pgorecki
diff --git a/‎poetry.lock
+29-19 b/‎poetry.lock
+29-19
diff --git a/‎pyproject.toml
+2-1 b/‎pyproject.toml
+2-1
diff --git a/‎src/api/dependencies.py
+56-7 b/‎src/api/dependencies.py
+56-7
diff --git a/‎src/api/main.py
+11-2 b/‎src/api/main.py
+11-2
diff --git a/‎src/api/models/bidding.py
+6-1 b/‎src/api/models/bidding.py
+6-1
diff --git a/‎src/api/routers/bidding.py
+64-3 b/‎src/api/routers/bidding.py
+64-3
diff --git a/‎src/api/routers/diagnostics.py
+25 b/‎src/api/routers/diagnostics.py
+25
@@ -9,7 +9,7 @@ python = "^3.10.0"
 pytest = "^6.2.4"
 pydantic = "^1.8.2"
 black = "^21.5b1"
-fastapi = "^0.67.0"
+fastapi = "^0.95.2"
 uvicorn = "^0.14.0"
 starlette-context = "^0.3.3"
 SQLAlchemy = "^1.4.22"
@@ -27,6 +27,7 @@ pre-commit = "^2.20.0"
 click = "8.0.4"
 httpx = "^0.23.1"
 requests = "^2.28.1"
+bcrypt = "^4.0.1"
 
 [tool.poetry.dev-dependencies]
 poethepoet = "^0.10.0"
 
@@ -1,10 +1,59 @@
-from pydantic import BaseModel
+from collections.abc import Callable
 
-from seedwork.domain.value_objects import UUID
+from fastapi import Depends, HTTPException, Request
+from fastapi.security import OAuth2PasswordBearer
 
+from config.container import Container, inject
+from modules.iam.domain.entities import User
+from seedwork.application import Application
 
-class CurrentUser(BaseModel):
-    id: UUID
-    username = "fake_current_user"
-    email = "[email protected]"
-    is_admin = True
+from .shared import dependency
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+
+
+def allow_role(role: str):
+    def check(user: User):
+        if user.role != role:
+            raise HTTPException(status_code=403, detail="Forbidden")
+        return True
+
+    return check
+
+
+def allow_authenticated():
+    def check(user: User):
+        if not user.is_authenticated():
+            raise HTTPException(status_code=403, detail="Forbidden")
+        return True
+
+    return check
+
+
+def allow_anonymous():
+    return lambda user: True
+
+
+def create_app(check: callable) -> Callable[..., Application]:
+    @inject
+    async def create(
+        request: Request, app: Application = dependency(Container.application)
+    ):
+        try:
+            access_token = await oauth2_scheme(request=request)
+            current_user = app.iam_service.find_user_by_access_token(access_token)
+        except HTTPException as e:
+            current_user = User.Anonymous()
+
+        print("current user", current_user)
+        check(current_user)
+        app.current_user = current_user
+        return app
+
+    return create
+
+
+def get_current_active_user(
+    app: Application = Depends(create_app(allow_authenticated())),
+):
+    return app.current_user
@@ -5,7 +5,7 @@
 
 import api.routers.catalog
 from api.models.catalog import CurrentUser
-from api.routers import bidding, catalog, iam
+from api.routers import bidding, catalog, diagnostics, iam
 from config.api_config import ApiConfig
 from config.container import Container
 from seedwork.domain.exceptions import DomainException, EntityNotFoundException
@@ -18,12 +18,21 @@
 # dependency injection container
 container = Container()
 container.config.from_pydantic(ApiConfig())
-container.wire(modules=[api.routers.catalog, api.routers.bidding, api.routers.iam])
+container.wire(
+    modules=[
+        api.dependencies,
+        api.routers.catalog,
+        api.routers.bidding,
+        api.routers.iam,
+        api.routers.diagnostics,
+    ]
+)
 
 app = FastAPI(debug=container.config.DEBUG)
 app.include_router(catalog.router)
 app.include_router(bidding.router)
 app.include_router(iam.router)
+app.include_router(diagnostics.router)
 app.container = container
 
 logger.info("using db engine %s" % str(container.engine()))
 
@@ -11,8 +11,13 @@ class BidReadModel(BaseModel):
     bidder_username: str
 
 
-class BiddingReadModel(BaseModel):
+class BiddingResponse(BaseModel):
     listing_id: UUID
     auction_status: str = "active"  # active, ended
     auction_end_date: datetime
     bids: list[BidReadModel]
+
+
+class PlaceBidRequest(BaseModel):
+    bidder_id: UUID
+    amount: float
@@ -1,8 +1,9 @@
 from fastapi import APIRouter
 
-from api.models.bidding import BiddingReadModel
+from api.models.bidding import BiddingResponse, PlaceBidRequest
 from api.shared import dependency
 from config.container import Container, inject
+from modules.bidding.application.command import PlaceBidCommand, RetractBidCommand
 from modules.bidding.application.query.get_bidding_details import GetBiddingDetails
 from seedwork.application import Application
 
@@ -13,7 +14,7 @@
 """
 
 
-@router.get("/bidding/{listing_id}", tags=["bidding"], response_model=BiddingReadModel)
+@router.get("/bidding/{listing_id}", tags=["bidding"], response_model=BiddingResponse)
 @inject
 async def get_bidding_details_of_listing(
     listing_id,
@@ -25,7 +26,67 @@ async def get_bidding_details_of_listing(
     query = GetBiddingDetails(listing_id=listing_id)
     query_result = app.execute_query(query)
     payload = query_result.payload
-    return BiddingReadModel(
+    return BiddingResponse(
+        listing_id=str(payload.id),
+        auction_end_date=payload.ends_at,
+        bids=payload.bids,
+    )
+
+
+@router.post(
+    "/bidding/{listing_id}/place_bid", tags=["bidding"], response_model=BiddingResponse
+)
+@inject
+async def place_bid(
+    listing_id,
+    request_body: PlaceBidRequest,
+    app: Application = dependency(Container.application),
+):
+    """
+    Places a bid on a listing
+    """
+    # TODO: get bidder from current user
+
+    command = PlaceBidCommand(
+        listing_id=listing_id,
+        bidder_id=request_body.bidder_id,
+        amount=request_body.amount,
+    )
+    app.execute_command(command)
+
+    query = GetBiddingDetails(listing_id=listing_id)
+    query_result = app.execute_query(query)
+    payload = query_result.payload
+    return BiddingResponse(
+        listing_id=str(payload.id),
+        auction_end_date=payload.ends_at,
+        bids=payload.bids,
+    )
+
+
+@router.post(
+    "/bidding/{listing_id}/retract_bid",
+    tags=["bidding"],
+    response_model=BiddingResponse,
+)
+@inject
+async def retract_bid(
+    listing_id,
+    app: Application = dependency(Container.application),
+):
+    """
+    Retracts a bid from a listing
+    """
+    command = RetractBidCommand(
+        listing_id=listing_id,
+        bidder_id="",
+    )
+    app.execute_command(command)
+
+    query = GetBiddingDetails(listing_id=listing_id)
+    query_result = app.execute_query(query)
+    payload = query_result.payload
+    return BiddingResponse(
         listing_id=str(payload.id),
         auction_end_date=payload.ends_at,
         bids=payload.bids,
 
@@ -0,0 +1,25 @@
+from typing import Annotated
+
+from fastapi import APIRouter, Depends
+
+from api.dependencies import allow_anonymous, create_app
+from seedwork.application import Application
+
+router = APIRouter()
+
+
+from .iam import UserResponse
+
+app_for_anonymous = create_app(allow_anonymous())
+
+
+@router.get("/debug", tags=["diagnostics"])
+async def debug(app: Annotated[Application, Depends(app_for_anonymous)]):
+    return dict(
+        app_id=id(app),
+        user=UserResponse(
+            id=str(app.current_user.id), username=app.current_user.username
+        ),
+        name=app.name,
+        version=app.version,
+    )