.status_code = error.code
+        elif isinstance(error, ExpiredSignatureError):
+            response = jsonify({"error": "Token has expired"})
+            response.status_code = 401
+        else:  # All other errors
+            response = jsonify({"error": str(error)})
+            response.status_code = 500
+        return response
+
+    # Fill database by initial values (only if we are not testing)
     with app.app_context():
+        wait_for_db(max_retries=100)
         db.create_all()
-        init_db()
-    app.run(debug=True, host='0.0.0.0')
+        if config_name != "testing":
+            init_db()
+    return app
+
+
+# Server start only if we run app directly
+if __name__ == "__main__":
+    from waitress import serve
+    app = create_app()
+    port = os.getenv("APP_PORT", "80")
+    serve(app, host="0.0.0.0", port=port)

api/models.py

@@ -12,23 +12,9 @@ class User(db.Model):
     def to_dict(self):
         return {"id": self.id, "username": self.username, "email": self.email, "role": self.role}
     
+    @staticmethod
     def get_editable_fields():
         return {"username", "email", "role", "password"}
 
-class Task(db.Model):
-    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
-    title = db.Column(db.String(100), nullable=False)
-    description = db.Column(db.Text)
-    done = db.Column(db.Boolean, default=False)
-    due_date = db.Column(db.Date)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
-
-    def to_dict(self):
-        return {
-            "id": self.id,
-            "title": self.title,
-            "description": self.description,
-            "due_date": self.due_date,
-            "done": self.done,
-            "user_id": self.user_id
-        }
+class RevokedToken(db.Model):
+    jti = db.Column(db.String(100), primary_key=True)

api/requirements.txt

@@ -11,4 +11,5 @@ mysql-connector-python==9.2.0
 python-dotenv==1.0.0
 SQLAlchemy==2.0.23
 typing_extensions==4.8.0
+waitress==3.0.2
 Werkzeug==3.0.1

api/task_views.py

@@ -1,114 +0,0 @@
-from flask import Blueprint, jsonify, request, abort
-from flask_jwt_extended import jwt_required, get_jwt_identity
-from models import Task, db
-from datetime import datetime
-from user_views import admin_required, validate_access
-
-task_bp = Blueprint('task_bp', __name__)
-
-# ============================================================
-# 🚀 1️⃣ API ENDPOINTS (ROUTES)
-# ============================================================
-
-@task_bp.route('/tasks', methods=['GET'])
-@jwt_required()
-def get_all_tasks():
-    admin_required(get_jwt_identity()) # only admin can get all tasks
-    tasks = Task.query.all()
-    return jsonify([task.to_dict() for task in tasks])
-
-
-@task_bp.route('/tasks/<int:task_id>', methods=['GET'])
-@jwt_required()
-def get_task(task_id):
-    task = Task.query.get(task_id) # return task or None if task not found
-    check_if_task_exists(task)
-    return jsonify(task.to_dict())
-
-
-@task_bp.route('/tasks/user/<int:user_id>', methods=['GET'])
-@jwt_required()
-def get_tasks_by_user(user_id):
-    validate_access(user_id)
-    tasks = Task.query.filter_by(user_id=user_id).all()
-    tasks = [task.to_dict() for task in tasks]
-    return jsonify(tasks)
-
-
-@task_bp.route('/tasks', methods=['POST'])
-@jwt_required()
-def create_task():
-    data = request.get_json()
-    user_id = int(data.get('user_id'))
-    validate_access(user_id, 'Provided user_id is not assign to current user')
-    
-    due_date = datetime.strptime(data['due_date'], '%d-%m-%Y')
-    task = Task(title=data['title'], description=data['description'], due_date=due_date,
-                done=data['done'], user_id=data['user_id'])
-
-    db.session.add(task)
-    db.session.commit()
-    return jsonify(task.to_dict())
-
-
-@task_bp.route('/tasks/<int:task_id>', methods=['PUT'])
-@jwt_required()
-def update_task(task_id):
-    task = Task.query.get(task_id)
-    check_if_task_exists(task)
-
-    request_title = request.json.get('title')
-    request_description = request.json.get('description')
-    request_due_date = datetime.strptime(request.json.get('due_date'), '%d-%m-%Y')
-    request_done = request.json.get('done')
-
-    if all((task.title, task.description, task.due_date)) and task.done is not None:
-        task.title = request_title
-        task.description = request_description
-        task.due_date = request_due_date
-        task.done = request_done
-
-        db.session.commit()
-        return jsonify(task.to_dict())
-    else:
-        return abort(400, {'error': 'Incomplete task data.'})
-
-
-@task_bp.route('/tasks/<int:task_id>', methods=['DELETE'])
-@jwt_required()
-def delete_task(task_id):
-    task = Task.query.get(task_id)
-    check_if_task_exists(task)
-    db.session.delete(task)
-    db.session.commit()
-    return jsonify({})
-
-
-# ============================================================
-# 🔧 2️⃣ UTILITIES
-# ============================================================
-
-def check_if_task_exists(task):
-    # Check if task exists or user has permissions to see it
-    if task is None:
-        abort(404, {'error': 'Task not found.'})
-    user_id = task.user_id
-    validate_access(user_id)
-
-
-# ============================================================
-# ❌ 3️⃣ ERROR HANDLERS
-# ============================================================
-
-@task_bp.errorhandler(403)
-def forbidden_error(error):
-    response = jsonify(error.description)
-    response.status_code = 403
-    return response
-
-
-@task_bp.errorhandler(404)
-def not_found_error(error):
-    response = jsonify(error.description)
-    response.status_code = 404
-    return response

api/tech_views.py

@@ -0,0 +1,20 @@
+from flask import Blueprint, jsonify
+from models import db
+from sqlalchemy import text
+from utils import db_ready
+
+# Blueprint with technical endpoints
+tech_bp = Blueprint('tech_bp', __name__)
+
+@tech_bp.route('/health', methods=['GET'])
+def health_check():
+    "Check if service works and database is functional"
+    try:
+        with db.engine.connect() as connection:
+            connection.execute(text("SELECT 1"))
+        return jsonify(status="healthy"), 200
+    except Exception:
+        if db_ready:
+            return jsonify(status="unhealthy"), 500
+        else:
+            return jsonify(status="starting"), 503

api/tests/conftest.py

@@ -0,0 +1,47 @@
+import pytest
+from app import create_app
+from flask_jwt_extended import create_access_token
+from models import db, User
+from werkzeug.security import generate_password_hash
+
+@pytest.fixture
+def test_client():
+    """Creates a new instance of test app."""
+    app = create_app("testing")
+    
+    with app.test_client() as client:
+        with app.app_context():
+            db.create_all()
+            yield client
+            db.session.remove()
+            db.drop_all()
+
+@pytest.fixture
+def test_user():
+    """Create a new user for testing."""
+    user = User(username="testuser", email="test@example.com", password=generate_password_hash("testpass"), role="User")
+    db.session.add(user)
+    db.session.commit()
+    return user
+
+@pytest.fixture
+def test_user2():
+    """Create a user nr 2 for testing."""
+    user2 = User(username="testuser2", email="test2@example.com", password=generate_password_hash("testpass2"), role="User")
+    db.session.add(user2)
+    db.session.commit()
+    return user2
+
+@pytest.fixture
+def test_admin():
+    """Create a new admin user for testing."""
+    admin = User(username="adminuser", email="admin@example.com", password=generate_password_hash("adminpass"), role="Administrator")
+    db.session.add(admin)
+    db.session.commit()
+    return admin
+
+def login_test_user(identity):
+    """Return Bearer auth header for user identified by provided id"""
+    access_token = create_access_token(identity=str(identity))
+    auth_header = {"Authorization": f"Bearer {access_token}"}
+    return auth_header

api/tests/test_users.py

@@ -0,0 +1,132 @@
+from conftest import login_test_user
+import json
+
+def test_create_user(test_client, test_user, test_admin):
+    """New user registration test"""
+
+    # Anonymous try to create common user
+    test_user_data = {"username": "test", "email": "testemail@example.com", "password": "testpassword", "role": "User"}
+    response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json")
+    assert response.status_code == 201, "Each should can register in the service"
+    data = response.get_json()
+    assert data["username"] == "test"
+
+    # Anonymous try to create admin user
+    admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"}
+    response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json")
+    assert response.status_code == 401, "Anonymous should cannot create admin users"
+
+    # Login common user and try to create admin user
+    headers = login_test_user(test_user.id)
+    response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
+    assert response.status_code == 403, "Common user should cannot create admin users"
+
+    # Try to create admin user using admin account
+    headers = login_test_user(test_admin.id)
+    response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
+    assert response.status_code == 201, "Logged administrators should can create new admin users"
+
+def test_edit_user(test_client, test_user, test_admin):
+    "User edit test"
+    # Anonymous cannot edit any user
+    admin_data = test_admin.to_dict()
+    response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}))
+    assert response.status_code == 401
+
+    # Login users (get dict with auth header and merge it with dict with rest of headers)
+    admin_headers = login_test_user(test_admin.id) | {"Content-Type": "application/json"}
+    user_headers = login_test_user(test_user.id) | {"Content-Type": "application/json"}
+
+    # Check if PUT request contains all editable fields
+    response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
+    assert response.status_code == 400, "PUT request data must have all editable fields"
+
+    # Check if user can edit their own data
+    response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
+    assert response.status_code == 200, "Common user should can edit own account data"
+
+    # Check if user cannot edit other user data
+    response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}), headers=user_headers)
+    assert response.status_code == 403, "Common user should cannot edit other user data"
+
+    # Check if admin can edit other user data
+    response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers)
+    assert response.status_code == 200, "Admin user should can edit other user data"
+
+def test_remove_user(test_client, test_user, test_user2, test_admin):
+    "User remove test"
+    # Anonymous try to remove user
+    response = test_client.delete(f"/users/{test_user.id}")
+    assert response.status_code == 401, "Anonymous should cannot remove user account"
+
+    # Logged user try to remove other user account
+    headers = login_test_user(test_user.id)
+    response = test_client.delete(f"/users/{test_admin.id}", headers=headers)
+    assert response.status_code == 403, "Common user should cannot remove other user account"
+
+    # Logged user try to remove own account
+    response = test_client.delete(f"/users/{test_user.id}", headers=headers)
+    assert response.status_code == 200, "Common user should can remove their own account"
+
+    # Logged admin can remove other user account
+    admin_headers = login_test_user(test_admin.id)
+    response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers)
+    assert response.status_code == 200, "Admin user should can remove other user account"
+
+def test_login(test_client, test_user):
+    """User login test"""
+
+    response = test_client.post(
+        "/login",
+        data=json.dumps({"username": "testuser", "password": "wrongpass"}),
+        content_type="application/json",
+    )
+    assert response.status_code == 401, "User should not become logged if provided wrong password"
+    response = test_client.post(
+        "/login",
+        data=json.dumps({"username": "testuser", "password": "testpass"}),
+        content_type="application/json",
+    )
+    assert response.status_code == 200, "User should become logged if provided right password"
+
+def test_get_users(test_client, test_user, test_admin):
+    """Get all users test"""
+    response = test_client.get("/users")
+    assert response.status_code == 401, "Anonymous should cannot get all users data"
+    
+    # Common user try to get all users data
+    headers = login_test_user(test_user.id)
+    response = test_client.get("/users", headers=headers)
+    assert response.status_code == 403, "Common user should cannot get all users data"
+    
+    # Admin user try to get all users data
+    headers = login_test_user(test_admin.id)
+    response = test_client.get("/users", headers=headers)
+    assert response.status_code == 200, "Admin user should be able to get all users data"
+
+def test_get_user_with_token(test_client, test_user, test_admin):
+    """Test to get user data before and after auth using JWT token"""
+    response = test_client.get(f"/users/{test_admin.id}")
+    assert response.status_code == 401, "Anonymous should cannot get user data without login"
+
+    admin_headers = login_test_user(test_admin.id)
+    response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers)
+    assert response.status_code == 200
+    data = response.get_json()
+    assert data["username"] == "adminuser"
+
+    headers = login_test_user(test_user.id)
+    response = test_client.get(f"/users/{test_user.id}", headers=headers)
+    assert response.status_code == 200, "Common user should can get own user data"
+    response = test_client.get(f"/users/{test_admin.id}", headers=headers)
+    assert response.status_code == 403, "Common user should cannot get other user data"
+    response = test_client.get(f"/users/{test_user.id}", headers=admin_headers)
+    assert response.status_code == 200, "Admin should can access all user data"
+
+def test_user_logout(test_client, test_user):
+    """Test if logout works and JWT token is revoked"""
+    headers = login_test_user(test_user.id)
+    response = test_client.get(f"/logout", headers=headers)
+    assert response.status_code == 200, "Logged user should can logout"
+    response = test_client.get(f"/logout", headers=headers)
+    assert response.status_code == 401, "Token should be revoked after logout"

api/utils.py

@@ -0,0 +1,59 @@
+from flask import abort
+from flask_jwt_extended import get_jwt_identity
+from models import User, db
+import os
+from sqlalchemy import text
+from sqlalchemy.exc import DatabaseError, InterfaceError
+import time
+from werkzeug.security import generate_password_hash
+
+db_ready = False
+
+def admin_required(user_id, message='Access denied.'):
+    "Check if common user try to make administrative action."
+    user = db.session.get(User, user_id)
+    if user is None or user.role != "Administrator":
+        abort(403, message)
+
+
+def validate_access(owner_id, message='Access denied.'):
+    "Check if user try to access or edit resource that does not belong to them."
+    logged_user_id = int(get_jwt_identity())
+    logged_user_role = db.session.get(User, logged_user_id).role
+    if logged_user_role != "Administrator" and logged_user_id != owner_id:
+        abort(403, message)
+
+
+def get_user_or_404(user_id):
+    "Get user from database or abort 404"
+    user = db.session.get(User, user_id)
+    if user is None:
+        abort(404, "User not found")
+    return user
+
+
+def wait_for_db(max_retries):
+    "Try to connect with database <max_retries> times."
+    global db_ready
+    for _ in range(max_retries):
+        try:
+            with db.engine.connect() as connection:
+                connection.execute(text("SELECT 1"))
+            db_ready = True
+            return
+        except DatabaseError | InterfaceError:
+            time.sleep(3)
+    raise Exception("Failed to connect to database.")
+
+
+def init_db():
+    """Create default admin account if database is empty"""
+    with db.session.begin():
+        if not User.query.first():  # Check if user table is empty
+            admin_username = os.getenv("ADMIN_USERNAME", "admin")
+            admin_email = os.getenv("ADMIN_EMAIL", "admin@example.pl")
+            admin_password = os.getenv("ADMIN_PASSWORD", "admin")
+            hashed_password = generate_password_hash(admin_password)
+            admin = User(username=admin_username, email=admin_email, password=hashed_password, role='Administrator')
+            db.session.add(admin)
+            db.session.commit()

api/views.py

@@ -1,13 +1,15 @@
 from flask import Blueprint, jsonify, request, abort
-from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required, verify_jwt_in_request, get_jwt_identity, unset_jwt_cookies
-from models import User, db
+from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required, \
+verify_jwt_in_request, get_jwt_identity, unset_jwt_cookies, get_jwt
+from models import db, RevokedToken, User
 import os
+from utils import admin_required, validate_access, get_user_or_404
 from werkzeug.security import check_password_hash, generate_password_hash
 
 user_bp = Blueprint('user_bp', __name__)
 
 # ============================================================
-# 🚀 1. API ENDPOINTS (ROUTES)
+# API ENDPOINTS (ROUTES)
 # ============================================================
 
 @user_bp.route('/users', methods=['GET'])
@@ -22,7 +24,7 @@ def get_all_users():
 @jwt_required()
 def get_user(user_id):
     validate_access(user_id) # check if user tries to read other user account details
-    user = User.query.get_or_404(user_id)
+    user = get_user_or_404(user_id)
     return jsonify(user.to_dict())
 
 
@@ -54,10 +56,10 @@ def edit_user(user_id):
     # PUT requires all values
     if request.method == 'PUT':
         if request_fields != editable_fields:
-            return jsonify({'error': 'Invalid request data structure.'}), 400
+            abort(400, "Invalid request data structure.")
 
-    user_to_update = User.query.get_or_404(user_id)
-    for field_name in request_fields:
+    user_to_update = get_user_or_404(user_id)
+    for field_name in editable_fields:
         requested_value = request_data.get(field_name)
         if requested_value is None:
             continue
@@ -72,7 +74,7 @@ def edit_user(user_id):
 @jwt_required()
 def remove_user(user_id):
     validate_access(user_id) # Only admin can remove other users accounts
-    user_to_delete = User.query.get_or_404(user_id)
+    user_to_delete = get_user_or_404(user_id)
     db.session.delete(user_to_delete)
     db.session.commit()
     return jsonify({"msg": "User removed successfully."})
@@ -88,60 +90,31 @@ def user_login():
     if user_from_db is not None:
         password_hash = user_from_db.password
     else:
-        return jsonify({"msg": "User failed login"}), 401
+        abort(401, "User failed login")
     
     if password_hash and check_password_hash(password_hash, password):
         access_token = create_access_token(identity=str(user_from_db.id))
-        response = jsonify({"msg": "User logged in successfully."})
+        response = jsonify({"msg": "User logged in successfully.", "user_id": user_from_db.id})
         set_access_cookies(response, access_token)
         return response
     else:
-        return jsonify({"msg": "User failed login."}), 401
+        abort(401, "User failed login")
 
 
 @user_bp.route('/logout', methods=['GET'])
 @jwt_required()
 def user_logout():
+    jti = get_jwt()["jti"]
+    revoked_token = RevokedToken(jti=jti)
+    db.session.add(revoked_token)
+    db.session.commit()
     response = jsonify({"msg": "User logged out successfully."})
     unset_jwt_cookies(response)
     return response
 
-
-# ============================================================
-# 🔧 2. UTILITIES
-# ============================================================
-
-def admin_required(user_id, message='Access denied.'):
-    user = User.query.get(user_id)
-    if user is None or user.role != "Administrator":
-        abort(403, {'error': message})
-
-
-def validate_access(owner_id, message='Access denied.'):
-    # Check if user try to access or edit resource that does not belong to them 
-    logged_user_id = int(get_jwt_identity())
-    logged_user_role = User.query.get(logged_user_id).role
-    if logged_user_role != "Administrator" and logged_user_id != owner_id:
-        abort(403, {'error': message})
-
-
-def init_db():
-    """Create default admin account if database is empty"""
-    with db.session.begin():
-        if not User.query.first():  # Check if user table is empty
-            admin_password = os.getenv("TODOLIST_ADMIN_PASSWORD", "admin")
-            hashed_password = generate_password_hash(admin_password)
-            admin = User(username='admin', email='admin@example.pl', password=hashed_password, role='Administrator')
-            db.session.add(admin)
-            db.session.commit()
-
-
-# ============================================================
-# ❌ 3. ERROR HANDLERS
-# ============================================================
-
-@user_bp.errorhandler(403)
-def forbidden_error(error):
-    response = jsonify(error.description)
-    response.status_code = 403
-    return response
+@user_bp.route('/version', methods=['GET'])
+def version():
+    return jsonify({
+        "version": os.getenv("APP_VERSION", "unknown"),
+        "build_time": os.getenv("BUILD_DATE", "unknown")
+    })

deployment_timer.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# === KONFIGURACJA ===
+APP_URL="https://user-microservice.marcin00.pl/version"
+MARKER_FILE="version_marker.txt"
+OUTPUT_FILE="deployment_times.csv"
+CHECK_INTERVAL=1  # sekundy
+
+# === POBRANIE AKTUALNEJ WERSJI APLIKACJI ===
+echo "[INFO] Pobieranie aktualnej wersji z /version..."
+OLD_VERSION=$(curl -s "$APP_URL" | jq -r '.version')
+
+if [[ -z "$OLD_VERSION" ]]; then
+  echo "[ERROR] Nie udało się pobrać aktualnej wersji aplikacji."
+  exit 1
+fi
+
+echo "[INFO] Aktualna wersja: $OLD_VERSION"
+
+# === Modyfikacja pliku, commit i push ===
+TIMESTAMP=$(date +%s)
+echo "$TIMESTAMP" > "$MARKER_FILE"
+
+git add "$MARKER_FILE"
+git commit -m "Automatyczna zmiana: $TIMESTAMP"
+START_TIME=$(date +%s)
+
+echo "[INFO] Wykonuję git push..."
+git push
+
+if [[ $? -ne 0 ]]; then
+  echo "[ERROR] Push nie powiódł się."
+  exit 1
+fi
+
+echo "[INFO] Oczekiwanie na wdrożenie nowej wersji..."
+
+# === Odpytywanie endpointa /version ===
+WAITED=0
+echo "[WAIT] Oczekiwanie na nową wersję..."
+
+while true; do
+  sleep $CHECK_INTERVAL
+  WAITED=$((WAITED + CHECK_INTERVAL))
+
+  NEW_VERSION=$(curl -s "$APP_URL" | jq -r '.version')
+
+  if [[ "$NEW_VERSION" != "$OLD_VERSION" ]]; then
+    END_TIME=$(date +%s)
+    DURATION=$((END_TIME - START_TIME))
+
+    # Nadpisujemy linię z licznikiem
+    printf "\r[INFO] Nowa wersja wdrożona po %ds: %s\n" "$WAITED" "$NEW_VERSION"
+    echo "[INFO] Czas wdrożenia: $DURATION sekund"
+
+    echo "$START_TIME,$END_TIME,$DURATION,$OLD_VERSION,$NEW_VERSION" >> "$OUTPUT_FILE"
+    break
+  else
+    # Nadpisujemy TYLKO linię z licznikiem
+    printf "\r[WAIT] Czekam... %ds" "$WAITED"
+  fi
+done
+
+# Żeby kursor przeszedł do nowej linii po zakończeniu
+echo ""

docker-compose.yml

@@ -2,16 +2,29 @@ services:
   api:
     container_name: todo-api
     hostname: todo-api
+    depends_on:
+      - db
     build: .
     env_file:
       - api/.env
     ports:
-      - "5000:5000"
-    #volumes:
-      #- ./api/test.db:/app/test.db
+      - 80:80
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 15s
   db:
     container_name: db
     hostname: db
     image: mysql:latest
     env_file:
       - db/.env
+    ports:
+      - 3306:3306
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 5s
+      retries: 5

frontend/.gitignore

@@ -1,24 +0,0 @@
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-pnpm-debug.log*
-lerna-debug.log*
-
-node_modules
-dist
-dist-ssr
-*.local
-
-# Editor directories and files
-.vscode/*
-!.vscode/extensions.json
-.idea
-.DS_Store
-*.suo
-*.ntvs*
-*.njsproj
-*.sln
-*.sw?

frontend/README.md

@@ -1,12 +0,0 @@
-# React + Vite
-
-This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
-
-Currently, two official plugins are available:
-
-- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/README.md) uses [Babel](https://babeljs.io/) for Fast Refresh
-- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
-
-## Expanding the ESLint configuration
-
-If you are developing a production application, we recommend using TypeScript and enable type-aware lint rules. Check out the [TS template](https://github.com/vitejs/vite/tree/main/packages/create-vite/template-react-ts) to integrate TypeScript and [`typescript-eslint`](https://typescript-eslint.io) in your project.

frontend/eslint.config.js

@@ -1,33 +0,0 @@
-import js from '@eslint/js'
-import globals from 'globals'
-import reactHooks from 'eslint-plugin-react-hooks'
-import reactRefresh from 'eslint-plugin-react-refresh'
-
-export default [
-  { ignores: ['dist'] },
-  {
-    files: ['**/*.{js,jsx}'],
-    languageOptions: {
-      ecmaVersion: 2020,
-      globals: globals.browser,
-      parserOptions: {
-        ecmaVersion: 'latest',
-        ecmaFeatures: { jsx: true },
-        sourceType: 'module',
-      },
-    },
-    plugins: {
-      'react-hooks': reactHooks,
-      'react-refresh': reactRefresh,
-    },
-    rules: {
-      ...js.configs.recommended.rules,
-      ...reactHooks.configs.recommended.rules,
-      'no-unused-vars': ['error', { varsIgnorePattern: '^[A-Z_]' }],
-      'react-refresh/only-export-components': [
-        'warn',
-        { allowConstantExport: true },
-      ],
-    },
-  },
-]

frontend/index.html

@@ -1,13 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Vite + React</title>
-  </head>
-  <body>
-    <div id="root"></div>
-    <script type="module" src="/src/main.jsx"></script>
-  </body>
-</html>

frontend/package.json

@@ -1,27 +0,0 @@
-{
-  "name": "frontend",
-  "private": true,
-  "version": "0.0.0",
-  "type": "module",
-  "scripts": {
-    "dev": "vite",
-    "build": "vite build",
-    "lint": "eslint .",
-    "preview": "vite preview"
-  },
-  "dependencies": {
-    "react": "^19.0.0",
-    "react-dom": "^19.0.0"
-  },
-  "devDependencies": {
-    "@eslint/js": "^9.21.0",
-    "@types/react": "^19.0.10",
-    "@types/react-dom": "^19.0.4",
-    "@vitejs/plugin-react": "^4.3.4",
-    "eslint": "^9.21.0",
-    "eslint-plugin-react-hooks": "^5.1.0",
-    "eslint-plugin-react-refresh": "^0.4.19",
-    "globals": "^15.15.0",
-    "vite": "^6.2.0"
-  }
-}

frontend/public/vite.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>

frontend/src/App.css

@@ -1,42 +0,0 @@
-#root {
-  max-width: 1280px;
-  margin: 0 auto;
-  padding: 2rem;
-  text-align: center;
-}
-
-.logo {
-  height: 6em;
-  padding: 1.5em;
-  will-change: filter;
-  transition: filter 300ms;
-}
-.logo:hover {
-  filter: drop-shadow(0 0 2em #646cffaa);
-}
-.logo.react:hover {
-  filter: drop-shadow(0 0 2em #61dafbaa);
-}
-
-@keyframes logo-spin {
-  from {
-    transform: rotate(0deg);
-  }
-  to {
-    transform: rotate(360deg);
-  }
-}
-
-@media (prefers-reduced-motion: no-preference) {
-  a:nth-of-type(2) .logo {
-    animation: logo-spin infinite 20s linear;
-  }
-}
-
-.card {
-  padding: 2em;
-}
-
-.read-the-docs {
-  color: #888;
-}

frontend/src/App.jsx

@@ -1,71 +0,0 @@
-import { useState, useEffect } from 'react';
-import axios from 'axios';
-
-function App() {
-    const [notes, setNotes] = useState([]);
-    const [newNote, setNewNote] = useState('');
-
-    // Pobieranie notatek z API
-    useEffect(() => {
-        axios.get('http://localhost:5000/tasks')
-            .then((response) => setNotes(response.data))
-            .catch((error) => console.error('Błąd podczas pobierania notatek:', error));
-    }, []);
-
-    // Dodawanie nowej notatki
-    const addNote = () => {
-        if (newNote.trim() !== '') {
-            axios.post('http://localhost:5000/tasks', { content: newNote })
-                .then((response) => {
-                    setNotes([...notes, response.data]);
-                    setNewNote('');
-                })
-                .catch((error) => console.error('Błąd podczas dodawania notatki:', error));
-        }
-    };
-
-    // Usuwanie notatki
-    const deleteNote = (id) => {
-        axios.delete(`http://localhost:5000/tasks/${id}`)
-            .then(() => setNotes(notes.filter((note) => note.id !== id)))
-            .catch((error) => console.error('Błąd podczas usuwania notatki:', error));
-    };
-
-    return (
-        <div className="min-h-screen bg-gray-100 p-6">
-            <div className="max-w-3xl mx-auto bg-white p-6 rounded-2xl shadow-lg">
-                <h1 className="text-2xl font-bold mb-4">📝 Moja lista notatek</h1>
-                <div className="mb-4">
-                    <input
-                        type="text"
-                        placeholder="Dodaj nową notatkę..."
-                        className="p-2 border rounded w-full"
-                        value={newNote}
-                        onChange={(e) => setNewNote(e.target.value)}
-                    />
-                    <button
-                        className="mt-2 bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600"
-                        onClick={addNote}
-                    >
-                        Dodaj notatkę
-                    </button>
-                </div>
-                <ul>
-                    {notes.map((note) => (
-                        <li key={note.id} className="flex justify-between items-center p-2 bg-gray-50 rounded mb-2">
-                            <span>{note.content}</span>
-                            <button
-                                className="bg-red-500 text-white px-2 py-1 rounded hover:bg-red-600"
-                                onClick={() => deleteNote(note.id)}
-                            >
-                                Usuń
-                            </button>
-                        </li>
-                    ))}
-                </ul>
-            </div>
-        </div>
-    );
-}
-
-export default App;

frontend/src/assets/react.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>

frontend/src/index.css

@@ -1,68 +0,0 @@
-:root {
-  font-family: system-ui, Avenir, Helvetica, Arial, sans-serif;
-  line-height: 1.5;
-  font-weight: 400;
-
-  color-scheme: light dark;
-  color: rgba(255, 255, 255, 0.87);
-  background-color: #242424;
-
-  font-synthesis: none;
-  text-rendering: optimizeLegibility;
-  -webkit-font-smoothing: antialiased;
-  -moz-osx-font-smoothing: grayscale;
-}
-
-a {
-  font-weight: 500;
-  color: #646cff;
-  text-decoration: inherit;
-}
-a:hover {
-  color: #535bf2;
-}
-
-body {
-  margin: 0;
-  display: flex;
-  place-items: center;
-  min-width: 320px;
-  min-height: 100vh;
-}
-
-h1 {
-  font-size: 3.2em;
-  line-height: 1.1;
-}
-
-button {
-  border-radius: 8px;
-  border: 1px solid transparent;
-  padding: 0.6em 1.2em;
-  font-size: 1em;
-  font-weight: 500;
-  font-family: inherit;
-  background-color: #1a1a1a;
-  cursor: pointer;
-  transition: border-color 0.25s;
-}
-button:hover {
-  border-color: #646cff;
-}
-button:focus,
-button:focus-visible {
-  outline: 4px auto -webkit-focus-ring-color;
-}
-
-@media (prefers-color-scheme: light) {
-  :root {
-    color: #213547;
-    background-color: #ffffff;
-  }
-  a:hover {
-    color: #747bff;
-  }
-  button {
-    background-color: #f9f9f9;
-  }
-}

frontend/src/main.jsx

@@ -1,10 +0,0 @@
-import { StrictMode } from 'react'
-import { createRoot } from 'react-dom/client'
-import './index.css'
-import App from './App.jsx'
-
-createRoot(document.getElementById('root')).render(
-  <StrictMode>
-    <App />
-  </StrictMode>,
-)

frontend/vite.config.js

@@ -1,7 +0,0 @@
-import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
-
-// https://vite.dev/config/
-export default defineConfig({
-  plugins: [react()],
-})

version_marker.txt

@@ -0,0 +1 @@
+1753736103