- Fix SQLAlchemy session leak causing connection pool exhaustion
- ID: session-leak
- Details:
/api/usersendpoint opens a session but doesn't close it on validation errors. Usetry/finallyor the@contextmanagerpattern inget_db(). - Files:
src/db/session.py,src/api/users.py - Acceptance:
pytest -k test_connection_poolpasses, no leaked sessions under load
-
Add JWT refresh token rotation
- Tags: auth
- Details: Current refresh tokens are static. Implement one-time-use rotation: issue new refresh token on each use, revoke the old one. Store token families in Redis for replay detection.
- Files:
src/auth/tokens.py,src/auth/routes.py - Blocked by: session-leak
-
Add Pydantic v2 model validation to all endpoints
- Tags: backend
- Details: Replace manual
dict.get()validation with Pydantic models. Usemodel_validatorfor cross-field checks. Addexamplesto schema for OpenAPI. - Files:
src/models/,src/api/ - Acceptance:
mypy --strict src/passes,ruff check src/clean
- Add structured logging with structlog
- Details: Replace
print()andlogging.info()with structlog processors. Include request_id, user_id, and duration in all log entries.
- Details: Replace
- Set up Alembic migration for new
token_familiestable - Add
ruffpre-commit hook and fix all existing violations