feat:新規サークル作成エンドポイント #3
Conversation
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 18 comments.
Comments suppressed due to low confidence (4)
backend/app/services/circle.py:2
- Import of 'UUID' is not used.
from uuid import UUID
backend/app/core/security.py:2
- Import of 'asyncio' is not used.
import asyncio
backend/app/core/security.py:3
- Import of 'json' is not used.
import json
backend/app/core/security.py:4
- Import of 'lru_cache' is not used.
from functools import lru_cache
| try: | ||
| user_info = await get_current_user(authorization) | ||
| except HTTPException as e: | ||
| raise e |
There was a problem hiding this comment.
The try-except block that re-raises the same HTTPException is redundant. The exception will automatically propagate without this wrapper. Consider removing this unnecessary error handling or adding meaningful additional handling if needed.
| try: | |
| user_info = await get_current_user(authorization) | |
| except HTTPException as e: | |
| raise e | |
| user_info = await get_current_user(authorization) |
| is_published=False, | ||
| ) | ||
| session.add(new_circle) | ||
| await session.flush() # ID を生成するため flush (commit ではなく) |
There was a problem hiding this comment.
The comment "ID を生成するため flush (commit ではなく)" is helpful, but consider expanding it to explain why flush is preferred over commit here (e.g., "トランザクション全体をコミットせずに ID を生成するため flush を使用").
| await session.flush() # ID を生成するため flush (commit ではなく) | |
| await session.flush() # トランザクション全体をコミットせずに ID を生成するため flush を使用(この後に他の操作もまとめてコミットするため) |
| @@ -1,9 +1,12 @@ | |||
| """Circle service layer.""" | |||
| from uuid import UUID | |||
There was a problem hiding this comment.
The UUID import from the uuid module is not used in this file. The UUID type is used from type hints but is imported from elsewhere. This unused import should be removed.
| from uuid import UUID |
|
|
||
| # テスト用データベースURL (環境変数で上書き可能) | ||
| import os | ||
| # .env ファイルを読み込む(プロジェクトルートから探す) |
There was a problem hiding this comment.
The .env file loading logic looks for the file in the backend directory. However, the root-level .env.example file (which was added in this PR) suggests there's also a project root .env file. Consider documenting which .env file takes precedence, or consolidating the configuration to avoid confusion about which environment file should be used for tests.
| # .env ファイルを読み込む(プロジェクトルートから探す) | |
| # .env ファイルの読み込みについて | |
| # このテスト設定では、プロジェクトルート(backend ディレクトリの1つ上)の .env ファイルを読み込みます。 | |
| # バックエンド本体の .env 読み込みロジックが backend ディレクトリ内の .env を参照している場合、 | |
| # テストと本番で異なる .env ファイルが使われる可能性があります。 | |
| # どちらの .env ファイルが優先されるか、または .env ファイルの場所を統一することを推奨します。 |
| KC_DB: postgres | ||
| KC_DB_URL: jdbc:postgresql://postgres:5432/circleportal | ||
| KC_DB_USERNAME: circleportal | ||
| KC_DB_PASSWORD: circleportal |
There was a problem hiding this comment.
The Keycloak admin credentials (admin/admin) are hardcoded in the docker-compose file. While this is acceptable for development, consider adding a comment warning that these credentials should never be used in production and should be changed immediately after initial setup, even in development environments with external access.
| KC_DB_PASSWORD: circleportal | |
| KC_DB_PASSWORD: circleportal | |
| # 注意: 以下の管理者アカウント(admin/admin)は開発用途の初期値です。 | |
| # 本番環境では絶対に使用しないでください。 | |
| # また、外部からアクセス可能な開発環境の場合は、初期セットアップ後すぐに変更してください。 |
|
|
||
| このテストは、実際の Keycloak から取得したトークンを使用してエンドポイントの認可を検証します。 | ||
|
|
||
| ### 7. 開発サーバーの起動 |
There was a problem hiding this comment.
Following the correction of section numbering, this section should be renumbered from 7 to 8 to maintain proper sequential ordering.
| ### 7. 開発サーバーの起動 | |
| ### 8. 開発サーバーの起動 |
| class Config: | ||
| """Pydantic config.""" | ||
|
|
||
| json_schema_extra = { | ||
| "example": { | ||
| "name": "LinuxClub", | ||
| "campus_id": 1, | ||
| "category": "culture", | ||
| "leader_email": "[email protected]", | ||
| } | ||
| } |
There was a problem hiding this comment.
The Pydantic Config class using json_schema_extra is the older Pydantic v2 style. While this still works, consider using model_config = ConfigDict(...) with the newer Pydantic v2 syntax for consistency with modern best practices. The same applies to other Config classes in this file.
| import asyncio | ||
| import json |
There was a problem hiding this comment.
The asyncio and json imports are not used anywhere in this file. These unused imports should be removed.
| import asyncio | |
| import json |
| token, | ||
| public_key, | ||
| algorithms=["RS256"], | ||
| options={"verify_aud": False}, # audience 検証はスキップ (オプション) |
There was a problem hiding this comment.
The JWT verification has disabled audience verification with verify_aud: False. While this is marked as optional with a comment, skipping audience verification can be a security risk if the token is intended for a different service. Consider enabling audience verification and validating against the expected client_id, or document why this is intentionally disabled for your use case.
| options={"verify_aud": False}, # audience 検証はスキップ (オプション) | |
| audience=settings.keycloak_client_id, # audience 検証を有効化 |
| import httpx | ||
| from fastapi import HTTPException, status | ||
| from jose import JWTError, jwt, jwk | ||
| from jose.exceptions import JWTClaimsError |
There was a problem hiding this comment.
Import of 'JWTClaimsError' is not used.
| from jose.exceptions import JWTClaimsError |
やったこと\n- サービス作成を行うロジックの追加\n- 認証認可を使用した作成できるユーザの絞込