fix: pycache, init added to gitignore

Author: ayushkrtiwari

.gitignore

@@ -1,7 +1,10 @@
 node_modules
 .vscode
 .coverage
-__pycache__/
+*__pycache__/
+*/__pycache__/*
+*/__init__.cpython-312.pyc
+*__init__*
 *.py[cod]
 *$py.class
 src/quant_research_starter.egg-info/PKG-INFO
@@ -16,14 +19,14 @@ dist/
 *.egg
 pip-wheel-metadata/
 output/
-
-__pycache__/
 *.py[cod]
 *.pyo
 *.pyd
 *.log
 .vscode/
 .idea/
-\.venv\
-.venv\
-\.venv
+\.venv
+.env
+.env.local
+*.env
+*.env.local

pytest.ini

@@ -0,0 +1,3 @@
+[pytest]
+pythonpath = src
+addopts = -q

requirements-dev.txt

@@ -0,0 +1,18 @@
+# Developer and test dependencies for running the test suite locally
+# Install with: pip install -r requirements-dev.txt
+
+# testing and async test helpers
+pytest
+pytest-asyncio
+httpx
+
+# optional/runtime packages used by the API and tasks
+python-jose[cryptography]
+passlib[bcrypt]
+asyncpg
+celery
+redis
+alembic
+
+# DB / ORM
+SQLAlchemy>=1.4

src/quant_research_starter/__init__.py

@@ -4,7 +4,7 @@
 
 import os
 from datetime import datetime, timedelta
-from typing import Optional
+from typing import Annotated, Optional
 
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
@@ -13,12 +13,14 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from . import db, models
+from . import supabase
+import secrets
 
 SECRET_KEY = os.getenv("JWT_SECRET", "dev-secret-change-me")
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = int(os.getenv("JWT_EXPIRE_MINUTES", "60"))
 
-pwd_ctx = CryptContext(schemes=["bcrypt"], deprecated="auto")
+pwd_ctx = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/token")
 
 
@@ -41,20 +43,48 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -
 
 
 async def get_current_user(
-    token: str = Depends(oauth2_scheme), session: AsyncSession = Depends(db.get_session)
+    token: Annotated[str, Depends(oauth2_scheme)],
+    session: Annotated[AsyncSession, Depends(db.get_session)],
 ):
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
         detail="Could not validate credentials",
         headers={"WWW-Authenticate": "Bearer"},
     )
+    # If Supabase is configured, prefer verifying tokens via Supabase
+    if supabase.is_enabled():
+        user_info = supabase.get_user_from_token(token)
+        if not user_info:
+            raise credentials_exception
+        # Map/ensure a local user exists for this supabase user (by email)
+        email = user_info.get("email")
+        if not email:
+            raise credentials_exception
+
+        q = await session.execute(
+            models.User.__table__.select().where(models.User.username == email)
+        )
+        row = q.first()
+        if row:
+            return row[0]
+
+        # Create a local user mapping (no password — managed by Supabase)
+        random_pw = secrets.token_urlsafe(32)
+        hashed = pwd_ctx.hash(random_pw)
+        user = models.User(username=email, hashed_password=hashed)
+        session.add(user)
+        await session.commit()
+        await session.refresh(user)
+        return user
+
+    # Local JWT flow
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
         username: str = payload.get("sub")
         if username is None:
             raise credentials_exception
     except JWTError:
-        raise credentials_exception
+        raise credentials_exception from None
 
     q = await session.execute(
         models.User.__table__.select().where(models.User.username == username)
@@ -66,7 +96,7 @@ async def get_current_user(
     return user
 
 
-async def require_active_user(current_user=Depends(get_current_user)):
+async def require_active_user(current_user: Annotated[models.User, Depends(get_current_user)]):
     if not current_user.is_active:
         raise HTTPException(status_code=400, detail="Inactive user")
     return current_user