Skip to content

refactor: extract authentication orchestration to service layer #115

Closed
#118
Closed
refactor: extract authentication orchestration to service layer#115
#118
Labels
Backend-enhancedbackend enhancement
@Besthope-Official

Description

@Besthope-Official
Besthope-Official
opened on Feb 2, 2026

Use Case

Auth handlers contain business orchestration logic (transaction script pattern). Handlers should delegate to service layer, not orchestrate multiple services directly.

Proposed Solution

Create AuthenticationService to encapsulate login/logout/refresh workflows:

# Before (src/api/auth.py:62-86)
@router.post("/jwt/login")
async def login(...):
    user = await user_manager.authenticate(credentials)
    if not user or not user.is_active:
        await audit_service.log(...)
        raise BusinessException(...)
    access_token = await strategy.write_token(user)
    refresh_token = await refresh_manager.create_refresh_token(...)
    await audit_service.log(...)
    return TokenResponse(...)

# After
@router.post("/jwt/login")
async def login(...):
    return await auth_service.login(credentials, request)

Service handles orchestration:

class AuthenticationService:
    async def login(self, credentials, request) -> TokenResponse:
        # Move orchestration logic here

Alternatives Considered

Keep in handlers - rejected because business logic should not reside in presentation layer.

Implementation Notes

  • Affected file: src/api/auth.py:51-171 (login, refresh, logout endpoints)
  • Create new: src/auth/service.py with AuthenticationService
  • Handlers become thin wrappers
  • Service manages transaction boundaries and audit logging

Metadata

Metadata

Assignees

No one assigned

    Labels

    Backend-enhancedbackend enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions