Implement user authentication and permissions

app/schemas/auth_token.py

@@ -0,0 +1,21 @@
+from dataclasses import dataclass
+from datetime import datetime
+from pydantic import BaseModel
+
+from app.schemas.user import Role
+
+
+@dataclass
+class AccessToken:
+    subject: str
+    role: Role
+    session: str
+
+class TokenRefreshRequest(BaseModel):
+    refresh_token: str
+
+
+class TokenResponse(BaseModel):
+    access_token: str
+    refresh_token: str
+    not_after: datetime

app/schemas/session.py

@@ -0,0 +1,11 @@
+from datetime import datetime
+from uuid import UUID
+from pydantic import BaseModel
+
+
+class Session(BaseModel):
+    id: UUID
+    name: str
+    last_used: datetime
+
+    model_config = {"from_attributes": True}

app/schemas/user.py

@@ -1,20 +1,39 @@
+import enum
 from typing import Optional
 from uuid import UUID
-from pydantic import BaseModel
+from pydantic import BaseModel, EmailStr, Field
+
+class Role(enum.StrEnum):
+    MEMBER = "member"
+    ADMINISTRATOR = "administrator"
 
 class UserBase(BaseModel):
+    email: EmailStr = Field(max_length=60)
     friendly_name: str
     is_active: bool
 
 class UserUpdate(BaseModel):
+    email: Optional[str] = None
     friendly_name: Optional[str] = None
+
+class AdministrativeUserUpdate(UserUpdate):
     is_active: Optional[bool] = None
 
 class UserCreate(UserBase):
+    password: str = Field(max_length=100)
     pass
 
 class User(UserBase):
     id: UUID
+    role: Role
 
     class Config:
-        from_attributes = True
+        from_attributes = True
+
+class PasswordUpdate(BaseModel):
+    old_password: str = Field(max_length=100)
+    new_password: str = Field(max_length=100)
+
+class LoginRequest(BaseModel):
+    email: EmailStr = Field(max_length=60)
+    password: str = Field(max_length=100)