diff --git a/src/edb/api/dependencies.py b/src/edb/api/dependencies.py index a6a290c..bc3a1f6 100644 --- a/src/edb/api/dependencies.py +++ b/src/edb/api/dependencies.py @@ -92,7 +92,12 @@ async def get_current_user( return payload -def require_permission(permission: Permission): +def require_permission( + permission: Permission, +) -> Callable[ + [AppState, dict[str, Any]], + Coroutine[Any, Any, dict[str, Any]], +]: """Create a dependency that checks for a specific permission.""" async def check( @@ -110,6 +115,6 @@ async def check( return check -def require_admin(): +def require_admin() -> Callable: """Dependency that requires admin role.""" return require_permission(Permission.ADMIN_USERS) diff --git a/src/edb/api/routes/auth.py b/src/edb/api/routes/auth.py index d6a083c..2e551c0 100644 --- a/src/edb/api/routes/auth.py +++ b/src/edb/api/routes/auth.py @@ -115,7 +115,7 @@ def change_password( body: dict[str, str], user: Annotated[dict[str, Any], Depends(get_current_user)], state: Annotated[AppState, Depends(get_app_state)], -): +) -> dict[str, str]: """Change the current user's password.""" result = state.user_manager.change_password( user["sub"], body["current_password"], body["new_password"] @@ -131,6 +131,6 @@ def change_password( @router.post("/logout") def logout( user: Annotated[dict[str, Any], Depends(get_current_user)], -): +) -> dict[str, str]: """Log out the current user (client should discard tokens).""" return {"message": "Logged out successfully"} diff --git a/src/edb/auth/jwt_handler.py b/src/edb/auth/jwt_handler.py index 66720b2..9ebe549 100644 --- a/src/edb/auth/jwt_handler.py +++ b/src/edb/auth/jwt_handler.py @@ -92,7 +92,7 @@ def create_token_pair( "access_token": self.create_access_token(user_id, username, role), "refresh_token": self.create_refresh_token(user_id), "token_type": "bearer", - "expires_in": self._access_expire * 60, + "expires_in": str(self._access_expire * 60), } @property diff --git a/src/edb/auth/token_blacklist.py b/src/edb/auth/token_blacklist.py index c297b65..7badab8 100644 --- a/src/edb/auth/token_blacklist.py +++ b/src/edb/auth/token_blacklist.py @@ -60,7 +60,7 @@ def revoke_all_for_user(self, user_id: str) -> int: (f"user_revoke_{user_id}_{now}", user_id, now), ) self._engine.commit() - return cursor.rowcount + return int(cursor.rowcount) def cleanup_expired(self) -> int: """Remove expired entries from the blacklist.""" @@ -70,4 +70,4 @@ def cleanup_expired(self) -> int: (now,), ) self._engine.commit() - return cursor.rowcount + return int(cursor.rowcount) diff --git a/src/edb/auth/users.py b/src/edb/auth/users.py index e5a2d6a..540a2f0 100644 --- a/src/edb/auth/users.py +++ b/src/edb/auth/users.py @@ -112,7 +112,7 @@ def update_role(self, user_id: str, role: Role) -> bool: (role.value, now, user_id), ) self._engine.commit() - return cursor.rowcount > 0 + return bool(cursor.rowcount > 0) def deactivate_user(self, user_id: str) -> bool: """Deactivate a user account.""" @@ -122,7 +122,7 @@ def deactivate_user(self, user_id: str) -> bool: (now, user_id), ) self._engine.commit() - return cursor.rowcount > 0 + return bool(cursor.rowcount > 0) def ensure_admin_exists(self) -> None: """Create a default admin user if no admins exist.""" @@ -150,7 +150,7 @@ def change_password(self, user_id: str, current_password: str, new_password: str (new_hash, now, user_id), ) self._engine.commit() - return cursor.rowcount > 0 + return bool(cursor.rowcount > 0) def _hash_password(self, password: str) -> str: salt = bcrypt.gensalt() diff --git a/src/edb/security/input_validation.py b/src/edb/security/input_validation.py index 2f99836..43a0f42 100644 --- a/src/edb/security/input_validation.py +++ b/src/edb/security/input_validation.py @@ -114,7 +114,7 @@ def validate_query_input(self, query_dict: dict[str, Any]) -> list[str]: Returns a list of warning messages (empty if clean). """ - warnings = [] + warnings: list[str] = [] self._check_dict_recursive(query_dict, warnings, "query") return warnings